diff --git a/provider/cmd/pulumi-resource-gcp/schema.json b/provider/cmd/pulumi-resource-gcp/schema.json index cef7357205..a40af5fada 100644 --- a/provider/cmd/pulumi-resource-gcp/schema.json +++ b/provider/cmd/pulumi-resource-gcp/schema.json @@ -104134,7 +104134,7 @@ } }, "gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding": { - "description": "Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder() \n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* accessPolicies/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAccess Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor accessPolicies/{{access_policy}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder() \n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder() \n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* accessPolicies/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAccess Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamBinding:AccessPolicyIamBinding editor accessPolicies/{{access_policy}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:accesscontextmanager/AccessPolicyIamBindingCondition:AccessPolicyIamBindingCondition" @@ -104147,11 +104147,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "role": { "type": "string", @@ -104173,11 +104174,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -104205,11 +104207,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -104222,7 +104225,7 @@ } }, "gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember": { - "description": "Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder() \n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* accessPolicies/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAccess Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember editor accessPolicies/{{access_policy}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder() \n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder() \n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* accessPolicies/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAccess Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamMember:AccessPolicyIamMember editor accessPolicies/{{access_policy}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:accesscontextmanager/AccessPolicyIamMemberCondition:AccessPolicyIamMemberCondition" @@ -104232,11 +104235,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "role": { "type": "string", @@ -104256,11 +104260,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -104286,11 +104291,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -104303,7 +104309,7 @@ } }, "gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder() \n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* accessPolicies/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAccess Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy editor accessPolicies/{{access_policy}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Access Context Manager (VPC Service Controls) AccessPolicy. Each of these resources serves a different use case:\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Authoritative. Sets the IAM policy for the accesspolicy and replaces any existing policy already attached.\n* `gcp.accesscontextmanager.AccessPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the accesspolicy are preserved.\n* `gcp.accesscontextmanager.AccessPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the accesspolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.accesscontextmanager.AccessPolicyIamPolicy`: Retrieves the IAM policy for the accesspolicy\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamPolicy` **cannot** be used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamBinding` and `gcp.accesscontextmanager.AccessPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.accesscontextmanager.AccessPolicyIamBinding` resources **can be** used in conjunction with `gcp.accesscontextmanager.AccessPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder() \n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\", {\n name: access_policy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.accesscontextmanager.AccessPolicyIamPolicy(\"policy\",\n name=access_policy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy(\"policy\", new()\n {\n Name = access_policy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/accesscontextmanager.policyAdmin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, \"policy\", \u0026accesscontextmanager.AccessPolicyIamPolicyArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AccessPolicyIamPolicy(\"policy\", AccessPolicyIamPolicyArgs.builder() \n .name(access_policy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:accesscontextmanager:AccessPolicyIamPolicy\n properties:\n name: ${[\"access-policy\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.accesscontextmanager.AccessPolicyIamBinding(\"binding\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding(\"binding\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, \"binding\", \u0026accesscontextmanager.AccessPolicyIamBindingArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AccessPolicyIamBinding(\"binding\", AccessPolicyIamBindingArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:accesscontextmanager:AccessPolicyIamBinding\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.accesscontextmanager.AccessPolicyIamMember(\"member\", {\n name: access_policy.name,\n role: \"roles/accesscontextmanager.policyAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.accesscontextmanager.AccessPolicyIamMember(\"member\",\n name=access_policy[\"name\"],\n role=\"roles/accesscontextmanager.policyAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.AccessContextManager.AccessPolicyIamMember(\"member\", new()\n {\n Name = access_policy.Name,\n Role = \"roles/accesscontextmanager.policyAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, \"member\", \u0026accesscontextmanager.AccessPolicyIamMemberArgs{\n\t\t\tName: pulumi.Any(access_policy.Name),\n\t\t\tRole: pulumi.String(\"roles/accesscontextmanager.policyAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember;\nimport com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AccessPolicyIamMember(\"member\", AccessPolicyIamMemberArgs.builder() \n .name(access_policy.name())\n .role(\"roles/accesscontextmanager.policyAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:accesscontextmanager:AccessPolicyIamMember\n properties:\n name: ${[\"access-policy\"].name}\n role: roles/accesscontextmanager.policyAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* accessPolicies/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAccess Context Manager (VPC Service Controls) accesspolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy editor \"accessPolicies/{{access_policy}} roles/accesscontextmanager.policyAdmin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:accesscontextmanager/accessPolicyIamPolicy:AccessPolicyIamPolicy editor accessPolicies/{{access_policy}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -104311,7 +104317,7 @@ }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "policyData": { "type": "string", @@ -104326,7 +104332,7 @@ "inputProperties": { "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "policyData": { @@ -104346,7 +104352,7 @@ }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "policyData": { @@ -107207,7 +107213,7 @@ } }, "gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding": { - "description": "Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n\n* {{project}}/{{api}}/{{api_config}}\n\n* {{api}}/{{api_config}}\n\n* {{api_config}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n\n* {{project}}/{{api}}/{{api_config}}\n\n* {{api}}/{{api_config}}\n\n* {{api_config}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamBinding:ApiConfigIamBinding editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "api": { "type": "string", @@ -107227,11 +107233,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -107264,11 +107271,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -107307,11 +107315,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -107324,7 +107333,7 @@ } }, "gcp:apigateway/apiConfigIamMember:ApiConfigIamMember": { - "description": "Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n\n* {{project}}/{{api}}/{{api_config}}\n\n* {{api}}/{{api_config}}\n\n* {{api_config}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n\n* {{project}}/{{api}}/{{api_config}}\n\n* {{api}}/{{api_config}}\n\n* {{api_config}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamMember:ApiConfigIamMember editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "api": { "type": "string", @@ -107341,11 +107350,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -107376,11 +107386,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -107417,11 +107428,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -107434,7 +107446,7 @@ } }, "gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy": { - "description": "Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n\n* {{project}}/{{api}}/{{api_config}}\n\n* {{api}}/{{api_config}}\n\n* {{api_config}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway ApiConfig. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Authoritative. Sets the IAM policy for the apiconfig and replaces any existing policy already attached.\n* `gcp.apigateway.ApiConfigIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the apiconfig are preserved.\n* `gcp.apigateway.ApiConfigIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the apiconfig are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiConfigIamPolicy`: Retrieves the IAM policy for the apiconfig\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiConfigIamBinding` and `gcp.apigateway.ApiConfigIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiConfigIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiConfigIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiConfigIamPolicy(\"policy\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiConfigIamPolicy(\"policy\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiConfigIamPolicy(\"policy\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiConfigIamPolicy(ctx, \"policy\", \u0026apigateway.ApiConfigIamPolicyArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiConfigIamPolicy(\"policy\", ApiConfigIamPolicyArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiConfigIamPolicy\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiConfigIamBinding(\"binding\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiConfigIamBinding(\"binding\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiConfigIamBinding(\"binding\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamBinding(ctx, \"binding\", \u0026apigateway.ApiConfigIamBindingArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBinding;\nimport com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiConfigIamBinding(\"binding\", ApiConfigIamBindingArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiConfigIamBinding\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_config\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiConfigIamMember(\"member\", {\n api: apiCfg.api,\n apiConfig: apiCfg.apiConfigId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiConfigIamMember(\"member\",\n api=api_cfg[\"api\"],\n api_config=api_cfg[\"apiConfigId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiConfigIamMember(\"member\", new()\n {\n Api = apiCfg.Api,\n ApiConfig = apiCfg.ApiConfigId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiConfigIamMember(ctx, \"member\", \u0026apigateway.ApiConfigIamMemberArgs{\n\t\t\tApi: pulumi.Any(apiCfg.Api),\n\t\t\tApiConfig: pulumi.Any(apiCfg.ApiConfigId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMember;\nimport com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiConfigIamMember(\"member\", ApiConfigIamMemberArgs.builder() \n .api(apiCfg.api())\n .apiConfig(apiCfg.apiConfigId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiConfigIamMember\n properties:\n api: ${apiCfg.api}\n apiConfig: ${apiCfg.apiConfigId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n\n* {{project}}/{{api}}/{{api_config}}\n\n* {{api}}/{{api_config}}\n\n* {{api_config}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway apiconfig IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiConfigIamPolicy:ApiConfigIamPolicy editor projects/{{project}}/locations/global/apis/{{api}}/configs/{{api_config}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "api": { "type": "string", @@ -107453,7 +107465,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -107479,7 +107491,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -107510,7 +107522,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -107518,7 +107530,7 @@ } }, "gcp:apigateway/apiIamBinding:ApiIamBinding": { - "description": "Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}\n\n* {{project}}/{{api}}\n\n* {{api}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway api IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamBinding:ApiIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamBinding:ApiIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamBinding:ApiIamBinding editor projects/{{project}}/locations/global/apis/{{api}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}\n\n* {{project}}/{{api}}\n\n* {{api}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway api IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamBinding:ApiIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamBinding:ApiIamBinding editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamBinding:ApiIamBinding editor projects/{{project}}/locations/global/apis/{{api}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "api": { "type": "string" @@ -107534,11 +107546,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -107565,11 +107578,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -107602,11 +107616,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -107619,7 +107634,7 @@ } }, "gcp:apigateway/apiIamMember:ApiIamMember": { - "description": "Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}\n\n* {{project}}/{{api}}\n\n* {{api}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway api IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamMember:ApiIamMember editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamMember:ApiIamMember editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamMember:ApiIamMember editor projects/{{project}}/locations/global/apis/{{api}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}\n\n* {{project}}/{{api}}\n\n* {{api}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway api IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamMember:ApiIamMember editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamMember:ApiIamMember editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamMember:ApiIamMember editor projects/{{project}}/locations/global/apis/{{api}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "api": { "type": "string" @@ -107632,11 +107647,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -107661,11 +107677,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -107696,11 +107713,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -107713,7 +107731,7 @@ } }, "gcp:apigateway/apiIamPolicy:ApiIamPolicy": { - "description": "Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}\n\n* {{project}}/{{api}}\n\n* {{api}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway api IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamPolicy:ApiIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamPolicy:ApiIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamPolicy:ApiIamPolicy editor projects/{{project}}/locations/global/apis/{{api}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway Api. Each of these resources serves a different use case:\n\n* `gcp.apigateway.ApiIamPolicy`: Authoritative. Sets the IAM policy for the api and replaces any existing policy already attached.\n* `gcp.apigateway.ApiIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the api are preserved.\n* `gcp.apigateway.ApiIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the api are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.ApiIamPolicy`: Retrieves the IAM policy for the api\n\n\u003e **Note:** `gcp.apigateway.ApiIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.ApiIamBinding` and `gcp.apigateway.ApiIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.ApiIamBinding` resources **can be** used in conjunction with `gcp.apigateway.ApiIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_api\\_gateway\\_api\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.ApiIamPolicy(\"policy\", {\n project: api.project,\n api: api.apiId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.ApiIamPolicy(\"policy\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.ApiIamPolicy(\"policy\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewApiIamPolicy(ctx, \"policy\", \u0026apigateway.ApiIamPolicyArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.ApiIamPolicy;\nimport com.pulumi.gcp.apigateway.ApiIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ApiIamPolicy(\"policy\", ApiIamPolicyArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:ApiIamPolicy\n properties:\n project: ${api.project}\n api: ${api.apiId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.ApiIamBinding(\"binding\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.ApiIamBinding(\"binding\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.ApiIamBinding(\"binding\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamBinding(ctx, \"binding\", \u0026apigateway.ApiIamBindingArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamBinding;\nimport com.pulumi.gcp.apigateway.ApiIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ApiIamBinding(\"binding\", ApiIamBindingArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:ApiIamBinding\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_api\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.ApiIamMember(\"member\", {\n project: api.project,\n api: api.apiId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.ApiIamMember(\"member\",\n project=api[\"project\"],\n api=api[\"apiId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.ApiIamMember(\"member\", new()\n {\n Project = api.Project,\n Api = api.ApiId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewApiIamMember(ctx, \"member\", \u0026apigateway.ApiIamMemberArgs{\n\t\t\tProject: pulumi.Any(api.Project),\n\t\t\tApi: pulumi.Any(api.ApiId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.ApiIamMember;\nimport com.pulumi.gcp.apigateway.ApiIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ApiIamMember(\"member\", ApiIamMemberArgs.builder() \n .project(api.project())\n .api(api.apiId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:ApiIamMember\n properties:\n project: ${api.project}\n api: ${api.apiId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/apis/{{api}}\n\n* {{project}}/{{api}}\n\n* {{api}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway api IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamPolicy:ApiIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamPolicy:ApiIamPolicy editor \"projects/{{project}}/locations/global/apis/{{api}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/apiIamPolicy:ApiIamPolicy editor projects/{{project}}/locations/global/apis/{{api}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "api": { "type": "string" @@ -107728,7 +107746,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -107748,7 +107766,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -107773,7 +107791,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -107944,7 +107962,7 @@ } }, "gcp:apigateway/gatewayIamBinding:GatewayIamBinding": { - "description": "Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n\n* {{project}}/{{region}}/{{gateway}}\n\n* {{region}}/{{gateway}}\n\n* {{gateway}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway gateway IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n\n* {{project}}/{{region}}/{{gateway}}\n\n* {{region}}/{{gateway}}\n\n* {{gateway}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway gateway IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamBinding:GatewayIamBinding editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:apigateway/GatewayIamBindingCondition:GatewayIamBindingCondition" @@ -107960,11 +107978,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -107996,11 +108015,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -108038,11 +108058,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -108060,7 +108081,7 @@ } }, "gcp:apigateway/gatewayIamMember:GatewayIamMember": { - "description": "Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n\n* {{project}}/{{region}}/{{gateway}}\n\n* {{region}}/{{gateway}}\n\n* {{gateway}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway gateway IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamMember:GatewayIamMember editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamMember:GatewayIamMember editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamMember:GatewayIamMember editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n\n* {{project}}/{{region}}/{{gateway}}\n\n* {{region}}/{{gateway}}\n\n* {{gateway}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway gateway IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamMember:GatewayIamMember editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamMember:GatewayIamMember editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamMember:GatewayIamMember editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:apigateway/GatewayIamMemberCondition:GatewayIamMemberCondition" @@ -108073,11 +108094,12 @@ "type": "string" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -108107,11 +108129,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -108147,11 +108170,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -108169,7 +108193,7 @@ } }, "gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy": { - "description": "Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n\n* {{project}}/{{region}}/{{gateway}}\n\n* {{region}}/{{gateway}}\n\n* {{gateway}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway gateway IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for API Gateway Gateway. Each of these resources serves a different use case:\n\n* `gcp.apigateway.GatewayIamPolicy`: Authoritative. Sets the IAM policy for the gateway and replaces any existing policy already attached.\n* `gcp.apigateway.GatewayIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the gateway are preserved.\n* `gcp.apigateway.GatewayIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the gateway are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigateway.GatewayIamPolicy`: Retrieves the IAM policy for the gateway\n\n\u003e **Note:** `gcp.apigateway.GatewayIamPolicy` **cannot** be used in conjunction with `gcp.apigateway.GatewayIamBinding` and `gcp.apigateway.GatewayIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigateway.GatewayIamBinding` resources **can be** used in conjunction with `gcp.apigateway.GatewayIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigateway.GatewayIamPolicy(\"policy\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigateway.GatewayIamPolicy(\"policy\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ApiGateway.GatewayIamPolicy(\"policy\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/apigateway.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigateway.NewGatewayIamPolicy(ctx, \"policy\", \u0026apigateway.GatewayIamPolicyArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicy;\nimport com.pulumi.gcp.apigateway.GatewayIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new GatewayIamPolicy(\"policy\", GatewayIamPolicyArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigateway:GatewayIamPolicy\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigateway.GatewayIamBinding(\"binding\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigateway.GatewayIamBinding(\"binding\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ApiGateway.GatewayIamBinding(\"binding\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamBinding(ctx, \"binding\", \u0026apigateway.GatewayIamBindingArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamBinding;\nimport com.pulumi.gcp.apigateway.GatewayIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new GatewayIamBinding(\"binding\", GatewayIamBindingArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigateway:GatewayIamBinding\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_api\\_gateway\\_gateway\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigateway.GatewayIamMember(\"member\", {\n project: apiGw.project,\n region: apiGw.region,\n gateway: apiGw.gatewayId,\n role: \"roles/apigateway.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigateway.GatewayIamMember(\"member\",\n project=api_gw[\"project\"],\n region=api_gw[\"region\"],\n gateway=api_gw[\"gatewayId\"],\n role=\"roles/apigateway.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ApiGateway.GatewayIamMember(\"member\", new()\n {\n Project = apiGw.Project,\n Region = apiGw.Region,\n Gateway = apiGw.GatewayId,\n Role = \"roles/apigateway.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigateway.NewGatewayIamMember(ctx, \"member\", \u0026apigateway.GatewayIamMemberArgs{\n\t\t\tProject: pulumi.Any(apiGw.Project),\n\t\t\tRegion: pulumi.Any(apiGw.Region),\n\t\t\tGateway: pulumi.Any(apiGw.GatewayId),\n\t\t\tRole: pulumi.String(\"roles/apigateway.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigateway.GatewayIamMember;\nimport com.pulumi.gcp.apigateway.GatewayIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new GatewayIamMember(\"member\", GatewayIamMemberArgs.builder() \n .project(apiGw.project())\n .region(apiGw.region())\n .gateway(apiGw.gatewayId())\n .role(\"roles/apigateway.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigateway:GatewayIamMember\n properties:\n project: ${apiGw.project}\n region: ${apiGw.region}\n gateway: ${apiGw.gatewayId}\n role: roles/apigateway.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n\n* {{project}}/{{region}}/{{gateway}}\n\n* {{region}}/{{gateway}}\n\n* {{gateway}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nAPI Gateway gateway IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy editor \"projects/{{project}}/locations/{{region}}/gateways/{{gateway}} roles/apigateway.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigateway/gatewayIamPolicy:GatewayIamPolicy editor projects/{{project}}/locations/{{region}}/gateways/{{gateway}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -108184,7 +108208,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -108209,7 +108233,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -108239,7 +108263,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -108836,14 +108860,14 @@ } }, "gcp:apigee/environmentIamBinding:EnvironmentIamBinding": { - "description": "Three different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_apigee\\_environment\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{org_id}}/environments/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nApigee environment IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamBinding:EnvironmentIamBinding editor \"{{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamBinding:EnvironmentIamBinding editor \"{{org_id}}/environments/{{environment}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamBinding:EnvironmentIamBinding editor {{org_id}}/environments/{{environment}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_apigee\\_environment\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_apigee\\_environment\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{org_id}}/environments/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nApigee environment IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamBinding:EnvironmentIamBinding editor \"{{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamBinding:EnvironmentIamBinding editor \"{{org_id}}/environments/{{environment}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamBinding:EnvironmentIamBinding editor {{org_id}}/environments/{{environment}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:apigee/EnvironmentIamBindingCondition:EnvironmentIamBindingCondition" }, "envId": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "etag": { "type": "string", @@ -108853,7 +108877,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "orgId": { "type": "string" @@ -108877,14 +108902,15 @@ }, "envId": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "orgId": { "type": "string", @@ -108911,7 +108937,7 @@ }, "envId": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "etag": { @@ -108922,7 +108948,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "orgId": { "type": "string", @@ -108938,21 +108965,22 @@ } }, "gcp:apigee/environmentIamMember:EnvironmentIamMember": { - "description": "Three different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_apigee\\_environment\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{org_id}}/environments/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nApigee environment IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamMember:EnvironmentIamMember editor \"{{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamMember:EnvironmentIamMember editor \"{{org_id}}/environments/{{environment}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamMember:EnvironmentIamMember editor {{org_id}}/environments/{{environment}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_apigee\\_environment\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_apigee\\_environment\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{org_id}}/environments/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nApigee environment IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamMember:EnvironmentIamMember editor \"{{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamMember:EnvironmentIamMember editor \"{{org_id}}/environments/{{environment}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamMember:EnvironmentIamMember editor {{org_id}}/environments/{{environment}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:apigee/EnvironmentIamMemberCondition:EnvironmentIamMemberCondition" }, "envId": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "etag": { "type": "string", "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "orgId": { "type": "string" @@ -108976,11 +109004,12 @@ }, "envId": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "orgId": { @@ -109008,7 +109037,7 @@ }, "envId": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "etag": { @@ -109017,6 +109046,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "orgId": { @@ -109033,11 +109063,11 @@ } }, "gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_apigee\\_environment\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{org_id}}/environments/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nApigee environment IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy editor \"{{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy editor \"{{org_id}}/environments/{{environment}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy editor {{org_id}}/environments/{{environment}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Apigee Environment. Each of these resources serves a different use case:\n\n* `gcp.apigee.EnvironmentIamPolicy`: Authoritative. Sets the IAM policy for the environment and replaces any existing policy already attached.\n* `gcp.apigee.EnvironmentIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the environment are preserved.\n* `gcp.apigee.EnvironmentIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the environment are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.apigee.EnvironmentIamPolicy`: Retrieves the IAM policy for the environment\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamPolicy` **cannot** be used in conjunction with `gcp.apigee.EnvironmentIamBinding` and `gcp.apigee.EnvironmentIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.apigee.EnvironmentIamBinding` resources **can be** used in conjunction with `gcp.apigee.EnvironmentIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_apigee\\_environment\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_apigee\\_environment\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.apigee.EnvironmentIamPolicy(\"policy\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.apigee.EnvironmentIamPolicy(\"policy\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Apigee.EnvironmentIamPolicy(\"policy\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = apigee.NewEnvironmentIamPolicy(ctx, \"policy\", \u0026apigee.EnvironmentIamPolicyArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicy;\nimport com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EnvironmentIamPolicy(\"policy\", EnvironmentIamPolicyArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:apigee:EnvironmentIamPolicy\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.apigee.EnvironmentIamBinding(\"binding\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.apigee.EnvironmentIamBinding(\"binding\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Apigee.EnvironmentIamBinding(\"binding\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamBinding(ctx, \"binding\", \u0026apigee.EnvironmentIamBindingArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamBinding;\nimport com.pulumi.gcp.apigee.EnvironmentIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EnvironmentIamBinding(\"binding\", EnvironmentIamBindingArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:apigee:EnvironmentIamBinding\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_apigee\\_environment\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.apigee.EnvironmentIamMember(\"member\", {\n orgId: apigeeEnvironment.orgId,\n envId: apigeeEnvironment.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.apigee.EnvironmentIamMember(\"member\",\n org_id=apigee_environment[\"orgId\"],\n env_id=apigee_environment[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Apigee.EnvironmentIamMember(\"member\", new()\n {\n OrgId = apigeeEnvironment.OrgId,\n EnvId = apigeeEnvironment.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := apigee.NewEnvironmentIamMember(ctx, \"member\", \u0026apigee.EnvironmentIamMemberArgs{\n\t\t\tOrgId: pulumi.Any(apigeeEnvironment.OrgId),\n\t\t\tEnvId: pulumi.Any(apigeeEnvironment.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.apigee.EnvironmentIamMember;\nimport com.pulumi.gcp.apigee.EnvironmentIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EnvironmentIamMember(\"member\", EnvironmentIamMemberArgs.builder() \n .orgId(apigeeEnvironment.orgId())\n .envId(apigeeEnvironment.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:apigee:EnvironmentIamMember\n properties:\n orgId: ${apigeeEnvironment.orgId}\n envId: ${apigeeEnvironment.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{org_id}}/environments/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nApigee environment IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy editor \"{{org_id}}/environments/{{environment}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy editor \"{{org_id}}/environments/{{environment}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:apigee/environmentIamPolicy:EnvironmentIamPolicy editor {{org_id}}/environments/{{environment}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "envId": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "etag": { "type": "string", @@ -109060,7 +109090,7 @@ "inputProperties": { "envId": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "orgId": { @@ -109082,7 +109112,7 @@ "properties": { "envId": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "etag": { @@ -112966,7 +112996,7 @@ } }, "gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding": { - "description": "Three different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n\n* {{project}}/{{location}}/{{repository}}\n\n* {{location}}/{{repository}}\n\n* {{repository}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nArtifact Registry repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding editor projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n\n* {{project}}/{{location}}/{{repository}}\n\n* {{location}}/{{repository}}\n\n* {{repository}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nArtifact Registry repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamBinding:RepositoryIamBinding editor projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:artifactregistry/RepositoryIamBindingCondition:RepositoryIamBindingCondition" @@ -112983,11 +113013,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "repository": { "type": "string", @@ -113020,11 +113051,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "repository": { @@ -113063,11 +113095,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "repository": { @@ -113085,7 +113118,7 @@ } }, "gcp:artifactregistry/repositoryIamMember:RepositoryIamMember": { - "description": "Three different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n\n* {{project}}/{{location}}/{{repository}}\n\n* {{location}}/{{repository}}\n\n* {{repository}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nArtifact Registry repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamMember:RepositoryIamMember editor projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n\n* {{project}}/{{location}}/{{repository}}\n\n* {{location}}/{{repository}}\n\n* {{repository}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nArtifact Registry repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamMember:RepositoryIamMember editor projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:artifactregistry/RepositoryIamMemberCondition:RepositoryIamMemberCondition" @@ -113099,11 +113132,12 @@ "description": "The name of the location this repository is located in.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "repository": { "type": "string", @@ -113134,11 +113168,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "repository": { @@ -113175,11 +113210,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "repository": { @@ -113197,7 +113233,7 @@ } }, "gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n\n* {{project}}/{{location}}/{{repository}}\n\n* {{location}}/{{repository}}\n\n* {{repository}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nArtifact Registry repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy editor projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Artifact Registry Repository. Each of these resources serves a different use case:\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Authoritative. Sets the IAM policy for the repository and replaces any existing policy already attached.\n* `gcp.artifactregistry.RepositoryIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the repository are preserved.\n* `gcp.artifactregistry.RepositoryIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the repository are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.artifactregistry.RepositoryIamPolicy`: Retrieves the IAM policy for the repository\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamPolicy` **cannot** be used in conjunction with `gcp.artifactregistry.RepositoryIamBinding` and `gcp.artifactregistry.RepositoryIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.artifactregistry.RepositoryIamBinding` resources **can be** used in conjunction with `gcp.artifactregistry.RepositoryIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.artifactregistry.RepositoryIamPolicy(\"policy\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.artifactregistry.RepositoryIamPolicy(\"policy\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy(\"policy\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/artifactregistry.reader\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = artifactregistry.NewRepositoryIamPolicy(ctx, \"policy\", \u0026artifactregistry.RepositoryIamPolicyArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicy;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RepositoryIamPolicy(\"policy\", RepositoryIamPolicyArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:artifactregistry:RepositoryIamPolicy\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.artifactregistry.RepositoryIamBinding(\"binding\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.artifactregistry.RepositoryIamBinding(\"binding\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding(\"binding\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamBinding(ctx, \"binding\", \u0026artifactregistry.RepositoryIamBindingArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBinding;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RepositoryIamBinding(\"binding\", RepositoryIamBindingArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:artifactregistry:RepositoryIamBinding\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_artifact\\_registry\\_repository\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.artifactregistry.RepositoryIamMember(\"member\", {\n project: my_repo.project,\n location: my_repo.location,\n repository: my_repo.name,\n role: \"roles/artifactregistry.reader\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.artifactregistry.RepositoryIamMember(\"member\",\n project=my_repo[\"project\"],\n location=my_repo[\"location\"],\n repository=my_repo[\"name\"],\n role=\"roles/artifactregistry.reader\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ArtifactRegistry.RepositoryIamMember(\"member\", new()\n {\n Project = my_repo.Project,\n Location = my_repo.Location,\n Repository = my_repo.Name,\n Role = \"roles/artifactregistry.reader\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := artifactregistry.NewRepositoryIamMember(ctx, \"member\", \u0026artifactregistry.RepositoryIamMemberArgs{\n\t\t\tProject: pulumi.Any(my_repo.Project),\n\t\t\tLocation: pulumi.Any(my_repo.Location),\n\t\t\tRepository: pulumi.Any(my_repo.Name),\n\t\t\tRole: pulumi.String(\"roles/artifactregistry.reader\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMember;\nimport com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RepositoryIamMember(\"member\", RepositoryIamMemberArgs.builder() \n .project(my_repo.project())\n .location(my_repo.location())\n .repository(my_repo.name())\n .role(\"roles/artifactregistry.reader\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:artifactregistry:RepositoryIamMember\n properties:\n project: ${[\"my-repo\"].project}\n location: ${[\"my-repo\"].location}\n repository: ${[\"my-repo\"].name}\n role: roles/artifactregistry.reader\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n\n* {{project}}/{{location}}/{{repository}}\n\n* {{location}}/{{repository}}\n\n* {{repository}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nArtifact Registry repository IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/locations/{{location}}/repositories/{{repository}} roles/artifactregistry.reader\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:artifactregistry/repositoryIamPolicy:RepositoryIamPolicy editor projects/{{project}}/locations/{{location}}/repositories/{{repository}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -113213,7 +113249,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "repository": { "type": "string", @@ -113239,7 +113275,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "repository": { @@ -113270,7 +113306,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "repository": { @@ -115280,7 +115316,7 @@ } }, "gcp:bigquery/connectionIamBinding:ConnectionIamBinding": { - "description": "Three different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n\n* {{project}}/{{location}}/{{connection_id}}\n\n* {{location}}/{{connection_id}}\n\n* {{connection_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Connection connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamBinding:ConnectionIamBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamBinding:ConnectionIamBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamBinding:ConnectionIamBinding editor projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_bigquery\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n\n* {{project}}/{{location}}/{{connection_id}}\n\n* {{location}}/{{connection_id}}\n\n* {{connection_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Connection connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamBinding:ConnectionIamBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamBinding:ConnectionIamBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamBinding:ConnectionIamBinding editor projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquery/ConnectionIamBindingCondition:ConnectionIamBindingCondition" @@ -115301,11 +115337,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -115339,11 +115376,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -115382,11 +115420,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -115399,7 +115438,7 @@ } }, "gcp:bigquery/connectionIamMember:ConnectionIamMember": { - "description": "Three different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n\n* {{project}}/{{location}}/{{connection_id}}\n\n* {{location}}/{{connection_id}}\n\n* {{connection_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Connection connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamMember:ConnectionIamMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamMember:ConnectionIamMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamMember:ConnectionIamMember editor projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_bigquery\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n\n* {{project}}/{{location}}/{{connection_id}}\n\n* {{location}}/{{connection_id}}\n\n* {{connection_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Connection connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamMember:ConnectionIamMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamMember:ConnectionIamMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamMember:ConnectionIamMember editor projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquery/ConnectionIamMemberCondition:ConnectionIamMemberCondition" @@ -115417,11 +115456,12 @@ "description": "The geographic location where the connection should reside.\nCloud SQL instance must be in the same location as the connection\nwith following exceptions: Cloud SQL us-central1 maps to BigQuery US, Cloud SQL europe-west1 maps to BigQuery EU.\nExamples: US, EU, asia-northeast1, us-central1, europe-west1.\nSpanner Connections same as spanner region\nAWS allowed regions are aws-us-east-1\nAzure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -115453,11 +115493,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -115494,11 +115535,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -115511,7 +115553,7 @@ } }, "gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy": { - "description": "Three different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n\n* {{project}}/{{location}}/{{connection_id}}\n\n* {{location}}/{{connection_id}}\n\n* {{connection_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Connection connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy editor projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Connection Connection. Each of these resources serves a different use case:\n\n* `gcp.bigquery.ConnectionIamPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.bigquery.ConnectionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.bigquery.ConnectionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.ConnectionIamPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.ConnectionIamBinding` and `gcp.bigquery.ConnectionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.ConnectionIamBinding` resources **can be** used in conjunction with `gcp.bigquery.ConnectionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_bigquery\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.ConnectionIamPolicy(\"policy\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.ConnectionIamPolicy(\"policy\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.ConnectionIamPolicy(\"policy\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewConnectionIamPolicy(ctx, \"policy\", \u0026bigquery.ConnectionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicy;\nimport com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIamPolicy(\"policy\", ConnectionIamPolicyArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:ConnectionIamPolicy\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.ConnectionIamBinding(\"binding\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.ConnectionIamBinding(\"binding\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.ConnectionIamBinding(\"binding\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamBinding(ctx, \"binding\", \u0026bigquery.ConnectionIamBindingArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamBinding;\nimport com.pulumi.gcp.bigquery.ConnectionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIamBinding(\"binding\", ConnectionIamBindingArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:ConnectionIamBinding\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.ConnectionIamMember(\"member\", {\n project: connection.project,\n location: connection.location,\n connectionId: connection.connectionId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.ConnectionIamMember(\"member\",\n project=connection[\"project\"],\n location=connection[\"location\"],\n connection_id=connection[\"connectionId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.ConnectionIamMember(\"member\", new()\n {\n Project = connection.Project,\n Location = connection.Location,\n ConnectionId = connection.ConnectionId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewConnectionIamMember(ctx, \"member\", \u0026bigquery.ConnectionIamMemberArgs{\n\t\t\tProject: pulumi.Any(connection.Project),\n\t\t\tLocation: pulumi.Any(connection.Location),\n\t\t\tConnectionId: pulumi.Any(connection.ConnectionId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.ConnectionIamMember;\nimport com.pulumi.gcp.bigquery.ConnectionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIamMember(\"member\", ConnectionIamMemberArgs.builder() \n .project(connection.project())\n .location(connection.location())\n .connectionId(connection.connectionId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:ConnectionIamMember\n properties:\n project: ${connection.project}\n location: ${connection.location}\n connectionId: ${connection.connectionId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n\n* {{project}}/{{location}}/{{connection_id}}\n\n* {{location}}/{{connection_id}}\n\n* {{connection_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Connection connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/connectionIamPolicy:ConnectionIamPolicy editor projects/{{project}}/locations/{{location}}/connections/{{connection_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "connectionId": { "type": "string", @@ -115531,7 +115573,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -115558,7 +115600,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -115589,7 +115631,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -116309,14 +116351,14 @@ } }, "gcp:bigquery/datasetIamBinding:DatasetIamBinding": { - "description": "Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:\n\n* `gcp.bigquery.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.bigquery.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.bigquery.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\nThese resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including [creating authorized views](https://cloud.google.com/bigquery/docs/share-access-views), please use either `gcp.bigquery.DatasetAccess` or the `access` field on `gcp.bigquery.Dataset`.\n\n\u003e **Note:** These resources **cannot** be used with `gcp.bigquery.DatasetAccess` resources or the `access` field on `gcp.bigquery.Dataset` or they will fight over what the policy should be.\n\n\u003e **Note:** Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the `gcp.bigquery.DatasetAccess` instead.\n\n\u003e **Note:** Legacy BigQuery roles `OWNER` `WRITER` and `READER` **cannot** be used with any of these IAM resources. Instead use the full role form of: `roles/bigquery.dataOwner` `roles/bigquery.dataEditor` and `roles/bigquery.dataViewer`.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.DatasetIamBinding` and `gcp.bigquery.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamBinding` resources **can be** used in conjunction with `gcp.bigquery.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigquery\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the BigQuery Dataset resource. For example:\n\n* `projects/{{project_id}}/datasets/{{dataset_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{{project_id}}/datasets/{{dataset_id}}\n\n to = google_bigquery_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigquery/datasetIamBinding:DatasetIamBinding default projects/{{project_id}}/datasets/{{dataset_id}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:\n\n* `gcp.bigquery.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.bigquery.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.bigquery.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\nThese resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including [creating authorized views](https://cloud.google.com/bigquery/docs/share-access-views), please use either `gcp.bigquery.DatasetAccess` or the `access` field on `gcp.bigquery.Dataset`.\n\n\u003e **Note:** These resources **cannot** be used with `gcp.bigquery.DatasetAccess` resources or the `access` field on `gcp.bigquery.Dataset` or they will fight over what the policy should be.\n\n\u003e **Note:** Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the `gcp.bigquery.DatasetAccess` instead.\n\n\u003e **Note:** Legacy BigQuery roles `OWNER` `WRITER` and `READER` **cannot** be used with any of these IAM resources. Instead use the full role form of: `roles/bigquery.dataOwner` `roles/bigquery.dataEditor` and `roles/bigquery.dataViewer`.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.DatasetIamBinding` and `gcp.bigquery.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamBinding` resources **can be** used in conjunction with `gcp.bigquery.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigquery\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the BigQuery Dataset resource. For example:\n\n* `projects/{{project_id}}/datasets/{{dataset_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{{project_id}}/datasets/{{dataset_id}}\n\n to = google_bigquery_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigquery/datasetIamBinding:DatasetIamBinding default projects/{{project_id}}/datasets/{{dataset_id}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquery/DatasetIamBindingCondition:DatasetIamBindingCondition" }, "datasetId": { "type": "string", - "description": "The dataset ID.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n" + "description": "The dataset ID.\n" }, "etag": { "type": "string", @@ -116326,7 +116368,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n" }, "project": { "type": "string", @@ -116351,14 +116394,15 @@ }, "datasetId": { "type": "string", - "description": "The dataset ID.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n", + "description": "The dataset ID.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n" }, "project": { "type": "string", @@ -116385,7 +116429,7 @@ }, "datasetId": { "type": "string", - "description": "The dataset ID.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n", + "description": "The dataset ID.\n", "willReplaceOnChanges": true }, "etag": { @@ -116396,7 +116440,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n" }, "project": { "type": "string", @@ -116413,21 +116458,22 @@ } }, "gcp:bigquery/datasetIamMember:DatasetIamMember": { - "description": "Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:\n\n* `gcp.bigquery.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.bigquery.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.bigquery.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\nThese resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including [creating authorized views](https://cloud.google.com/bigquery/docs/share-access-views), please use either `gcp.bigquery.DatasetAccess` or the `access` field on `gcp.bigquery.Dataset`.\n\n\u003e **Note:** These resources **cannot** be used with `gcp.bigquery.DatasetAccess` resources or the `access` field on `gcp.bigquery.Dataset` or they will fight over what the policy should be.\n\n\u003e **Note:** Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the `gcp.bigquery.DatasetAccess` instead.\n\n\u003e **Note:** Legacy BigQuery roles `OWNER` `WRITER` and `READER` **cannot** be used with any of these IAM resources. Instead use the full role form of: `roles/bigquery.dataOwner` `roles/bigquery.dataEditor` and `roles/bigquery.dataViewer`.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.DatasetIamBinding` and `gcp.bigquery.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamBinding` resources **can be** used in conjunction with `gcp.bigquery.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigquery\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the BigQuery Dataset resource. For example:\n\n* `projects/{{project_id}}/datasets/{{dataset_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{{project_id}}/datasets/{{dataset_id}}\n\n to = google_bigquery_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigquery/datasetIamMember:DatasetIamMember default projects/{{project_id}}/datasets/{{dataset_id}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:\n\n* `gcp.bigquery.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.bigquery.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.bigquery.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\nThese resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including [creating authorized views](https://cloud.google.com/bigquery/docs/share-access-views), please use either `gcp.bigquery.DatasetAccess` or the `access` field on `gcp.bigquery.Dataset`.\n\n\u003e **Note:** These resources **cannot** be used with `gcp.bigquery.DatasetAccess` resources or the `access` field on `gcp.bigquery.Dataset` or they will fight over what the policy should be.\n\n\u003e **Note:** Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the `gcp.bigquery.DatasetAccess` instead.\n\n\u003e **Note:** Legacy BigQuery roles `OWNER` `WRITER` and `READER` **cannot** be used with any of these IAM resources. Instead use the full role form of: `roles/bigquery.dataOwner` `roles/bigquery.dataEditor` and `roles/bigquery.dataViewer`.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.DatasetIamBinding` and `gcp.bigquery.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamBinding` resources **can be** used in conjunction with `gcp.bigquery.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigquery\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the BigQuery Dataset resource. For example:\n\n* `projects/{{project_id}}/datasets/{{dataset_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{{project_id}}/datasets/{{dataset_id}}\n\n to = google_bigquery_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigquery/datasetIamMember:DatasetIamMember default projects/{{project_id}}/datasets/{{dataset_id}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquery/DatasetIamMemberCondition:DatasetIamMemberCondition" }, "datasetId": { "type": "string", - "description": "The dataset ID.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n" + "description": "The dataset ID.\n" }, "etag": { "type": "string", "description": "(Computed) The etag of the dataset's IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n" }, "project": { "type": "string", @@ -116452,11 +116498,12 @@ }, "datasetId": { "type": "string", - "description": "The dataset ID.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n", + "description": "The dataset ID.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -116484,7 +116531,7 @@ }, "datasetId": { "type": "string", - "description": "The dataset ID.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n", + "description": "The dataset ID.\n", "willReplaceOnChanges": true }, "etag": { @@ -116493,6 +116540,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -116510,11 +116558,11 @@ } }, "gcp:bigquery/datasetIamPolicy:DatasetIamPolicy": { - "description": "Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:\n\n* `gcp.bigquery.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.bigquery.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.bigquery.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\nThese resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including [creating authorized views](https://cloud.google.com/bigquery/docs/share-access-views), please use either `gcp.bigquery.DatasetAccess` or the `access` field on `gcp.bigquery.Dataset`.\n\n\u003e **Note:** These resources **cannot** be used with `gcp.bigquery.DatasetAccess` resources or the `access` field on `gcp.bigquery.Dataset` or they will fight over what the policy should be.\n\n\u003e **Note:** Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the `gcp.bigquery.DatasetAccess` instead.\n\n\u003e **Note:** Legacy BigQuery roles `OWNER` `WRITER` and `READER` **cannot** be used with any of these IAM resources. Instead use the full role form of: `roles/bigquery.dataOwner` `roles/bigquery.dataEditor` and `roles/bigquery.dataViewer`.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.DatasetIamBinding` and `gcp.bigquery.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamBinding` resources **can be** used in conjunction with `gcp.bigquery.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigquery\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the BigQuery Dataset resource. For example:\n\n* `projects/{{project_id}}/datasets/{{dataset_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{{project_id}}/datasets/{{dataset_id}}\n\n to = google_bigquery_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigquery/datasetIamPolicy:DatasetIamPolicy default projects/{{project_id}}/datasets/{{dataset_id}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery dataset. Each of these resources serves a different use case:\n\n* `gcp.bigquery.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.bigquery.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.bigquery.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\nThese resources are intended to convert the permissions system for BigQuery datasets to the standard IAM interface. For advanced usages, including [creating authorized views](https://cloud.google.com/bigquery/docs/share-access-views), please use either `gcp.bigquery.DatasetAccess` or the `access` field on `gcp.bigquery.Dataset`.\n\n\u003e **Note:** These resources **cannot** be used with `gcp.bigquery.DatasetAccess` resources or the `access` field on `gcp.bigquery.Dataset` or they will fight over what the policy should be.\n\n\u003e **Note:** Using any of these resources will remove any authorized view permissions from the dataset. To assign and preserve authorized view permissions use the `gcp.bigquery.DatasetAccess` instead.\n\n\u003e **Note:** Legacy BigQuery roles `OWNER` `WRITER` and `READER` **cannot** be used with any of these IAM resources. Instead use the full role form of: `roles/bigquery.dataOwner` `roles/bigquery.dataEditor` and `roles/bigquery.dataViewer`.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.bigquery.DatasetIamBinding` and `gcp.bigquery.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.DatasetIamBinding` resources **can be** used in conjunction with `gcp.bigquery.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigquery\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst owner = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst datasetDataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst dataset = new gcp.bigquery.DatasetIamPolicy(\"dataset\", {\n datasetId: datasetDataset.datasetId,\n policyData: owner.then(owner =\u003e owner.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nowner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\ndataset_dataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\ndataset = gcp.bigquery.DatasetIamPolicy(\"dataset\",\n dataset_id=dataset_dataset.dataset_id,\n policy_data=owner.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var datasetDataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var dataset = new Gcp.BigQuery.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = datasetDataset.DatasetId,\n PolicyData = owner.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\towner, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tdatasetDataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamPolicy(ctx, \"dataset\", \u0026bigquery.DatasetIamPolicyArgs{\n\t\t\tDatasetId: datasetDataset.DatasetId,\n\t\t\tPolicyData: pulumi.String(owner.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicy;\nimport com.pulumi.gcp.bigquery.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var datasetDataset = new Dataset(\"datasetDataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(datasetDataset.datasetId())\n .policyData(owner.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:bigquery:DatasetIamPolicy\n properties:\n datasetId: ${datasetDataset.datasetId}\n policyData: ${owner.policyData}\n datasetDataset:\n type: gcp:bigquery:Dataset\n name: dataset\n properties:\n datasetId: example_dataset\nvariables:\n owner:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst reader = new gcp.bigquery.DatasetIamBinding(\"reader\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\nreader = gcp.bigquery.DatasetIamBinding(\"reader\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var reader = new Gcp.BigQuery.DatasetIamBinding(\"reader\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamBinding(ctx, \"reader\", \u0026bigquery.DatasetIamBindingArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamBinding;\nimport com.pulumi.gcp.bigquery.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var reader = new DatasetIamBinding(\"reader\", DatasetIamBindingArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n reader:\n type: gcp:bigquery:DatasetIamBinding\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataViewer\n members:\n - user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.bigquery.Dataset(\"dataset\", {datasetId: \"example_dataset\"});\nconst editor = new gcp.bigquery.DatasetIamMember(\"editor\", {\n datasetId: dataset.datasetId,\n role: \"roles/bigquery.dataEditor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.bigquery.Dataset(\"dataset\", dataset_id=\"example_dataset\")\neditor = gcp.bigquery.DatasetIamMember(\"editor\",\n dataset_id=dataset.dataset_id,\n role=\"roles/bigquery.dataEditor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.BigQuery.Dataset(\"dataset\", new()\n {\n DatasetId = \"example_dataset\",\n });\n\n var editor = new Gcp.BigQuery.DatasetIamMember(\"editor\", new()\n {\n DatasetId = dataset.DatasetId,\n Role = \"roles/bigquery.dataEditor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tdataset, err := bigquery.NewDataset(ctx, \"dataset\", \u0026bigquery.DatasetArgs{\n\t\t\tDatasetId: pulumi.String(\"example_dataset\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewDatasetIamMember(ctx, \"editor\", \u0026bigquery.DatasetIamMemberArgs{\n\t\t\tDatasetId: dataset.DatasetId,\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataEditor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.Dataset;\nimport com.pulumi.gcp.bigquery.DatasetArgs;\nimport com.pulumi.gcp.bigquery.DatasetIamMember;\nimport com.pulumi.gcp.bigquery.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new Dataset(\"dataset\", DatasetArgs.builder() \n .datasetId(\"example_dataset\")\n .build());\n\n var editor = new DatasetIamMember(\"editor\", DatasetIamMemberArgs.builder() \n .datasetId(dataset.datasetId())\n .role(\"roles/bigquery.dataEditor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigquery:DatasetIamMember\n properties:\n datasetId: ${dataset.datasetId}\n role: roles/bigquery.dataEditor\n member: user:jane@example.com\n dataset:\n type: gcp:bigquery:Dataset\n properties:\n datasetId: example_dataset\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the BigQuery Dataset resource. For example:\n\n* `projects/{{project_id}}/datasets/{{dataset_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{{project_id}}/datasets/{{dataset_id}}\n\n to = google_bigquery_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigquery/datasetIamPolicy:DatasetIamPolicy default projects/{{project_id}}/datasets/{{dataset_id}}\n```\n\n", "properties": { "datasetId": { "type": "string", - "description": "The dataset ID.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n" + "description": "The dataset ID.\n" }, "etag": { "type": "string", @@ -116538,7 +116586,7 @@ "inputProperties": { "datasetId": { "type": "string", - "description": "The dataset ID.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n", + "description": "The dataset ID.\n", "willReplaceOnChanges": true }, "policyData": { @@ -116560,7 +116608,7 @@ "properties": { "datasetId": { "type": "string", - "description": "The dataset ID.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet).\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n", + "description": "The dataset ID.\n", "willReplaceOnChanges": true }, "etag": { @@ -116581,7 +116629,7 @@ } }, "gcp:bigquery/iamBinding:IamBinding": { - "description": "Three different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_bigquery\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.bigquery.IamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.BigQuery.Inputs.IamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026bigquery.IamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(IamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\",\n condition=gcp.bigquery.IamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.BigQuery.Inputs.IamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026bigquery.IamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .condition(IamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n\n* {{project}}/{{dataset_id}}/{{table_id}}\n\n* {{dataset_id}}/{{table_id}}\n\n* {{table_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery table IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamBinding:IamBinding editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamBinding:IamBinding editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamBinding:IamBinding editor projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_bigquery\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.bigquery.IamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.BigQuery.Inputs.IamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026bigquery.IamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(IamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\",\n condition=gcp.bigquery.IamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.BigQuery.Inputs.IamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026bigquery.IamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .condition(IamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.bigquery.IamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.BigQuery.Inputs.IamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026bigquery.IamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(IamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\",\n condition=gcp.bigquery.IamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.BigQuery.Inputs.IamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026bigquery.IamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .condition(IamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n\n* {{project}}/{{dataset_id}}/{{table_id}}\n\n* {{dataset_id}}/{{table_id}}\n\n* {{table_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery table IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamBinding:IamBinding editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamBinding:IamBinding editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamBinding:IamBinding editor projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquery/IamBindingCondition:IamBindingCondition", @@ -116598,11 +116646,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -116634,11 +116683,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -116677,11 +116727,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -116698,7 +116749,7 @@ } }, "gcp:bigquery/iamMember:IamMember": { - "description": "Three different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_bigquery\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.bigquery.IamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.BigQuery.Inputs.IamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026bigquery.IamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(IamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\",\n condition=gcp.bigquery.IamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.BigQuery.Inputs.IamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026bigquery.IamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .condition(IamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n\n* {{project}}/{{dataset_id}}/{{table_id}}\n\n* {{dataset_id}}/{{table_id}}\n\n* {{table_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery table IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamMember:IamMember editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamMember:IamMember editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamMember:IamMember editor projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_bigquery\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.bigquery.IamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.BigQuery.Inputs.IamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026bigquery.IamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(IamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\",\n condition=gcp.bigquery.IamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.BigQuery.Inputs.IamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026bigquery.IamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .condition(IamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.bigquery.IamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.BigQuery.Inputs.IamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026bigquery.IamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(IamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\",\n condition=gcp.bigquery.IamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.BigQuery.Inputs.IamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026bigquery.IamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .condition(IamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n\n* {{project}}/{{dataset_id}}/{{table_id}}\n\n* {{dataset_id}}/{{table_id}}\n\n* {{table_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery table IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamMember:IamMember editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamMember:IamMember editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamMember:IamMember editor projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquery/IamMemberCondition:IamMemberCondition", @@ -116712,11 +116763,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -116746,11 +116798,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -116787,11 +116840,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -116808,7 +116862,7 @@ } }, "gcp:bigquery/iamPolicy:IamPolicy": { - "description": "Three different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_bigquery\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.bigquery.IamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.BigQuery.Inputs.IamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026bigquery.IamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(IamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\",\n condition=gcp.bigquery.IamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.BigQuery.Inputs.IamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026bigquery.IamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .condition(IamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n\n* {{project}}/{{dataset_id}}/{{table_id}}\n\n* {{dataset_id}}/{{table_id}}\n\n* {{table_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery table IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamPolicy:IamPolicy editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamPolicy:IamPolicy editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamPolicy:IamPolicy editor projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Table. Each of these resources serves a different use case:\n\n* `gcp.bigquery.IamPolicy`: Authoritative. Sets the IAM policy for the table and replaces any existing policy already attached.\n* `gcp.bigquery.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigquery.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquery.IamPolicy`: Retrieves the IAM policy for the table\n\n\u003e **Note:** `gcp.bigquery.IamPolicy` **cannot** be used in conjunction with `gcp.bigquery.IamBinding` and `gcp.bigquery.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquery.IamBinding` resources **can be** used in conjunction with `gcp.bigquery.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_bigquery\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.bigquery.IamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.BigQuery.Inputs.IamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026bigquery.IamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(IamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\",\n condition=gcp.bigquery.IamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.BigQuery.Inputs.IamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026bigquery.IamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .condition(IamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.bigquery.IamPolicy(\"policy\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.bigquery.IamPolicy(\"policy\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQuery.IamPolicy(\"policy\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigquery.dataOwner\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquery.NewIamPolicy(ctx, \"policy\", \u0026bigquery.IamPolicyArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquery.IamPolicy;\nimport com.pulumi.gcp.bigquery.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquery:IamPolicy\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquery.IamBinding(\"binding\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquery.IamBinding(\"binding\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n members=[\"user:jane@example.com\"],\n condition=gcp.bigquery.IamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQuery.IamBinding(\"binding\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.BigQuery.Inputs.IamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamBinding(ctx, \"binding\", \u0026bigquery.IamBindingArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026bigquery.IamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamBinding;\nimport com.pulumi.gcp.bigquery.IamBindingArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .members(\"user:jane@example.com\")\n .condition(IamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquery:IamBinding\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_bigquery\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquery.IamMember(\"member\", {\n project: test.project,\n datasetId: test.datasetId,\n tableId: test.tableId,\n role: \"roles/bigquery.dataOwner\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquery.IamMember(\"member\",\n project=test[\"project\"],\n dataset_id=test[\"datasetId\"],\n table_id=test[\"tableId\"],\n role=\"roles/bigquery.dataOwner\",\n member=\"user:jane@example.com\",\n condition=gcp.bigquery.IamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQuery.IamMember(\"member\", new()\n {\n Project = test.Project,\n DatasetId = test.DatasetId,\n TableId = test.TableId,\n Role = \"roles/bigquery.dataOwner\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.BigQuery.Inputs.IamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquery.NewIamMember(ctx, \"member\", \u0026bigquery.IamMemberArgs{\n\t\t\tProject: pulumi.Any(test.Project),\n\t\t\tDatasetId: pulumi.Any(test.DatasetId),\n\t\t\tTableId: pulumi.Any(test.TableId),\n\t\t\tRole: pulumi.String(\"roles/bigquery.dataOwner\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026bigquery.IamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquery.IamMember;\nimport com.pulumi.gcp.bigquery.IamMemberArgs;\nimport com.pulumi.gcp.bigquery.inputs.IamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .project(test.project())\n .datasetId(test.datasetId())\n .tableId(test.tableId())\n .role(\"roles/bigquery.dataOwner\")\n .member(\"user:jane@example.com\")\n .condition(IamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquery:IamMember\n properties:\n project: ${test.project}\n datasetId: ${test.datasetId}\n tableId: ${test.tableId}\n role: roles/bigquery.dataOwner\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n\n* {{project}}/{{dataset_id}}/{{table_id}}\n\n* {{dataset_id}}/{{table_id}}\n\n* {{table_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery table IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamPolicy:IamPolicy editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamPolicy:IamPolicy editor \"projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}} roles/bigquery.dataOwner\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquery/iamPolicy:IamPolicy editor projects/{{project}}/datasets/{{dataset_id}}/tables/{{table_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "datasetId": { "type": "string" @@ -116823,7 +116877,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "tableId": { "type": "string" @@ -116847,7 +116901,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "tableId": { @@ -116877,7 +116931,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "tableId": { @@ -118162,7 +118216,7 @@ } }, "gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding": { - "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}\n\n* {{location}}/{{data_exchange_id}}\n\n* {{data_exchange_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub dataexchange IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}\n\n* {{location}}/{{data_exchange_id}}\n\n* {{data_exchange_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub dataexchange IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamBinding:DataExchangeIamBinding editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigqueryanalyticshub/DataExchangeIamBindingCondition:DataExchangeIamBindingCondition" @@ -118183,11 +118237,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -118221,11 +118276,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -118264,11 +118320,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -118281,7 +118338,7 @@ } }, "gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember": { - "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}\n\n* {{location}}/{{data_exchange_id}}\n\n* {{data_exchange_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub dataexchange IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}\n\n* {{location}}/{{data_exchange_id}}\n\n* {{data_exchange_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub dataexchange IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamMember:DataExchangeIamMember editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigqueryanalyticshub/DataExchangeIamMemberCondition:DataExchangeIamMemberCondition" @@ -118299,11 +118356,12 @@ "description": "The name of the location this data exchange.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -118335,11 +118393,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -118376,11 +118435,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -118393,7 +118453,7 @@ } }, "gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}\n\n* {{location}}/{{data_exchange_id}}\n\n* {{data_exchange_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub dataexchange IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub DataExchange. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Authoritative. Sets the IAM policy for the dataexchange and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.DataExchangeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataexchange are preserved.\n* `gcp.bigqueryanalyticshub.DataExchangeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataexchange are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.DataExchangeIamPolicy`: Retrieves the IAM policy for the dataexchange\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamBinding` and `gcp.bigqueryanalyticshub.DataExchangeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.DataExchangeIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.DataExchangeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy(\"policy\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy(\"policy\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.DataExchangeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataExchangeIamPolicy(\"policy\", DataExchangeIamPolicyArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:DataExchangeIamPolicy\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.DataExchangeIamBinding(\"binding\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding(\"binding\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.DataExchangeIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataExchangeIamBinding(\"binding\", DataExchangeIamBindingArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:DataExchangeIamBinding\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\", {\n project: dataExchange.project,\n location: dataExchange.location,\n dataExchangeId: dataExchange.dataExchangeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.DataExchangeIamMember(\"member\",\n project=data_exchange[\"project\"],\n location=data_exchange[\"location\"],\n data_exchange_id=data_exchange[\"dataExchangeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember(\"member\", new()\n {\n Project = dataExchange.Project,\n Location = dataExchange.Location,\n DataExchangeId = dataExchange.DataExchangeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.DataExchangeIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataExchange.Project),\n\t\t\tLocation: pulumi.Any(dataExchange.Location),\n\t\t\tDataExchangeId: pulumi.Any(dataExchange.DataExchangeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataExchangeIamMember(\"member\", DataExchangeIamMemberArgs.builder() \n .project(dataExchange.project())\n .location(dataExchange.location())\n .dataExchangeId(dataExchange.dataExchangeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:DataExchangeIamMember\n properties:\n project: ${dataExchange.project}\n location: ${dataExchange.location}\n dataExchangeId: ${dataExchange.dataExchangeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}\n\n* {{location}}/{{data_exchange_id}}\n\n* {{data_exchange_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub dataexchange IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/dataExchangeIamPolicy:DataExchangeIamPolicy editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "dataExchangeId": { "type": "string", @@ -118413,7 +118473,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -118440,7 +118500,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -118471,7 +118531,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -118713,7 +118773,7 @@ } }, "gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding": { - "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{listing_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub listing IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{listing_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub listing IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamBinding:ListingIamBinding editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigqueryanalyticshub/ListingIamBindingCondition:ListingIamBindingCondition" @@ -118738,11 +118798,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -118782,11 +118843,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -118831,11 +118893,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -118848,7 +118911,7 @@ } }, "gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember": { - "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{listing_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub listing IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{listing_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub listing IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamMember:ListingIamMember editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigqueryanalyticshub/ListingIamMemberCondition:ListingIamMemberCondition" @@ -118870,11 +118933,12 @@ "description": "The name of the location this data exchange listing.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -118912,11 +118976,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -118959,11 +119024,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -118976,7 +119042,7 @@ } }, "gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{listing_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub listing IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Bigquery Analytics Hub Listing. Each of these resources serves a different use case:\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Authoritative. Sets the IAM policy for the listing and replaces any existing policy already attached.\n* `gcp.bigqueryanalyticshub.ListingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the listing are preserved.\n* `gcp.bigqueryanalyticshub.ListingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the listing are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigqueryanalyticshub.ListingIamPolicy`: Retrieves the IAM policy for the listing\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamPolicy` **cannot** be used in conjunction with `gcp.bigqueryanalyticshub.ListingIamBinding` and `gcp.bigqueryanalyticshub.ListingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigqueryanalyticshub.ListingIamBinding` resources **can be** used in conjunction with `gcp.bigqueryanalyticshub.ListingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigqueryanalyticshub.ListingIamPolicy(\"policy\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy(\"policy\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, \"policy\", \u0026bigqueryanalyticshub.ListingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ListingIamPolicy(\"policy\", ListingIamPolicyArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigqueryanalyticshub:ListingIamPolicy\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigqueryanalyticshub.ListingIamBinding(\"binding\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding(\"binding\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamBinding(ctx, \"binding\", \u0026bigqueryanalyticshub.ListingIamBindingArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ListingIamBinding(\"binding\", ListingIamBindingArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigqueryanalyticshub:ListingIamBinding\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigqueryanalyticshub.ListingIamMember(\"member\", {\n project: listing.project,\n location: listing.location,\n dataExchangeId: listing.dataExchangeId,\n listingId: listing.listingId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigqueryanalyticshub.ListingIamMember(\"member\",\n project=listing[\"project\"],\n location=listing[\"location\"],\n data_exchange_id=listing[\"dataExchangeId\"],\n listing_id=listing[\"listingId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember(\"member\", new()\n {\n Project = listing.Project,\n Location = listing.Location,\n DataExchangeId = listing.DataExchangeId,\n ListingId = listing.ListingId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigqueryanalyticshub.NewListingIamMember(ctx, \"member\", \u0026bigqueryanalyticshub.ListingIamMemberArgs{\n\t\t\tProject: pulumi.Any(listing.Project),\n\t\t\tLocation: pulumi.Any(listing.Location),\n\t\t\tDataExchangeId: pulumi.Any(listing.DataExchangeId),\n\t\t\tListingId: pulumi.Any(listing.ListingId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember;\nimport com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ListingIamMember(\"member\", ListingIamMemberArgs.builder() \n .project(listing.project())\n .location(listing.location())\n .dataExchangeId(listing.dataExchangeId())\n .listingId(listing.listingId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigqueryanalyticshub:ListingIamMember\n properties:\n project: ${listing.project}\n location: ${listing.location}\n dataExchangeId: ${listing.dataExchangeId}\n listingId: ${listing.listingId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n\n* {{project}}/{{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{location}}/{{data_exchange_id}}/{{listing_id}}\n\n* {{listing_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigquery Analytics Hub listing IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigqueryanalyticshub/listingIamPolicy:ListingIamPolicy editor projects/{{project}}/locations/{{location}}/dataExchanges/{{data_exchange_id}}/listings/{{listing_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "dataExchangeId": { "type": "string", @@ -119000,7 +119066,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -119033,7 +119099,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -119070,7 +119136,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -119191,7 +119257,7 @@ } }, "gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding": { - "description": "Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n\n* {{project}}/{{location}}/{{data_policy_id}}\n\n* {{location}}/{{data_policy_id}}\n\n* {{data_policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n\n* {{project}}/{{location}}/{{data_policy_id}}\n\n* {{location}}/{{data_policy_id}}\n\n* {{data_policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamBinding:DataPolicyIamBinding editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquerydatapolicy/DataPolicyIamBindingCondition:DataPolicyIamBindingCondition" @@ -119211,11 +119277,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -119248,11 +119315,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -119290,11 +119358,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -119307,7 +119376,7 @@ } }, "gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember": { - "description": "Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n\n* {{project}}/{{location}}/{{data_policy_id}}\n\n* {{location}}/{{data_policy_id}}\n\n* {{data_policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n\n* {{project}}/{{location}}/{{data_policy_id}}\n\n* {{location}}/{{data_policy_id}}\n\n* {{data_policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamMember:DataPolicyIamMember editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigquerydatapolicy/DataPolicyIamMemberCondition:DataPolicyIamMemberCondition" @@ -119324,11 +119393,12 @@ "description": "The name of the location of the data policy.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -119359,11 +119429,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -119399,11 +119470,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -119416,7 +119488,7 @@ } }, "gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy": { - "description": "Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n\n* {{project}}/{{location}}/{{data_policy_id}}\n\n* {{location}}/{{data_policy_id}}\n\n* {{data_policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for BigQuery Data Policy DataPolicy. Each of these resources serves a different use case:\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Authoritative. Sets the IAM policy for the datapolicy and replaces any existing policy already attached.\n* `gcp.bigquerydatapolicy.DataPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datapolicy are preserved.\n* `gcp.bigquerydatapolicy.DataPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datapolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.bigquerydatapolicy.DataPolicyIamPolicy`: Retrieves the IAM policy for the datapolicy\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamPolicy` **cannot** be used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamBinding` and `gcp.bigquerydatapolicy.DataPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.bigquerydatapolicy.DataPolicyIamBinding` resources **can be** used in conjunction with `gcp.bigquerydatapolicy.DataPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.bigquerydatapolicy.DataPolicyIamPolicy(\"policy\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy(\"policy\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, \"policy\", \u0026bigquerydatapolicy.DataPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DataPolicyIamPolicy(\"policy\", DataPolicyIamPolicyArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:bigquerydatapolicy:DataPolicyIamPolicy\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.bigquerydatapolicy.DataPolicyIamBinding(\"binding\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding(\"binding\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, \"binding\", \u0026bigquerydatapolicy.DataPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DataPolicyIamBinding(\"binding\", DataPolicyIamBindingArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:bigquerydatapolicy:DataPolicyIamBinding\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\", {\n project: dataPolicy.project,\n location: dataPolicy.location,\n dataPolicyId: dataPolicy.dataPolicyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.bigquerydatapolicy.DataPolicyIamMember(\"member\",\n project=data_policy[\"project\"],\n location=data_policy[\"location\"],\n data_policy_id=data_policy[\"dataPolicyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember(\"member\", new()\n {\n Project = dataPolicy.Project,\n Location = dataPolicy.Location,\n DataPolicyId = dataPolicy.DataPolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, \"member\", \u0026bigquerydatapolicy.DataPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(dataPolicy.Project),\n\t\t\tLocation: pulumi.Any(dataPolicy.Location),\n\t\t\tDataPolicyId: pulumi.Any(dataPolicy.DataPolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember;\nimport com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DataPolicyIamMember(\"member\", DataPolicyIamMemberArgs.builder() \n .project(dataPolicy.project())\n .location(dataPolicy.location())\n .dataPolicyId(dataPolicy.dataPolicyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:bigquerydatapolicy:DataPolicyIamMember\n properties:\n project: ${dataPolicy.project}\n location: ${dataPolicy.location}\n dataPolicyId: ${dataPolicy.dataPolicyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n\n* {{project}}/{{location}}/{{data_policy_id}}\n\n* {{location}}/{{data_policy_id}}\n\n* {{data_policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBigQuery Data Policy datapolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:bigquerydatapolicy/dataPolicyIamPolicy:DataPolicyIamPolicy editor projects/{{project}}/locations/{{location}}/dataPolicies/{{data_policy_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "dataPolicyId": { "type": "string" @@ -119435,7 +119507,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -119461,7 +119533,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -119491,7 +119563,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -119816,7 +119888,7 @@ } }, "gcp:bigtable/instanceIamBinding:InstanceIamBinding": { - "description": "Three different resources help you manage IAM policies on bigtable instances. Each of these resources serves a different use case:\n\n* `gcp.bigtable.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.bigtable.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.bigtable.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.InstanceIamBinding` and `gcp.bigtable.InstanceIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the instance as `gcp.bigtable.InstanceIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamBinding` resources **can be** used in conjunction with `gcp.bigtable.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigtable\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `instance` identifier of the Bigtable Instance resource only. For example:\n\n* `\"projects/{project}/instances/{instance}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}\"\n\n to = google_bigtable_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/instanceIamBinding:InstanceIamBinding default projects/{project}/instances/{instance}\n```\n\n", + "description": "Three different resources help you manage IAM policies on bigtable instances. Each of these resources serves a different use case:\n\n* `gcp.bigtable.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.bigtable.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.bigtable.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.InstanceIamBinding` and `gcp.bigtable.InstanceIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the instance as `gcp.bigtable.InstanceIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamBinding` resources **can be** used in conjunction with `gcp.bigtable.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigtable\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `instance` identifier of the Bigtable Instance resource only. For example:\n\n* `\"projects/{project}/instances/{instance}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}\"\n\n to = google_bigtable_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/instanceIamBinding:InstanceIamBinding default projects/{project}/instances/{instance}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigtable/InstanceIamBindingCondition:InstanceIamBindingCondition" @@ -119827,13 +119899,14 @@ }, "instance": { "type": "string", - "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n" }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -119858,14 +119931,15 @@ }, "instance": { "type": "string", - "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -119896,14 +119970,15 @@ }, "instance": { "type": "string", - "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -119920,7 +119995,7 @@ } }, "gcp:bigtable/instanceIamMember:InstanceIamMember": { - "description": "Three different resources help you manage IAM policies on bigtable instances. Each of these resources serves a different use case:\n\n* `gcp.bigtable.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.bigtable.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.bigtable.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.InstanceIamBinding` and `gcp.bigtable.InstanceIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the instance as `gcp.bigtable.InstanceIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamBinding` resources **can be** used in conjunction with `gcp.bigtable.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigtable\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `instance` identifier of the Bigtable Instance resource only. For example:\n\n* `\"projects/{project}/instances/{instance}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}\"\n\n to = google_bigtable_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/instanceIamMember:InstanceIamMember default projects/{project}/instances/{instance}\n```\n\n", + "description": "Three different resources help you manage IAM policies on bigtable instances. Each of these resources serves a different use case:\n\n* `gcp.bigtable.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.bigtable.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.bigtable.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.InstanceIamBinding` and `gcp.bigtable.InstanceIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the instance as `gcp.bigtable.InstanceIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamBinding` resources **can be** used in conjunction with `gcp.bigtable.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigtable\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `instance` identifier of the Bigtable Instance resource only. For example:\n\n* `\"projects/{project}/instances/{instance}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}\"\n\n to = google_bigtable_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/instanceIamMember:InstanceIamMember default projects/{project}/instances/{instance}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigtable/InstanceIamMemberCondition:InstanceIamMemberCondition" @@ -119931,10 +120006,11 @@ }, "instance": { "type": "string", - "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -119959,11 +120035,12 @@ }, "instance": { "type": "string", - "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -119995,11 +120072,12 @@ }, "instance": { "type": "string", - "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -120017,7 +120095,7 @@ } }, "gcp:bigtable/instanceIamPolicy:InstanceIamPolicy": { - "description": "Three different resources help you manage IAM policies on bigtable instances. Each of these resources serves a different use case:\n\n* `gcp.bigtable.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.bigtable.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.bigtable.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.InstanceIamBinding` and `gcp.bigtable.InstanceIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the instance as `gcp.bigtable.InstanceIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamBinding` resources **can be** used in conjunction with `gcp.bigtable.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigtable\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `instance` identifier of the Bigtable Instance resource only. For example:\n\n* `\"projects/{project}/instances/{instance}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}\"\n\n to = google_bigtable_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/instanceIamPolicy:InstanceIamPolicy default projects/{project}/instances/{instance}\n```\n\n", + "description": "Three different resources help you manage IAM policies on bigtable instances. Each of these resources serves a different use case:\n\n* `gcp.bigtable.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.bigtable.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.bigtable.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.InstanceIamBinding` and `gcp.bigtable.InstanceIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the instance as `gcp.bigtable.InstanceIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.InstanceIamBinding` resources **can be** used in conjunction with `gcp.bigtable.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigtable\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.InstanceIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.InstanceIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.InstanceIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewInstanceIamPolicy(ctx, \"editor\", \u0026bigtable.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicy;\nimport com.pulumi.gcp.bigtable.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new InstanceIamPolicy(\"editor\", InstanceIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamBinding(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamBinding(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamBinding(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamBinding(ctx, \"editor\", \u0026bigtable.InstanceIamBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamBinding;\nimport com.pulumi.gcp.bigtable.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamBinding(\"editor\", InstanceIamBindingArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamBinding\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.InstanceIamMember(\"editor\", {\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.InstanceIamMember(\"editor\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.InstanceIamMember(\"editor\", new()\n {\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewInstanceIamMember(ctx, \"editor\", \u0026bigtable.InstanceIamMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.InstanceIamMember;\nimport com.pulumi.gcp.bigtable.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new InstanceIamMember(\"editor\", InstanceIamMemberArgs.builder() \n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:InstanceIamMember\n properties:\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `instance` identifier of the Bigtable Instance resource only. For example:\n\n* `\"projects/{project}/instances/{instance}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}\"\n\n to = google_bigtable_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/instanceIamPolicy:InstanceIamPolicy default projects/{project}/instances/{instance}\n```\n\n", "properties": { "etag": { "type": "string", @@ -120025,7 +120103,7 @@ }, "instance": { "type": "string", - "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n" }, "policyData": { "type": "string", @@ -120045,7 +120123,7 @@ "inputProperties": { "instance": { "type": "string", - "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n", "willReplaceOnChanges": true }, "policyData": { @@ -120071,7 +120149,7 @@ }, "instance": { "type": "string", - "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the instance to manage IAM policies for.\n\nFor `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`:\n", "willReplaceOnChanges": true }, "policyData": { @@ -120221,7 +120299,7 @@ } }, "gcp:bigtable/tableIamBinding:TableIamBinding": { - "description": "Three different resources help you manage IAM policies on bigtable tables. Each of these resources serves a different use case:\n\n* `gcp.bigtable.TableIamPolicy`: Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.\n* `gcp.bigtable.TableIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigtable.TableIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\n\u003e **Note:** `gcp.bigtable.TableIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.TableIamBinding` and `gcp.bigtable.TableIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the table as `gcp.bigtable.TableIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.TableIamBinding` resources **can be** used in conjunction with `gcp.bigtable.TableIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigtable\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `table` identifier of the Bigtable Table resource only. For example:\n\n* `\"projects/{project}/instances/{instance}/tables/{table}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}/tables/{table}\"\n\n to = google_bigtable_table_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/tableIamBinding:TableIamBinding default projects/{project}/instances/{instance}/tables/{table}\n```\n\n", + "description": "Three different resources help you manage IAM policies on bigtable tables. Each of these resources serves a different use case:\n\n* `gcp.bigtable.TableIamPolicy`: Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.\n* `gcp.bigtable.TableIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigtable.TableIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\n\u003e **Note:** `gcp.bigtable.TableIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.TableIamBinding` and `gcp.bigtable.TableIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the table as `gcp.bigtable.TableIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.TableIamBinding` resources **can be** used in conjunction with `gcp.bigtable.TableIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigtable\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `table` identifier of the Bigtable Table resource only. For example:\n\n* `\"projects/{project}/instances/{instance}/tables/{table}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}/tables/{table}\"\n\n to = google_bigtable_table_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/tableIamBinding:TableIamBinding default projects/{project}/instances/{instance}/tables/{table}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigtable/TableIamBindingCondition:TableIamBindingCondition" @@ -120238,7 +120316,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -120250,7 +120329,7 @@ }, "table": { "type": "string", - "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n" } }, "required": [ @@ -120275,7 +120354,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -120289,7 +120369,7 @@ }, "table": { "type": "string", - "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n", "willReplaceOnChanges": true } }, @@ -120319,7 +120399,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -120333,7 +120414,7 @@ }, "table": { "type": "string", - "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n", "willReplaceOnChanges": true } }, @@ -120341,7 +120422,7 @@ } }, "gcp:bigtable/tableIamMember:TableIamMember": { - "description": "Three different resources help you manage IAM policies on bigtable tables. Each of these resources serves a different use case:\n\n* `gcp.bigtable.TableIamPolicy`: Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.\n* `gcp.bigtable.TableIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigtable.TableIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\n\u003e **Note:** `gcp.bigtable.TableIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.TableIamBinding` and `gcp.bigtable.TableIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the table as `gcp.bigtable.TableIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.TableIamBinding` resources **can be** used in conjunction with `gcp.bigtable.TableIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigtable\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `table` identifier of the Bigtable Table resource only. For example:\n\n* `\"projects/{project}/instances/{instance}/tables/{table}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}/tables/{table}\"\n\n to = google_bigtable_table_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/tableIamMember:TableIamMember default projects/{project}/instances/{instance}/tables/{table}\n```\n\n", + "description": "Three different resources help you manage IAM policies on bigtable tables. Each of these resources serves a different use case:\n\n* `gcp.bigtable.TableIamPolicy`: Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.\n* `gcp.bigtable.TableIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigtable.TableIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\n\u003e **Note:** `gcp.bigtable.TableIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.TableIamBinding` and `gcp.bigtable.TableIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the table as `gcp.bigtable.TableIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.TableIamBinding` resources **can be** used in conjunction with `gcp.bigtable.TableIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigtable\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `table` identifier of the Bigtable Table resource only. For example:\n\n* `\"projects/{project}/instances/{instance}/tables/{table}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}/tables/{table}\"\n\n to = google_bigtable_table_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/tableIamMember:TableIamMember default projects/{project}/instances/{instance}/tables/{table}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:bigtable/TableIamMemberCondition:TableIamMemberCondition" @@ -120355,7 +120436,8 @@ "description": "The name or relative resource id of the instance that owns the table.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -120367,7 +120449,7 @@ }, "table": { "type": "string", - "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n" } }, "required": [ @@ -120390,6 +120472,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -120404,7 +120487,7 @@ }, "table": { "type": "string", - "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n", "willReplaceOnChanges": true } }, @@ -120432,6 +120515,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -120446,7 +120530,7 @@ }, "table": { "type": "string", - "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n", "willReplaceOnChanges": true } }, @@ -120454,7 +120538,7 @@ } }, "gcp:bigtable/tableIamPolicy:TableIamPolicy": { - "description": "Three different resources help you manage IAM policies on bigtable tables. Each of these resources serves a different use case:\n\n* `gcp.bigtable.TableIamPolicy`: Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.\n* `gcp.bigtable.TableIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigtable.TableIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\n\u003e **Note:** `gcp.bigtable.TableIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.TableIamBinding` and `gcp.bigtable.TableIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the table as `gcp.bigtable.TableIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.TableIamBinding` resources **can be** used in conjunction with `gcp.bigtable.TableIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigtable\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `table` identifier of the Bigtable Table resource only. For example:\n\n* `\"projects/{project}/instances/{instance}/tables/{table}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}/tables/{table}\"\n\n to = google_bigtable_table_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/tableIamPolicy:TableIamPolicy default projects/{project}/instances/{instance}/tables/{table}\n```\n\n", + "description": "Three different resources help you manage IAM policies on bigtable tables. Each of these resources serves a different use case:\n\n* `gcp.bigtable.TableIamPolicy`: Authoritative. Sets the IAM policy for the tables and replaces any existing policy already attached.\n* `gcp.bigtable.TableIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.bigtable.TableIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the table are preserved.\n\n\u003e **Note:** `gcp.bigtable.TableIamPolicy` **cannot** be used in conjunction with `gcp.bigtable.TableIamBinding` and `gcp.bigtable.TableIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the table as `gcp.bigtable.TableIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.bigtable.TableIamBinding` resources **can be** used in conjunction with `gcp.bigtable.TableIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_bigtable\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.bigtable.TableIamPolicy(\"editor\", {\n project: \"your-project\",\n instance: \"your-bigtable-instance\",\n table: \"your-bigtable-table\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.bigtable.TableIamPolicy(\"editor\",\n project=\"your-project\",\n instance=\"your-bigtable-instance\",\n table=\"your-bigtable-table\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.BigTable.TableIamPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Instance = \"your-bigtable-instance\",\n Table = \"your-bigtable-table\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/bigtable.user\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = bigtable.NewTableIamPolicy(ctx, \"editor\", \u0026bigtable.TableIamPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.bigtable.TableIamPolicy;\nimport com.pulumi.gcp.bigtable.TableIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new TableIamPolicy(\"editor\", TableIamPolicyArgs.builder() \n .project(\"your-project\")\n .instance(\"your-bigtable-instance\")\n .table(\"your-bigtable-table\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamPolicy\n properties:\n project: your-project\n instance: your-bigtable-instance\n table: your-bigtable-table\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamBinding(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamBinding(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamBinding(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamBinding(ctx, \"editor\", \u0026bigtable.TableIamBindingArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamBinding;\nimport com.pulumi.gcp.bigtable.TableIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamBinding(\"editor\", TableIamBindingArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamBinding\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_bigtable\\_table\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.bigtable.TableIamMember(\"editor\", {\n table: \"your-bigtable-table\",\n instance: \"your-bigtable-instance\",\n role: \"roles/bigtable.user\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.bigtable.TableIamMember(\"editor\",\n table=\"your-bigtable-table\",\n instance=\"your-bigtable-instance\",\n role=\"roles/bigtable.user\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.BigTable.TableIamMember(\"editor\", new()\n {\n Table = \"your-bigtable-table\",\n Instance = \"your-bigtable-instance\",\n Role = \"roles/bigtable.user\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := bigtable.NewTableIamMember(ctx, \"editor\", \u0026bigtable.TableIamMemberArgs{\n\t\t\tTable: pulumi.String(\"your-bigtable-table\"),\n\t\t\tInstance: pulumi.String(\"your-bigtable-instance\"),\n\t\t\tRole: pulumi.String(\"roles/bigtable.user\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.bigtable.TableIamMember;\nimport com.pulumi.gcp.bigtable.TableIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new TableIamMember(\"editor\", TableIamMemberArgs.builder() \n .table(\"your-bigtable-table\")\n .instance(\"your-bigtable-instance\")\n .role(\"roles/bigtable.user\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:bigtable:TableIamMember\n properties:\n table: your-bigtable-table\n instance: your-bigtable-instance\n role: roles/bigtable.user\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `table` identifier of the Bigtable Table resource only. For example:\n\n* `\"projects/{project}/instances/{instance}/tables/{table}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/instances/{instance}/tables/{table}\"\n\n to = google_bigtable_table_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:bigtable/tableIamPolicy:TableIamPolicy default projects/{project}/instances/{instance}/tables/{table}\n```\n\n", "properties": { "etag": { "type": "string", @@ -120474,7 +120558,7 @@ }, "table": { "type": "string", - "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n" } }, "required": [ @@ -120501,7 +120585,7 @@ }, "table": { "type": "string", - "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n", "willReplaceOnChanges": true } }, @@ -120533,7 +120617,7 @@ }, "table": { "type": "string", - "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the table to manage IAM policies for.\n\nFor `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`:\n", "willReplaceOnChanges": true } }, @@ -120541,11 +120625,11 @@ } }, "gcp:billing/accountIamBinding:AccountIamBinding": { - "description": "Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:\n\n* `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.\n* `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.\n\n\u003e **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_billing\\_account\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `billing_account_id` identifier of the Billing Account resource only. For example:\n\n* `{{billing_account_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{billing_account_id}}\n\n to = google_billing_account_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:billing/accountIamBinding:AccountIamBinding default {{billing_account_id}}\n```\n\n", + "description": "Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:\n\n* `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.\n* `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.\n\n\u003e **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_billing\\_account\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `billing_account_id` identifier of the Billing Account resource only. For example:\n\n* `{{billing_account_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{billing_account_id}}\n\n to = google_billing_account_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:billing/accountIamBinding:AccountIamBinding default {{billing_account_id}}\n```\n\n", "properties": { "billingAccountId": { "type": "string", - "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n" }, "condition": { "$ref": "#/types/gcp:billing/AccountIamBindingCondition:AccountIamBindingCondition" @@ -120558,7 +120642,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -120574,7 +120659,7 @@ "inputProperties": { "billingAccountId": { "type": "string", - "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n", "willReplaceOnChanges": true }, "condition": { @@ -120585,7 +120670,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -120603,7 +120689,7 @@ "properties": { "billingAccountId": { "type": "string", - "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n", "willReplaceOnChanges": true }, "condition": { @@ -120618,7 +120704,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -120630,11 +120717,11 @@ } }, "gcp:billing/accountIamMember:AccountIamMember": { - "description": "Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:\n\n* `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.\n* `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.\n\n\u003e **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_billing\\_account\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `billing_account_id` identifier of the Billing Account resource only. For example:\n\n* `{{billing_account_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{billing_account_id}}\n\n to = google_billing_account_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:billing/accountIamMember:AccountIamMember default {{billing_account_id}}\n```\n\n", + "description": "Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:\n\n* `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.\n* `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.\n\n\u003e **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_billing\\_account\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `billing_account_id` identifier of the Billing Account resource only. For example:\n\n* `{{billing_account_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{billing_account_id}}\n\n to = google_billing_account_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:billing/accountIamMember:AccountIamMember default {{billing_account_id}}\n```\n\n", "properties": { "billingAccountId": { "type": "string", - "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n" }, "condition": { "$ref": "#/types/gcp:billing/AccountIamMemberCondition:AccountIamMemberCondition" @@ -120644,7 +120731,8 @@ "description": "(Computed) The etag of the billing account's IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -120660,7 +120748,7 @@ "inputProperties": { "billingAccountId": { "type": "string", - "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n", "willReplaceOnChanges": true }, "condition": { @@ -120669,6 +120757,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -120687,7 +120776,7 @@ "properties": { "billingAccountId": { "type": "string", - "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n", "willReplaceOnChanges": true }, "condition": { @@ -120700,6 +120789,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -120712,11 +120802,11 @@ } }, "gcp:billing/accountIamPolicy:AccountIamPolicy": { - "description": "Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:\n\n* `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.\n* `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.\n\n\u003e **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_billing\\_account\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `billing_account_id` identifier of the Billing Account resource only. For example:\n\n* `{{billing_account_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{billing_account_id}}\n\n to = google_billing_account_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:billing/accountIamPolicy:AccountIamPolicy default {{billing_account_id}}\n```\n\n", + "description": "Three different resources help you manage IAM policies on billing accounts. Each of these resources serves a different use case:\n\n* `gcp.billing.AccountIamPolicy`: Authoritative. Sets the IAM policy for the billing accounts and replaces any existing policy already attached.\n* `gcp.billing.AccountIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the table are preserved.\n* `gcp.billing.AccountIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role of the billing accounts are preserved.\n\n\u003e **Note:** `gcp.billing.AccountIamPolicy` **cannot** be used in conjunction with `gcp.billing.AccountIamBinding` and `gcp.billing.AccountIamMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the billing account as `gcp.billing.AccountIamPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.billing.AccountIamBinding` resources **can be** used in conjunction with `gcp.billing.AccountIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_billing\\_account\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.billing.AccountIamPolicy(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.billing.AccountIamPolicy(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Billing.AccountIamPolicy(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/billing.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = billing.NewAccountIamPolicy(ctx, \"editor\", \u0026billing.AccountIamPolicyArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.billing.AccountIamPolicy;\nimport com.pulumi.gcp.billing.AccountIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new AccountIamPolicy(\"editor\", AccountIamPolicyArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamPolicy\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamBinding(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamBinding(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamBinding(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamBinding(ctx, \"editor\", \u0026billing.AccountIamBindingArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamBinding;\nimport com.pulumi.gcp.billing.AccountIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamBinding(\"editor\", AccountIamBindingArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamBinding\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_billing\\_account\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.billing.AccountIamMember(\"editor\", {\n billingAccountId: \"00AA00-000AAA-00AA0A\",\n role: \"roles/billing.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.billing.AccountIamMember(\"editor\",\n billing_account_id=\"00AA00-000AAA-00AA0A\",\n role=\"roles/billing.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Billing.AccountIamMember(\"editor\", new()\n {\n BillingAccountId = \"00AA00-000AAA-00AA0A\",\n Role = \"roles/billing.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := billing.NewAccountIamMember(ctx, \"editor\", \u0026billing.AccountIamMemberArgs{\n\t\t\tBillingAccountId: pulumi.String(\"00AA00-000AAA-00AA0A\"),\n\t\t\tRole: pulumi.String(\"roles/billing.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.billing.AccountIamMember;\nimport com.pulumi.gcp.billing.AccountIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new AccountIamMember(\"editor\", AccountIamMemberArgs.builder() \n .billingAccountId(\"00AA00-000AAA-00AA0A\")\n .role(\"roles/billing.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:billing:AccountIamMember\n properties:\n billingAccountId: 00AA00-000AAA-00AA0A\n role: roles/billing.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `billing_account_id` identifier of the Billing Account resource only. For example:\n\n* `{{billing_account_id}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{billing_account_id}}\n\n to = google_billing_account_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:billing/accountIamPolicy:AccountIamPolicy default {{billing_account_id}}\n```\n\n", "properties": { "billingAccountId": { "type": "string", - "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n" }, "etag": { "type": "string", @@ -120735,7 +120825,7 @@ "inputProperties": { "billingAccountId": { "type": "string", - "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n", "willReplaceOnChanges": true }, "policyData": { @@ -120752,7 +120842,7 @@ "properties": { "billingAccountId": { "type": "string", - "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The billing account id.\n\nFor `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`:\n", "willReplaceOnChanges": true }, "etag": { @@ -121087,7 +121177,7 @@ } }, "gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding": { - "description": "Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/attestors/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBinary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor projects/{{project}}/attestors/{{attestor}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/attestors/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBinary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor projects/{{project}}/attestors/{{attestor}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "attestor": { "type": "string", @@ -121104,11 +121194,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -121136,11 +121227,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -121174,11 +121266,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -121191,7 +121284,7 @@ } }, "gcp:binaryauthorization/attestorIamMember:AttestorIamMember": { - "description": "Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/attestors/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBinary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor projects/{{project}}/attestors/{{attestor}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/attestors/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBinary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor projects/{{project}}/attestors/{{attestor}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "attestor": { "type": "string", @@ -121205,11 +121298,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -121235,11 +121329,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -121271,11 +121366,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -121288,7 +121384,7 @@ } }, "gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/attestors/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBinary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor projects/{{project}}/attestors/{{attestor}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.\n* `gcp.binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.\n* `gcp.binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `gcp.binaryauthorization.AttestorIamBinding` and `gcp.binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `gcp.binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.binaryauthorization.AttestorIamPolicy(\"policy\", {\n project: attestor.project,\n attestor: attestor.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.binaryauthorization.AttestorIamPolicy(\"policy\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy(\"policy\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = binaryauthorization.NewAttestorIamPolicy(ctx, \"policy\", \u0026binaryauthorization.AttestorIamPolicyArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicy;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AttestorIamPolicy(\"policy\", AttestorIamPolicyArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:binaryauthorization:AttestorIamPolicy\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.binaryauthorization.AttestorIamBinding(\"binding\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.binaryauthorization.AttestorIamBinding(\"binding\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.BinaryAuthorization.AttestorIamBinding(\"binding\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamBinding(ctx, \"binding\", \u0026binaryauthorization.AttestorIamBindingArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBinding;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AttestorIamBinding(\"binding\", AttestorIamBindingArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:binaryauthorization:AttestorIamBinding\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_binary\\_authorization\\_attestor\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.binaryauthorization.AttestorIamMember(\"member\", {\n project: attestor.project,\n attestor: attestor.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.binaryauthorization.AttestorIamMember(\"member\",\n project=attestor[\"project\"],\n attestor=attestor[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.BinaryAuthorization.AttestorIamMember(\"member\", new()\n {\n Project = attestor.Project,\n Attestor = attestor.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := binaryauthorization.NewAttestorIamMember(ctx, \"member\", \u0026binaryauthorization.AttestorIamMemberArgs{\n\t\t\tProject: pulumi.Any(attestor.Project),\n\t\t\tAttestor: pulumi.Any(attestor.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMember;\nimport com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AttestorIamMember(\"member\", AttestorIamMemberArgs.builder() \n .project(attestor.project())\n .attestor(attestor.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:binaryauthorization:AttestorIamMember\n properties:\n project: ${attestor.project}\n attestor: ${attestor.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/attestors/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBinary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor \"projects/{{project}}/attestors/{{attestor}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor projects/{{project}}/attestors/{{attestor}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "attestor": { "type": "string", @@ -121304,7 +121400,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -121325,7 +121421,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -121351,7 +121447,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -122162,7 +122258,7 @@ } }, "gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding": { - "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_privateca\\_ca\\_pool\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/caPools/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service capool IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding editor projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_privateca\\_ca\\_pool\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_privateca\\_ca\\_pool\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/caPools/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service capool IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamBinding:CaPoolIamBinding editor projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "caPool": { "type": "string", @@ -122184,11 +122280,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -122223,11 +122320,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -122267,11 +122365,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -122284,7 +122383,7 @@ } }, "gcp:certificateauthority/caPoolIamMember:CaPoolIamMember": { - "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_privateca\\_ca\\_pool\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/caPools/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service capool IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamMember:CaPoolIamMember editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamMember:CaPoolIamMember editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamMember:CaPoolIamMember editor projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_privateca\\_ca\\_pool\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_privateca\\_ca\\_pool\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/caPools/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service capool IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamMember:CaPoolIamMember editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamMember:CaPoolIamMember editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamMember:CaPoolIamMember editor projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "caPool": { "type": "string", @@ -122303,11 +122402,12 @@ "description": "Location of the CaPool. A full list of valid locations can be found by\nrunning `gcloud privateca locations list`.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -122340,11 +122440,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -122382,11 +122483,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -122399,7 +122501,7 @@ } }, "gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_privateca\\_ca\\_pool\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/caPools/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service capool IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy editor projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CaPool. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Authoritative. Sets the IAM policy for the capool and replaces any existing policy already attached.\n* `gcp.certificateauthority.CaPoolIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the capool are preserved.\n* `gcp.certificateauthority.CaPoolIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the capool are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CaPoolIamPolicy`: Retrieves the IAM policy for the capool\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CaPoolIamBinding` and `gcp.certificateauthority.CaPoolIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CaPoolIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CaPoolIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_privateca\\_ca\\_pool\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_privateca\\_ca\\_pool\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CaPoolIamPolicy(\"policy\", {\n caPool: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CaPoolIamPolicy(\"policy\",\n ca_pool=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy(\"policy\", new()\n {\n CaPool = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.certificateManager\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCaPoolIamPolicy(ctx, \"policy\", \u0026certificateauthority.CaPoolIamPolicyArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CaPoolIamPolicy(\"policy\", CaPoolIamPolicyArgs.builder() \n .caPool(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CaPoolIamPolicy\n properties:\n caPool: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CaPoolIamBinding(\"binding\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CaPoolIamBinding(\"binding\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CaPoolIamBinding(\"binding\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamBinding(ctx, \"binding\", \u0026certificateauthority.CaPoolIamBindingArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBinding;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CaPoolIamBinding(\"binding\", CaPoolIamBindingArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .members(\"user:jane@example.com\")\n .condition(CaPoolIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CaPoolIamBinding\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_ca\\_pool\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CaPoolIamMember(\"member\", {\n caPool: _default.id,\n role: \"roles/privateca.certificateManager\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CaPoolIamMember(\"member\",\n ca_pool=default[\"id\"],\n role=\"roles/privateca.certificateManager\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CaPoolIamMember(\"member\", new()\n {\n CaPool = @default.Id,\n Role = \"roles/privateca.certificateManager\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCaPoolIamMember(ctx, \"member\", \u0026certificateauthority.CaPoolIamMemberArgs{\n\t\t\tCaPool: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.certificateManager\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CaPoolIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMember;\nimport com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CaPoolIamMember(\"member\", CaPoolIamMemberArgs.builder() \n .caPool(default_.id())\n .role(\"roles/privateca.certificateManager\")\n .member(\"user:jane@example.com\")\n .condition(CaPoolIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CaPoolIamMember\n properties:\n caPool: ${default.id}\n role: roles/privateca.certificateManager\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/caPools/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service capool IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy editor \"projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}} roles/privateca.certificateManager\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/caPoolIamPolicy:CaPoolIamPolicy editor projects/{{project}}/locations/{{location}}/caPools/{{ca_pool}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "caPool": { "type": "string", @@ -122419,7 +122521,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -122446,7 +122548,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -122477,7 +122579,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -122954,7 +123056,7 @@ } }, "gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding": { - "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_privateca\\_certificate\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service certificatetemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding editor projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_privateca\\_certificate\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_privateca\\_certificate\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service certificatetemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamBinding:CertificateTemplateIamBinding editor projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "certificateTemplate": { "type": "string", @@ -122975,11 +123077,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -123013,11 +123116,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -123056,11 +123160,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -123073,7 +123178,7 @@ } }, "gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember": { - "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_privateca\\_certificate\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service certificatetemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember editor projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_privateca\\_certificate\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_privateca\\_certificate\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service certificatetemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamMember:CertificateTemplateIamMember editor projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "certificateTemplate": { "type": "string", @@ -123091,11 +123196,12 @@ "type": "string" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -123127,11 +123233,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -123168,11 +123275,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -123185,7 +123293,7 @@ } }, "gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_privateca\\_certificate\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service certificatetemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy editor projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Certificate Authority Service CertificateTemplate. Each of these resources serves a different use case:\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Authoritative. Sets the IAM policy for the certificatetemplate and replaces any existing policy already attached.\n* `gcp.certificateauthority.CertificateTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the certificatetemplate are preserved.\n* `gcp.certificateauthority.CertificateTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the certificatetemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.certificateauthority.CertificateTemplateIamPolicy`: Retrieves the IAM policy for the certificatetemplate\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamPolicy` **cannot** be used in conjunction with `gcp.certificateauthority.CertificateTemplateIamBinding` and `gcp.certificateauthority.CertificateTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.certificateauthority.CertificateTemplateIamBinding` resources **can be** used in conjunction with `gcp.certificateauthority.CertificateTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_privateca\\_certificate\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_privateca\\_certificate\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\", {\n certificateTemplate: _default.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.certificateauthority.CertificateTemplateIamPolicy(\"policy\",\n certificate_template=default[\"id\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy(\"policy\", new()\n {\n CertificateTemplate = @default.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/privateca.templateUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, \"policy\", \u0026certificateauthority.CertificateTemplateIamPolicyArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new CertificateTemplateIamPolicy(\"policy\", CertificateTemplateIamPolicyArgs.builder() \n .certificateTemplate(default_.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:certificateauthority:CertificateTemplateIamPolicy\n properties:\n certificateTemplate: ${default.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.certificateauthority.CertificateTemplateIamBinding(\"binding\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding(\"binding\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, \"binding\", \u0026certificateauthority.CertificateTemplateIamBindingArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new CertificateTemplateIamBinding(\"binding\", CertificateTemplateIamBindingArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .members(\"user:jane@example.com\")\n .condition(CertificateTemplateIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:certificateauthority:CertificateTemplateIamBinding\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_privateca\\_certificate\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.certificateauthority.CertificateTemplateIamMember(\"member\", {\n certificateTemplate: _default.id,\n role: \"roles/privateca.templateUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.certificateauthority.CertificateTemplateIamMember(\"member\",\n certificate_template=default[\"id\"],\n role=\"roles/privateca.templateUser\",\n member=\"user:jane@example.com\",\n condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember(\"member\", new()\n {\n CertificateTemplate = @default.Id,\n Role = \"roles/privateca.templateUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := certificateauthority.NewCertificateTemplateIamMember(ctx, \"member\", \u0026certificateauthority.CertificateTemplateIamMemberArgs{\n\t\t\tCertificateTemplate: pulumi.Any(_default.Id),\n\t\t\tRole: pulumi.String(\"roles/privateca.templateUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026certificateauthority.CertificateTemplateIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember;\nimport com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs;\nimport com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new CertificateTemplateIamMember(\"member\", CertificateTemplateIamMemberArgs.builder() \n .certificateTemplate(default_.id())\n .role(\"roles/privateca.templateUser\")\n .member(\"user:jane@example.com\")\n .condition(CertificateTemplateIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:certificateauthority:CertificateTemplateIamMember\n properties:\n certificateTemplate: ${default.id}\n role: roles/privateca.templateUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/certificateTemplates/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCertificate Authority Service certificatetemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy editor \"projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}} roles/privateca.templateUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:certificateauthority/certificateTemplateIamPolicy:CertificateTemplateIamPolicy editor projects/{{project}}/locations/{{location}}/certificateTemplates/{{certificate_template}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "certificateTemplate": { "type": "string", @@ -123204,7 +123312,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -123230,7 +123338,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -123260,7 +123368,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -125732,7 +125840,7 @@ } }, "gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Build v2 connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding editor projects/{{project}}/locations/{{location}}/connections/{{connection}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Build v2 connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMBinding:ConnectionIAMBinding editor projects/{{project}}/locations/{{location}}/connections/{{connection}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudbuildv2/ConnectionIAMBindingCondition:ConnectionIAMBindingCondition" @@ -125749,7 +125857,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -125757,7 +125866,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -125786,7 +125895,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -125795,7 +125905,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -125828,7 +125938,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -125837,7 +125948,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -125850,7 +125961,7 @@ } }, "gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Build v2 connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember editor projects/{{project}}/locations/{{location}}/connections/{{connection}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Build v2 connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMMember:ConnectionIAMMember editor projects/{{project}}/locations/{{location}}/connections/{{connection}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudbuildv2/ConnectionIAMMemberCondition:ConnectionIAMMemberCondition" @@ -125864,7 +125975,8 @@ "description": "The location for the resource Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -125872,7 +125984,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -125899,6 +126011,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -125908,7 +126021,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -125939,6 +126052,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -125948,7 +126062,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -125961,7 +126075,7 @@ } }, "gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Build v2 connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy editor projects/{{project}}/locations/{{location}}/connections/{{connection}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Build v2 Connection. Each of these resources serves a different use case:\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Authoritative. Sets the IAM policy for the connection and replaces any existing policy already attached.\n* `gcp.cloudbuildv2.ConnectionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the connection are preserved.\n* `gcp.cloudbuildv2.ConnectionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the connection are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudbuildv2.ConnectionIAMPolicy`: Retrieves the IAM policy for the connection\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMPolicy` **cannot** be used in conjunction with `gcp.cloudbuildv2.ConnectionIAMBinding` and `gcp.cloudbuildv2.ConnectionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudbuildv2.ConnectionIAMBinding` resources **can be** used in conjunction with `gcp.cloudbuildv2.ConnectionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudbuildv2.ConnectionIAMPolicy(\"policy\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy(\"policy\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/cloudbuild.connectionViewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, \"policy\", \u0026cloudbuildv2.ConnectionIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConnectionIAMPolicy(\"policy\", ConnectionIAMPolicyArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudbuildv2:ConnectionIAMPolicy\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudbuildv2.ConnectionIAMBinding(\"binding\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding(\"binding\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMBinding(ctx, \"binding\", \u0026cloudbuildv2.ConnectionIAMBindingArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConnectionIAMBinding(\"binding\", ConnectionIAMBindingArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudbuildv2:ConnectionIAMBinding\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudbuildv2\\_connection\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudbuildv2.ConnectionIAMMember(\"member\", {\n project: my_connection.project,\n location: my_connection.location,\n name: my_connection.name,\n role: \"roles/cloudbuild.connectionViewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudbuildv2.ConnectionIAMMember(\"member\",\n project=my_connection[\"project\"],\n location=my_connection[\"location\"],\n name=my_connection[\"name\"],\n role=\"roles/cloudbuild.connectionViewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudBuildV2.ConnectionIAMMember(\"member\", new()\n {\n Project = my_connection.Project,\n Location = my_connection.Location,\n Name = my_connection.Name,\n Role = \"roles/cloudbuild.connectionViewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudbuildv2.NewConnectionIAMMember(ctx, \"member\", \u0026cloudbuildv2.ConnectionIAMMemberArgs{\n\t\t\tProject: pulumi.Any(my_connection.Project),\n\t\t\tLocation: pulumi.Any(my_connection.Location),\n\t\t\tName: pulumi.Any(my_connection.Name),\n\t\t\tRole: pulumi.String(\"roles/cloudbuild.connectionViewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember;\nimport com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConnectionIAMMember(\"member\", ConnectionIAMMemberArgs.builder() \n .project(my_connection.project())\n .location(my_connection.location())\n .name(my_connection.name())\n .role(\"roles/cloudbuild.connectionViewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudbuildv2:ConnectionIAMMember\n properties:\n project: ${[\"my-connection\"].project}\n location: ${[\"my-connection\"].location}\n name: ${[\"my-connection\"].name}\n role: roles/cloudbuild.connectionViewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/connections/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Build v2 connection IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy editor \"projects/{{project}}/locations/{{location}}/connections/{{connection}} roles/cloudbuild.connectionViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudbuildv2/connectionIAMPolicy:ConnectionIAMPolicy editor projects/{{project}}/locations/{{location}}/connections/{{connection}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -125981,7 +126095,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -126008,7 +126122,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -126038,7 +126152,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -128872,7 +128986,7 @@ } }, "gcp:cloudfunctions/functionIamBinding:FunctionIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudfunctions\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n\n* {{project}}/{{region}}/{{cloud_function}}\n\n* {{region}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions cloudfunction IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamBinding:FunctionIamBinding editor projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudfunctions\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloudfunctions\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n\n* {{project}}/{{region}}/{{cloud_function}}\n\n* {{region}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions cloudfunction IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamBinding:FunctionIamBinding editor projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "cloudFunction": { "type": "string", @@ -128889,11 +129003,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -128926,11 +129041,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -128969,11 +129085,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -128991,7 +129108,7 @@ } }, "gcp:cloudfunctions/functionIamMember:FunctionIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudfunctions\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n\n* {{project}}/{{region}}/{{cloud_function}}\n\n* {{region}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions cloudfunction IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamMember:FunctionIamMember editor projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudfunctions\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloudfunctions\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n\n* {{project}}/{{region}}/{{cloud_function}}\n\n* {{region}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions cloudfunction IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamMember:FunctionIamMember editor projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "cloudFunction": { "type": "string", @@ -129005,11 +129122,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -129040,11 +129158,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -129081,11 +129200,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -129103,7 +129223,7 @@ } }, "gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudfunctions\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n\n* {{project}}/{{region}}/{{cloud_function}}\n\n* {{region}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions cloudfunction IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy editor projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Functions CloudFunction. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the cloudfunction and replaces any existing policy already attached.\n* `gcp.cloudfunctions.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cloudfunction are preserved.\n* `gcp.cloudfunctions.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cloudfunction are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctions.FunctionIamPolicy`: Retrieves the IAM policy for the cloudfunction\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctions.FunctionIamBinding` and `gcp.cloudfunctions.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctions.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctions.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudfunctions\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloudfunctions\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctions.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctions.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctions.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctions.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctions.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctions:FunctionIamPolicy\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctions.FunctionIamBinding(\"binding\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctions.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctions.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctions.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctions:FunctionIamBinding\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctions.FunctionIamMember(\"member\", {\n project: _function.project,\n region: _function.region,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctions.FunctionIamMember(\"member\",\n project=function[\"project\"],\n region=function[\"region\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctions.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Region = function.Region,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctions.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctions.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tRegion: pulumi.Any(function.Region),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .region(function.region())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctions:FunctionIamMember\n properties:\n project: ${function.project}\n region: ${function.region}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n\n* {{project}}/{{region}}/{{cloud_function}}\n\n* {{region}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions cloudfunction IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{region}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctions/functionIamPolicy:FunctionIamPolicy editor projects/{{project}}/locations/{{region}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "cloudFunction": { "type": "string", @@ -129119,7 +129239,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -129145,7 +129265,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -129176,7 +129296,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -129403,7 +129523,7 @@ } }, "gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudfunctions2\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n\n* {{project}}/{{location}}/{{cloud_function}}\n\n* {{location}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions (2nd gen) function IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding editor projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudfunctions2\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloudfunctions2\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n\n* {{project}}/{{location}}/{{cloud_function}}\n\n* {{location}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions (2nd gen) function IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamBinding:FunctionIamBinding editor projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "cloudFunction": { "type": "string", @@ -129424,11 +129544,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -129462,11 +129583,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -129505,11 +129627,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -129522,7 +129645,7 @@ } }, "gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudfunctions2\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n\n* {{project}}/{{location}}/{{cloud_function}}\n\n* {{location}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions (2nd gen) function IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember editor projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudfunctions2\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloudfunctions2\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n\n* {{project}}/{{location}}/{{cloud_function}}\n\n* {{location}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions (2nd gen) function IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamMember:FunctionIamMember editor projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "cloudFunction": { "type": "string", @@ -129540,11 +129663,12 @@ "description": "The location of this cloud function. Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -129576,11 +129700,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -129617,11 +129742,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -129634,7 +129760,7 @@ } }, "gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudfunctions2\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n\n* {{project}}/{{location}}/{{cloud_function}}\n\n* {{location}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions (2nd gen) function IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy editor projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Functions (2nd gen) function. Each of these resources serves a different use case:\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Authoritative. Sets the IAM policy for the function and replaces any existing policy already attached.\n* `gcp.cloudfunctionsv2.FunctionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the function are preserved.\n* `gcp.cloudfunctionsv2.FunctionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the function are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudfunctionsv2.FunctionIamPolicy`: Retrieves the IAM policy for the function\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamPolicy` **cannot** be used in conjunction with `gcp.cloudfunctionsv2.FunctionIamBinding` and `gcp.cloudfunctionsv2.FunctionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudfunctionsv2.FunctionIamBinding` resources **can be** used in conjunction with `gcp.cloudfunctionsv2.FunctionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloudfunctions2\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloudfunctions2\\_function\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudfunctionsv2.FunctionIamPolicy(\"policy\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy(\"policy\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, \"policy\", \u0026cloudfunctionsv2.FunctionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FunctionIamPolicy(\"policy\", FunctionIamPolicyArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudfunctionsv2:FunctionIamPolicy\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudfunctionsv2.FunctionIamBinding(\"binding\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding(\"binding\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, \"binding\", \u0026cloudfunctionsv2.FunctionIamBindingArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FunctionIamBinding(\"binding\", FunctionIamBindingArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudfunctionsv2:FunctionIamBinding\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloudfunctions2\\_function\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudfunctionsv2.FunctionIamMember(\"member\", {\n project: _function.project,\n location: _function.location,\n cloudFunction: _function.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudfunctionsv2.FunctionIamMember(\"member\",\n project=function[\"project\"],\n location=function[\"location\"],\n cloud_function=function[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudFunctionsV2.FunctionIamMember(\"member\", new()\n {\n Project = function.Project,\n Location = function.Location,\n CloudFunction = function.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudfunctionsv2.NewFunctionIamMember(ctx, \"member\", \u0026cloudfunctionsv2.FunctionIamMemberArgs{\n\t\t\tProject: pulumi.Any(function.Project),\n\t\t\tLocation: pulumi.Any(function.Location),\n\t\t\tCloudFunction: pulumi.Any(function.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember;\nimport com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FunctionIamMember(\"member\", FunctionIamMemberArgs.builder() \n .project(function.project())\n .location(function.location())\n .cloudFunction(function.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudfunctionsv2:FunctionIamMember\n properties:\n project: ${function.project}\n location: ${function.location}\n cloudFunction: ${function.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n\n* {{project}}/{{location}}/{{cloud_function}}\n\n* {{location}}/{{cloud_function}}\n\n* {{cloud_function}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Functions (2nd gen) function IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy editor \"projects/{{project}}/locations/{{location}}/functions/{{cloud_function}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudfunctionsv2/functionIamPolicy:FunctionIamPolicy editor projects/{{project}}/locations/{{location}}/functions/{{cloud_function}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "cloudFunction": { "type": "string", @@ -129654,7 +129780,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -129681,7 +129807,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -129712,7 +129838,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -130448,7 +130574,7 @@ } }, "gcp:cloudrun/iamBinding:IamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service}}\n\n* {{project}}/{{location}}/{{service}}\n\n* {{location}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamBinding:IamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamBinding:IamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamBinding:IamBinding editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloud\\_run\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service}}\n\n* {{project}}/{{location}}/{{service}}\n\n* {{location}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamBinding:IamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamBinding:IamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamBinding:IamBinding editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudrun/IamBindingCondition:IamBindingCondition" @@ -130465,11 +130591,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -130502,11 +130629,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -130545,11 +130673,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -130567,7 +130696,7 @@ } }, "gcp:cloudrun/iamMember:IamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service}}\n\n* {{project}}/{{location}}/{{service}}\n\n* {{location}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamMember:IamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamMember:IamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamMember:IamMember editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloud\\_run\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service}}\n\n* {{project}}/{{location}}/{{service}}\n\n* {{location}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamMember:IamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamMember:IamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamMember:IamMember editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudrun/IamMemberCondition:IamMemberCondition" @@ -130581,11 +130710,12 @@ "description": "The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -130616,11 +130746,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -130657,11 +130788,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -130679,7 +130811,7 @@ } }, "gcp:cloudrun/iamPolicy:IamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service}}\n\n* {{project}}/{{location}}/{{service}}\n\n* {{location}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamPolicy:IamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamPolicy:IamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamPolicy:IamPolicy editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrun.IamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrun.IamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrun.IamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrun.IamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrun.IamPolicy` **cannot** be used in conjunction with `gcp.cloudrun.IamBinding` and `gcp.cloudrun.IamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrun.IamBinding` resources **can be** used in conjunction with `gcp.cloudrun.IamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloud\\_run\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrun.IamPolicy(\"policy\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrun.IamPolicy(\"policy\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRun.IamPolicy(\"policy\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrun.NewIamPolicy(ctx, \"policy\", \u0026cloudrun.IamPolicyArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrun.IamPolicy;\nimport com.pulumi.gcp.cloudrun.IamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new IamPolicy(\"policy\", IamPolicyArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrun:IamPolicy\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrun.IamBinding(\"binding\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrun.IamBinding(\"binding\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRun.IamBinding(\"binding\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamBinding(ctx, \"binding\", \u0026cloudrun.IamBindingArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamBinding;\nimport com.pulumi.gcp.cloudrun.IamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new IamBinding(\"binding\", IamBindingArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrun:IamBinding\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrun.IamMember(\"member\", {\n location: _default.location,\n project: _default.project,\n service: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrun.IamMember(\"member\",\n location=default[\"location\"],\n project=default[\"project\"],\n service=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRun.IamMember(\"member\", new()\n {\n Location = @default.Location,\n Project = @default.Project,\n Service = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrun.NewIamMember(ctx, \"member\", \u0026cloudrun.IamMemberArgs{\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrun.IamMember;\nimport com.pulumi.gcp.cloudrun.IamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new IamMember(\"member\", IamMemberArgs.builder() \n .location(default_.location())\n .project(default_.project())\n .service(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrun:IamMember\n properties:\n location: ${default.location}\n project: ${default.project}\n service: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service}}\n\n* {{project}}/{{location}}/{{service}}\n\n* {{location}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamPolicy:IamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamPolicy:IamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrun/iamPolicy:IamPolicy editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -130695,7 +130827,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "service": { "type": "string", @@ -130721,7 +130853,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "service": { @@ -130752,7 +130884,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "service": { @@ -131272,7 +131404,7 @@ } }, "gcp:cloudrunv2/jobIamBinding:JobIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/jobs/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) job IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamBinding:JobIamBinding editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamBinding:JobIamBinding editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamBinding:JobIamBinding editor projects/{{project}}/locations/{{location}}/jobs/{{job}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/jobs/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) job IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamBinding:JobIamBinding editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamBinding:JobIamBinding editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamBinding:JobIamBinding editor projects/{{project}}/locations/{{location}}/jobs/{{job}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudrunv2/JobIamBindingCondition:JobIamBindingCondition" @@ -131289,7 +131421,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -131297,7 +131430,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -131326,7 +131459,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -131335,7 +131469,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -131368,7 +131502,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -131377,7 +131512,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -131390,7 +131525,7 @@ } }, "gcp:cloudrunv2/jobIamMember:JobIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/jobs/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) job IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamMember:JobIamMember editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamMember:JobIamMember editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamMember:JobIamMember editor projects/{{project}}/locations/{{location}}/jobs/{{job}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/jobs/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) job IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamMember:JobIamMember editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamMember:JobIamMember editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamMember:JobIamMember editor projects/{{project}}/locations/{{location}}/jobs/{{job}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudrunv2/JobIamMemberCondition:JobIamMemberCondition" @@ -131404,7 +131539,8 @@ "description": "The location of the cloud run job Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -131412,7 +131548,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -131439,6 +131575,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -131448,7 +131585,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -131479,6 +131616,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -131488,7 +131626,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -131501,7 +131639,7 @@ } }, "gcp:cloudrunv2/jobIamPolicy:JobIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/jobs/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) job IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamPolicy:JobIamPolicy editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamPolicy:JobIamPolicy editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamPolicy:JobIamPolicy editor projects/{{project}}/locations/{{location}}/jobs/{{job}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Job. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.JobIamPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.cloudrunv2.JobIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.cloudrunv2.JobIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.JobIamPolicy`: Retrieves the IAM policy for the job\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.JobIamBinding` and `gcp.cloudrunv2.JobIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.JobIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.JobIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.JobIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.JobIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.JobIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewJobIamPolicy(ctx, \"policy\", \u0026cloudrunv2.JobIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new JobIamPolicy(\"policy\", JobIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:JobIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.JobIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.JobIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.JobIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamBinding(ctx, \"binding\", \u0026cloudrunv2.JobIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamBinding;\nimport com.pulumi.gcp.cloudrunv2.JobIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new JobIamBinding(\"binding\", JobIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:JobIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.JobIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.JobIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.JobIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewJobIamMember(ctx, \"member\", \u0026cloudrunv2.JobIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.JobIamMember;\nimport com.pulumi.gcp.cloudrunv2.JobIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new JobIamMember(\"member\", JobIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:JobIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/jobs/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) job IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamPolicy:JobIamPolicy editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamPolicy:JobIamPolicy editor \"projects/{{project}}/locations/{{location}}/jobs/{{job}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/jobIamPolicy:JobIamPolicy editor projects/{{project}}/locations/{{location}}/jobs/{{job}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -131521,7 +131659,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -131548,7 +131686,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -131578,7 +131716,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -132054,7 +132192,7 @@ } }, "gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamBinding:ServiceIamBinding editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudrunv2/ServiceIamBindingCondition:ServiceIamBindingCondition" @@ -132071,7 +132209,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -132079,7 +132218,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -132108,7 +132247,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -132117,7 +132257,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -132150,7 +132290,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -132159,7 +132300,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -132172,7 +132313,7 @@ } }, "gcp:cloudrunv2/serviceIamMember:ServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamMember:ServiceIamMember editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamMember:ServiceIamMember editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudrunv2/ServiceIamMemberCondition:ServiceIamMemberCondition" @@ -132186,7 +132327,8 @@ "description": "The location of the cloud run service Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -132194,7 +132336,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -132221,6 +132363,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -132230,7 +132373,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -132261,6 +132404,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -132270,7 +132414,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -132283,7 +132427,7 @@ } }, "gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Run (v2 API) Service. Each of these resources serves a different use case:\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.cloudrunv2.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.cloudrunv2.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudrunv2.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.cloudrunv2.ServiceIamBinding` and `gcp.cloudrunv2.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudrunv2.ServiceIamBinding` resources **can be** used in conjunction with `gcp.cloudrunv2.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudrunv2.ServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudrunv2.ServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudRunV2.ServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudrunv2.NewServiceIamPolicy(ctx, \"policy\", \u0026cloudrunv2.ServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicy;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudrunv2:ServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudrunv2.ServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudrunv2.ServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudRunV2.ServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamBinding(ctx, \"binding\", \u0026cloudrunv2.ServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBinding;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudrunv2:ServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudrunv2.ServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudrunv2.ServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudRunV2.ServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudrunv2.NewServiceIamMember(ctx, \"member\", \u0026cloudrunv2.ServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMember;\nimport com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudrunv2:ServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Run (v2 API) service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudrunv2/serviceIamPolicy:ServiceIamPolicy editor projects/{{project}}/locations/{{location}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -132303,7 +132447,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -132330,7 +132474,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -132360,7 +132504,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -132659,7 +132803,7 @@ } }, "gcp:cloudtasks/queueIamBinding:QueueIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/queues/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Tasks queue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamBinding:QueueIamBinding editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamBinding:QueueIamBinding editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamBinding:QueueIamBinding editor projects/{{project}}/locations/{{location}}/queues/{{queue}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/queues/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Tasks queue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamBinding:QueueIamBinding editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamBinding:QueueIamBinding editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamBinding:QueueIamBinding editor projects/{{project}}/locations/{{location}}/queues/{{queue}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudtasks/QueueIamBindingCondition:QueueIamBindingCondition" @@ -132676,7 +132820,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -132684,7 +132829,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -132713,7 +132858,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -132722,7 +132868,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -132755,7 +132901,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -132764,7 +132911,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -132777,7 +132924,7 @@ } }, "gcp:cloudtasks/queueIamMember:QueueIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/queues/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Tasks queue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamMember:QueueIamMember editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamMember:QueueIamMember editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamMember:QueueIamMember editor projects/{{project}}/locations/{{location}}/queues/{{queue}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/queues/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Tasks queue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamMember:QueueIamMember editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamMember:QueueIamMember editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamMember:QueueIamMember editor projects/{{project}}/locations/{{location}}/queues/{{queue}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:cloudtasks/QueueIamMemberCondition:QueueIamMemberCondition" @@ -132791,7 +132938,8 @@ "description": "The location of the queue Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -132799,7 +132947,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -132826,6 +132974,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -132835,7 +132984,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -132866,6 +133015,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -132875,7 +133025,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -132888,7 +133038,7 @@ } }, "gcp:cloudtasks/queueIamPolicy:QueueIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/queues/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Tasks queue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamPolicy:QueueIamPolicy editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamPolicy:QueueIamPolicy editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamPolicy:QueueIamPolicy editor projects/{{project}}/locations/{{location}}/queues/{{queue}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Tasks Queue. Each of these resources serves a different use case:\n\n* `gcp.cloudtasks.QueueIamPolicy`: Authoritative. Sets the IAM policy for the queue and replaces any existing policy already attached.\n* `gcp.cloudtasks.QueueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the queue are preserved.\n* `gcp.cloudtasks.QueueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the queue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.cloudtasks.QueueIamPolicy`: Retrieves the IAM policy for the queue\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamPolicy` **cannot** be used in conjunction with `gcp.cloudtasks.QueueIamBinding` and `gcp.cloudtasks.QueueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.cloudtasks.QueueIamBinding` resources **can be** used in conjunction with `gcp.cloudtasks.QueueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.cloudtasks.QueueIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.cloudtasks.QueueIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.CloudTasks.QueueIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = cloudtasks.NewQueueIamPolicy(ctx, \"policy\", \u0026cloudtasks.QueueIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicy;\nimport com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new QueueIamPolicy(\"policy\", QueueIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:cloudtasks:QueueIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.cloudtasks.QueueIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.cloudtasks.QueueIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.CloudTasks.QueueIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamBinding(ctx, \"binding\", \u0026cloudtasks.QueueIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamBinding;\nimport com.pulumi.gcp.cloudtasks.QueueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new QueueIamBinding(\"binding\", QueueIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:cloudtasks:QueueIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_cloud\\_tasks\\_queue\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.cloudtasks.QueueIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.cloudtasks.QueueIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.CloudTasks.QueueIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := cloudtasks.NewQueueIamMember(ctx, \"member\", \u0026cloudtasks.QueueIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.cloudtasks.QueueIamMember;\nimport com.pulumi.gcp.cloudtasks.QueueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new QueueIamMember(\"member\", QueueIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:cloudtasks:QueueIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/queues/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Tasks queue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamPolicy:QueueIamPolicy editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamPolicy:QueueIamPolicy editor \"projects/{{project}}/locations/{{location}}/queues/{{queue}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:cloudtasks/queueIamPolicy:QueueIamPolicy editor projects/{{project}}/locations/{{location}}/queues/{{queue}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -132908,7 +133058,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -132935,7 +133085,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -132965,7 +133115,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -133838,7 +133988,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -133846,7 +133997,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -133869,7 +134020,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -133878,7 +134030,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -133906,7 +134058,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -133915,7 +134068,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -133938,7 +134091,8 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -133946,7 +134100,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -133967,6 +134121,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -133976,7 +134131,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -134002,6 +134157,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -134011,7 +134167,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -134040,7 +134196,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -134061,7 +134217,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -134086,7 +134242,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -134615,7 +134771,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -134623,7 +134780,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -134647,7 +134804,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -134656,7 +134814,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -134685,7 +134843,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -134694,7 +134853,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -134718,7 +134877,8 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -134726,7 +134886,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -134748,6 +134908,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -134757,7 +134918,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -134784,6 +134945,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -134793,7 +134955,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -134822,7 +134984,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -134843,7 +135005,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -134868,7 +135030,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -135591,7 +135753,7 @@ } }, "gcp:compute/diskIamBinding:DiskIamBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamBinding:DiskIamBinding editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamBinding:DiskIamBinding editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamBinding:DiskIamBinding editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamBinding:DiskIamBinding editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamBinding:DiskIamBinding editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamBinding:DiskIamBinding editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/DiskIamBindingCondition:DiskIamBindingCondition" @@ -135604,7 +135766,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -135612,7 +135775,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -135640,7 +135803,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -135649,7 +135813,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -135682,7 +135846,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -135691,7 +135856,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -135709,7 +135874,7 @@ } }, "gcp:compute/diskIamMember:DiskIamMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamMember:DiskIamMember editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamMember:DiskIamMember editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamMember:DiskIamMember editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamMember:DiskIamMember editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamMember:DiskIamMember editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamMember:DiskIamMember editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/DiskIamMemberCondition:DiskIamMemberCondition" @@ -135719,7 +135884,8 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -135727,7 +135893,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -135753,6 +135919,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -135762,7 +135929,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -135793,6 +135960,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -135802,7 +135970,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -135820,7 +135988,7 @@ } }, "gcp:compute/diskIamPolicy:DiskIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamPolicy:DiskIamPolicy editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamPolicy:DiskIamPolicy editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamPolicy:DiskIamPolicy editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamPolicy:DiskIamPolicy editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamPolicy:DiskIamPolicy editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/diskIamPolicy:DiskIamPolicy editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -135836,7 +136004,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "zone": { "type": "string", @@ -135862,7 +136030,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "zone": { @@ -135892,7 +136060,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "zone": { @@ -139133,7 +139301,7 @@ } }, "gcp:compute/imageIamBinding:ImageIamBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.ImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.ImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/images/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine image IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamBinding:ImageIamBinding editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamBinding:ImageIamBinding editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamBinding:ImageIamBinding editor projects/{{project}}/global/images/{{image}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.ImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.ImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.ImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.ImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/images/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine image IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamBinding:ImageIamBinding editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamBinding:ImageIamBinding editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamBinding:ImageIamBinding editor projects/{{project}}/global/images/{{image}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/ImageIamBindingCondition:ImageIamBindingCondition", @@ -139151,11 +139319,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -139184,11 +139353,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -139223,11 +139393,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -139240,7 +139411,7 @@ } }, "gcp:compute/imageIamMember:ImageIamMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.ImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.ImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/images/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine image IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamMember:ImageIamMember editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamMember:ImageIamMember editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamMember:ImageIamMember editor projects/{{project}}/global/images/{{image}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.ImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.ImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.ImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.ImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/images/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine image IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamMember:ImageIamMember editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamMember:ImageIamMember editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamMember:ImageIamMember editor projects/{{project}}/global/images/{{image}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/ImageIamMemberCondition:ImageIamMemberCondition", @@ -139255,11 +139426,12 @@ "description": "Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -139286,11 +139458,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -139323,11 +139496,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -139340,7 +139514,7 @@ } }, "gcp:compute/imageIamPolicy:ImageIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.ImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.ImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/images/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine image IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamPolicy:ImageIamPolicy editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamPolicy:ImageIamPolicy editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamPolicy:ImageIamPolicy editor projects/{{project}}/global/images/{{image}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Image. Each of these resources serves a different use case:\n\n* `gcp.compute.ImageIamPolicy`: Authoritative. Sets the IAM policy for the image and replaces any existing policy already attached.\n* `gcp.compute.ImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the image are preserved.\n* `gcp.compute.ImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the image are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.ImageIamPolicy`: Retrieves the IAM policy for the image\n\n\u003e **Note:** `gcp.compute.ImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.ImageIamBinding` and `gcp.compute.ImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.ImageIamBinding` resources **can be** used in conjunction with `gcp.compute.ImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.ImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.ImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.ImageIamPolicy(\"policy\", {\n project: example.project,\n image: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.ImageIamPolicy(\"policy\",\n project=example[\"project\"],\n image=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.ImageIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Image = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.imageUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewImageIamPolicy(ctx, \"policy\", \u0026compute.ImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.ImageIamPolicy;\nimport com.pulumi.gcp.compute.ImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new ImageIamPolicy(\"policy\", ImageIamPolicyArgs.builder() \n .project(example.project())\n .image(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:ImageIamPolicy\n properties:\n project: ${example.project}\n image: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.ImageIamBinding(\"binding\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.ImageIamBinding(\"binding\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.ImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.ImageIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamBinding(ctx, \"binding\", \u0026compute.ImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.ImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamBinding;\nimport com.pulumi.gcp.compute.ImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ImageIamBinding(\"binding\", ImageIamBindingArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .members(\"user:jane@example.com\")\n .condition(ImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:ImageIamBinding\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.ImageIamMember(\"member\", {\n project: example.project,\n image: example.name,\n role: \"roles/compute.imageUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.ImageIamMember(\"member\",\n project=example[\"project\"],\n image=example[\"name\"],\n role=\"roles/compute.imageUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.ImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.ImageIamMember(\"member\", new()\n {\n Project = example.Project,\n Image = example.Name,\n Role = \"roles/compute.imageUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewImageIamMember(ctx, \"member\", \u0026compute.ImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tImage: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.imageUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.ImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ImageIamMember;\nimport com.pulumi.gcp.compute.ImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ImageIamMember(\"member\", ImageIamMemberArgs.builder() \n .project(example.project())\n .image(example.name())\n .role(\"roles/compute.imageUser\")\n .member(\"user:jane@example.com\")\n .condition(ImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:ImageIamMember\n properties:\n project: ${example.project}\n image: ${example.name}\n role: roles/compute.imageUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/images/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine image IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamPolicy:ImageIamPolicy editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamPolicy:ImageIamPolicy editor \"projects/{{project}}/global/images/{{image}} roles/compute.imageUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/imageIamPolicy:ImageIamPolicy editor projects/{{project}}/global/images/{{image}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -139356,7 +139530,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -139377,7 +139551,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -139403,7 +139577,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -141890,7 +142064,7 @@ } }, "gcp:compute/instanceIAMBinding:InstanceIAMBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.InstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.InstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMBinding:InstanceIAMBinding editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMBinding:InstanceIAMBinding editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMBinding:InstanceIAMBinding editor projects/{{project}}/zones/{{zone}}/instances/{{instance}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.InstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.InstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.InstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.InstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMBinding:InstanceIAMBinding editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMBinding:InstanceIAMBinding editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMBinding:InstanceIAMBinding editor projects/{{project}}/zones/{{zone}}/instances/{{instance}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/InstanceIAMBindingCondition:InstanceIAMBindingCondition", @@ -141908,11 +142082,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -141946,11 +142121,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -141990,11 +142166,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -142012,7 +142189,7 @@ } }, "gcp:compute/instanceIAMMember:InstanceIAMMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.InstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.InstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMMember:InstanceIAMMember editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMMember:InstanceIAMMember editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMMember:InstanceIAMMember editor projects/{{project}}/zones/{{zone}}/instances/{{instance}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.InstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.InstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.InstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.InstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMMember:InstanceIAMMember editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMMember:InstanceIAMMember editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMMember:InstanceIAMMember editor projects/{{project}}/zones/{{zone}}/instances/{{instance}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/InstanceIAMMemberCondition:InstanceIAMMemberCondition", @@ -142027,11 +142204,12 @@ "description": "Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -142063,11 +142241,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -142105,11 +142284,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -142127,7 +142307,7 @@ } }, "gcp:compute/instanceIAMPolicy:InstanceIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.InstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.InstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMPolicy:InstanceIAMPolicy editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMPolicy:InstanceIAMPolicy editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMPolicy:InstanceIAMPolicy editor projects/{{project}}/zones/{{zone}}/instances/{{instance}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Instance. Each of these resources serves a different use case:\n\n* `gcp.compute.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.compute.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.compute.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.InstanceIAMPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.compute.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.compute.InstanceIAMBinding` and `gcp.compute.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.compute.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.InstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.InstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.InstanceIAMPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.InstanceIAMPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.InstanceIAMPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.osLogin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewInstanceIAMPolicy(ctx, \"policy\", \u0026compute.InstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.InstanceIAMPolicy;\nimport com.pulumi.gcp.compute.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new InstanceIAMPolicy(\"policy\", InstanceIAMPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:InstanceIAMPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.InstanceIAMBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.InstanceIAMBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.InstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.InstanceIAMBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMBinding(ctx, \"binding\", \u0026compute.InstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.InstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMBinding;\nimport com.pulumi.gcp.compute.InstanceIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIAMBinding(\"binding\", InstanceIAMBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .members(\"user:jane@example.com\")\n .condition(InstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:InstanceIAMBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.InstanceIAMMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n instanceName: _default.name,\n role: \"roles/compute.osLogin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.InstanceIAMMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n instance_name=default[\"name\"],\n role=\"roles/compute.osLogin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.InstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.InstanceIAMMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n InstanceName = @default.Name,\n Role = \"roles/compute.osLogin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewInstanceIAMMember(ctx, \"member\", \u0026compute.InstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tInstanceName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.osLogin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.InstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.InstanceIAMMember;\nimport com.pulumi.gcp.compute.InstanceIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIAMMember(\"member\", InstanceIAMMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .instanceName(default_.name())\n .role(\"roles/compute.osLogin\")\n .member(\"user:jane@example.com\")\n .condition(InstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:InstanceIAMMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n instanceName: ${default.name}\n role: roles/compute.osLogin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMPolicy:InstanceIAMPolicy editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMPolicy:InstanceIAMPolicy editor \"projects/{{project}}/zones/{{zone}}/instances/{{instance}} roles/compute.osLogin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/instanceIAMPolicy:InstanceIAMPolicy editor projects/{{project}}/zones/{{zone}}/instances/{{instance}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -142143,7 +142323,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "zone": { "type": "string", @@ -142169,7 +142349,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "zone": { @@ -142200,7 +142380,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "zone": { @@ -143300,7 +143480,7 @@ } }, "gcp:compute/machineImageIamBinding:MachineImageIamBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.MachineImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.MachineImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/machineImages/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine machineimage IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamBinding:MachineImageIamBinding editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamBinding:MachineImageIamBinding editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamBinding:MachineImageIamBinding editor projects/{{project}}/global/machineImages/{{machine_image}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.MachineImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.MachineImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.MachineImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.MachineImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/machineImages/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine machineimage IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamBinding:MachineImageIamBinding editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamBinding:MachineImageIamBinding editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamBinding:MachineImageIamBinding editor projects/{{project}}/global/machineImages/{{machine_image}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/MachineImageIamBindingCondition:MachineImageIamBindingCondition", @@ -143318,11 +143498,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -143351,11 +143532,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -143390,11 +143572,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -143407,7 +143590,7 @@ } }, "gcp:compute/machineImageIamMember:MachineImageIamMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.MachineImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.MachineImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/machineImages/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine machineimage IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamMember:MachineImageIamMember editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamMember:MachineImageIamMember editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamMember:MachineImageIamMember editor projects/{{project}}/global/machineImages/{{machine_image}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.MachineImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.MachineImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.MachineImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.MachineImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/machineImages/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine machineimage IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamMember:MachineImageIamMember editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamMember:MachineImageIamMember editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamMember:MachineImageIamMember editor projects/{{project}}/global/machineImages/{{machine_image}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/MachineImageIamMemberCondition:MachineImageIamMemberCondition", @@ -143422,11 +143605,12 @@ "description": "Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -143453,11 +143637,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -143490,11 +143675,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -143507,7 +143693,7 @@ } }, "gcp:compute/machineImageIamPolicy:MachineImageIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.MachineImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.MachineImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/machineImages/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine machineimage IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamPolicy:MachineImageIamPolicy editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamPolicy:MachineImageIamPolicy editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamPolicy:MachineImageIamPolicy editor projects/{{project}}/global/machineImages/{{machine_image}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine MachineImage. Each of these resources serves a different use case:\n\n* `gcp.compute.MachineImageIamPolicy`: Authoritative. Sets the IAM policy for the machineimage and replaces any existing policy already attached.\n* `gcp.compute.MachineImageIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the machineimage are preserved.\n* `gcp.compute.MachineImageIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the machineimage are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.MachineImageIamPolicy`: Retrieves the IAM policy for the machineimage\n\n\u003e **Note:** `gcp.compute.MachineImageIamPolicy` **cannot** be used in conjunction with `gcp.compute.MachineImageIamBinding` and `gcp.compute.MachineImageIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.MachineImageIamBinding` resources **can be** used in conjunction with `gcp.compute.MachineImageIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.MachineImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.MachineImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_machine\\_image\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.MachineImageIamPolicy(\"policy\", {\n project: image.project,\n machineImage: image.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.MachineImageIamPolicy(\"policy\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.MachineImageIamPolicy(\"policy\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewMachineImageIamPolicy(ctx, \"policy\", \u0026compute.MachineImageIamPolicyArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.MachineImageIamPolicy;\nimport com.pulumi.gcp.compute.MachineImageIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new MachineImageIamPolicy(\"policy\", MachineImageIamPolicyArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:MachineImageIamPolicy\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.MachineImageIamBinding(\"binding\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.MachineImageIamBinding(\"binding\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.MachineImageIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.MachineImageIamBinding(\"binding\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamBinding(ctx, \"binding\", \u0026compute.MachineImageIamBindingArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.MachineImageIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamBinding;\nimport com.pulumi.gcp.compute.MachineImageIamBindingArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MachineImageIamBinding(\"binding\", MachineImageIamBindingArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(MachineImageIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:MachineImageIamBinding\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_machine\\_image\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.MachineImageIamMember(\"member\", {\n project: image.project,\n machineImage: image.name,\n role: \"roles/compute.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.MachineImageIamMember(\"member\",\n project=image[\"project\"],\n machine_image=image[\"name\"],\n role=\"roles/compute.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.MachineImageIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.MachineImageIamMember(\"member\", new()\n {\n Project = image.Project,\n MachineImage = image.Name,\n Role = \"roles/compute.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewMachineImageIamMember(ctx, \"member\", \u0026compute.MachineImageIamMemberArgs{\n\t\t\tProject: pulumi.Any(image.Project),\n\t\t\tMachineImage: pulumi.Any(image.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.MachineImageIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.MachineImageIamMember;\nimport com.pulumi.gcp.compute.MachineImageIamMemberArgs;\nimport com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MachineImageIamMember(\"member\", MachineImageIamMemberArgs.builder() \n .project(image.project())\n .machineImage(image.name())\n .role(\"roles/compute.admin\")\n .member(\"user:jane@example.com\")\n .condition(MachineImageIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:MachineImageIamMember\n properties:\n project: ${image.project}\n machineImage: ${image.name}\n role: roles/compute.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/machineImages/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine machineimage IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamPolicy:MachineImageIamPolicy editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamPolicy:MachineImageIamPolicy editor \"projects/{{project}}/global/machineImages/{{machine_image}} roles/compute.admin\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/machineImageIamPolicy:MachineImageIamPolicy editor projects/{{project}}/global/machineImages/{{machine_image}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -143523,7 +143709,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -143544,7 +143730,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -143570,7 +143756,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -147283,7 +147469,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -147291,7 +147478,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -147320,7 +147507,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -147329,7 +147517,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -147363,7 +147551,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -147372,7 +147561,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -147401,7 +147590,8 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -147409,7 +147599,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -147436,6 +147626,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -147445,7 +147636,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -147477,6 +147668,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -147486,7 +147678,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -147520,7 +147712,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -147546,7 +147738,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -147576,7 +147768,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -148237,7 +148429,7 @@ } }, "gcp:compute/regionDiskIamBinding:RegionDiskIamBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamBinding:RegionDiskIamBinding editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamBinding:RegionDiskIamBinding editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamBinding:RegionDiskIamBinding editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamBinding:RegionDiskIamBinding editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamBinding:RegionDiskIamBinding editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamBinding:RegionDiskIamBinding editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/RegionDiskIamBindingCondition:RegionDiskIamBindingCondition" @@ -148250,7 +148442,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -148258,7 +148451,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -148285,7 +148478,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -148294,7 +148488,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -148326,7 +148520,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -148335,7 +148530,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -148352,7 +148547,7 @@ } }, "gcp:compute/regionDiskIamMember:RegionDiskIamMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamMember:RegionDiskIamMember editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamMember:RegionDiskIamMember editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamMember:RegionDiskIamMember editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamMember:RegionDiskIamMember editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamMember:RegionDiskIamMember editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamMember:RegionDiskIamMember editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/RegionDiskIamMemberCondition:RegionDiskIamMemberCondition" @@ -148362,7 +148557,8 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -148370,7 +148566,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -148395,6 +148591,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -148404,7 +148601,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -148434,6 +148631,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -148443,7 +148641,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -148460,7 +148658,7 @@ } }, "gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Disk. Each of these resources serves a different use case:\n\n* `gcp.compute.DiskIamPolicy`: Authoritative. Sets the IAM policy for the disk and replaces any existing policy already attached.\n* `gcp.compute.DiskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the disk are preserved.\n* `gcp.compute.DiskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the disk are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.DiskIamPolicy`: Retrieves the IAM policy for the disk\n\n\u003e **Note:** `gcp.compute.DiskIamPolicy` **cannot** be used in conjunction with `gcp.compute.DiskIamBinding` and `gcp.compute.DiskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.DiskIamBinding` resources **can be** used in conjunction with `gcp.compute.DiskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_compute\\_disk\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.DiskIamPolicy(\"policy\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.DiskIamPolicy(\"policy\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.DiskIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewDiskIamPolicy(ctx, \"policy\", \u0026compute.DiskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.DiskIamPolicy;\nimport com.pulumi.gcp.compute.DiskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DiskIamPolicy(\"policy\", DiskIamPolicyArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:DiskIamPolicy\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.DiskIamBinding(\"binding\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.DiskIamBinding(\"binding\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.DiskIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamBinding(ctx, \"binding\", \u0026compute.DiskIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamBinding;\nimport com.pulumi.gcp.compute.DiskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DiskIamBinding(\"binding\", DiskIamBindingArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:DiskIamBinding\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_disk\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.DiskIamMember(\"member\", {\n project: _default.project,\n zone: _default.zone,\n name: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.DiskIamMember(\"member\",\n project=default[\"project\"],\n zone=default[\"zone\"],\n name=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.DiskIamMember(\"member\", new()\n {\n Project = @default.Project,\n Zone = @default.Zone,\n Name = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewDiskIamMember(ctx, \"member\", \u0026compute.DiskIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tZone: pulumi.Any(_default.Zone),\n\t\t\tName: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.DiskIamMember;\nimport com.pulumi.gcp.compute.DiskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DiskIamMember(\"member\", DiskIamMemberArgs.builder() \n .project(default_.project())\n .zone(default_.zone())\n .name(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:DiskIamMember\n properties:\n project: ${default.project}\n zone: ${default.zone}\n name: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/zones/{{zone}}/disks/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine disk IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy editor \"projects/{{project}}/zones/{{zone}}/disks/{{disk}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/regionDiskIamPolicy:RegionDiskIamPolicy editor projects/{{project}}/zones/{{zone}}/disks/{{disk}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -148476,7 +148674,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -148501,7 +148699,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -148530,7 +148728,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -154644,7 +154842,7 @@ } }, "gcp:compute/snapshotIamBinding:SnapshotIamBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_snapshot\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/snapshots/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine snapshot IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamBinding:SnapshotIamBinding editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamBinding:SnapshotIamBinding editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamBinding:SnapshotIamBinding editor projects/{{project}}/global/snapshots/{{snapshot}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_snapshot\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_compute\\_snapshot\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/snapshots/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine snapshot IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamBinding:SnapshotIamBinding editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamBinding:SnapshotIamBinding editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamBinding:SnapshotIamBinding editor projects/{{project}}/global/snapshots/{{snapshot}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/SnapshotIamBindingCondition:SnapshotIamBindingCondition" @@ -154657,7 +154855,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -154665,7 +154864,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -154688,7 +154887,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -154697,7 +154897,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -154725,7 +154925,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -154734,7 +154935,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -154747,7 +154948,7 @@ } }, "gcp:compute/snapshotIamMember:SnapshotIamMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_snapshot\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/snapshots/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine snapshot IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamMember:SnapshotIamMember editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamMember:SnapshotIamMember editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamMember:SnapshotIamMember editor projects/{{project}}/global/snapshots/{{snapshot}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_snapshot\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_compute\\_snapshot\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/snapshots/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine snapshot IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamMember:SnapshotIamMember editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamMember:SnapshotIamMember editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamMember:SnapshotIamMember editor projects/{{project}}/global/snapshots/{{snapshot}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/SnapshotIamMemberCondition:SnapshotIamMemberCondition" @@ -154757,7 +154958,8 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -154765,7 +154967,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -154786,6 +154988,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -154795,7 +154998,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -154821,6 +155024,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -154830,7 +155034,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -154843,7 +155047,7 @@ } }, "gcp:compute/snapshotIamPolicy:SnapshotIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_snapshot\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/snapshots/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine snapshot IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamPolicy:SnapshotIamPolicy editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamPolicy:SnapshotIamPolicy editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamPolicy:SnapshotIamPolicy editor projects/{{project}}/global/snapshots/{{snapshot}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Snapshot. Each of these resources serves a different use case:\n\n* `gcp.compute.SnapshotIamPolicy`: Authoritative. Sets the IAM policy for the snapshot and replaces any existing policy already attached.\n* `gcp.compute.SnapshotIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the snapshot are preserved.\n* `gcp.compute.SnapshotIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the snapshot are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SnapshotIamPolicy`: Retrieves the IAM policy for the snapshot\n\n\u003e **Note:** `gcp.compute.SnapshotIamPolicy` **cannot** be used in conjunction with `gcp.compute.SnapshotIamBinding` and `gcp.compute.SnapshotIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SnapshotIamBinding` resources **can be** used in conjunction with `gcp.compute.SnapshotIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_compute\\_snapshot\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_compute\\_snapshot\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SnapshotIamPolicy(\"policy\", {\n project: snapshot.project,\n name: snapshot.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SnapshotIamPolicy(\"policy\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SnapshotIamPolicy(\"policy\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSnapshotIamPolicy(ctx, \"policy\", \u0026compute.SnapshotIamPolicyArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SnapshotIamPolicy;\nimport com.pulumi.gcp.compute.SnapshotIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SnapshotIamPolicy(\"policy\", SnapshotIamPolicyArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SnapshotIamPolicy\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SnapshotIamBinding(\"binding\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SnapshotIamBinding(\"binding\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SnapshotIamBinding(\"binding\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamBinding(ctx, \"binding\", \u0026compute.SnapshotIamBindingArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamBinding;\nimport com.pulumi.gcp.compute.SnapshotIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SnapshotIamBinding(\"binding\", SnapshotIamBindingArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SnapshotIamBinding\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_snapshot\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SnapshotIamMember(\"member\", {\n project: snapshot.project,\n name: snapshot.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SnapshotIamMember(\"member\",\n project=snapshot[\"project\"],\n name=snapshot[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SnapshotIamMember(\"member\", new()\n {\n Project = snapshot.Project,\n Name = snapshot.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSnapshotIamMember(ctx, \"member\", \u0026compute.SnapshotIamMemberArgs{\n\t\t\tProject: pulumi.Any(snapshot.Project),\n\t\t\tName: pulumi.Any(snapshot.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SnapshotIamMember;\nimport com.pulumi.gcp.compute.SnapshotIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SnapshotIamMember(\"member\", SnapshotIamMemberArgs.builder() \n .project(snapshot.project())\n .name(snapshot.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SnapshotIamMember\n properties:\n project: ${snapshot.project}\n name: ${snapshot.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/global/snapshots/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine snapshot IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamPolicy:SnapshotIamPolicy editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamPolicy:SnapshotIamPolicy editor \"projects/{{project}}/global/snapshots/{{snapshot}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/snapshotIamPolicy:SnapshotIamPolicy editor projects/{{project}}/global/snapshots/{{snapshot}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -154859,7 +155063,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -154880,7 +155084,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -154905,7 +155109,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -155215,7 +155419,7 @@ } }, "gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_subnetwork\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.SubnetworkIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.SubnetworkIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/subnetworks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine subnetwork IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding editor projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_subnetwork\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.SubnetworkIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.SubnetworkIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_subnetwork\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.SubnetworkIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.SubnetworkIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/subnetworks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine subnetwork IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMBinding:SubnetworkIAMBinding editor projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/SubnetworkIAMBindingCondition:SubnetworkIAMBindingCondition", @@ -155229,11 +155433,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -155266,11 +155471,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -155310,11 +155516,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -155337,7 +155544,7 @@ } }, "gcp:compute/subnetworkIAMMember:SubnetworkIAMMember": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_subnetwork\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.SubnetworkIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.SubnetworkIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/subnetworks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine subnetwork IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMMember:SubnetworkIAMMember editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMMember:SubnetworkIAMMember editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMMember:SubnetworkIAMMember editor projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_subnetwork\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.SubnetworkIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.SubnetworkIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_subnetwork\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.SubnetworkIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.SubnetworkIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/subnetworks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine subnetwork IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMMember:SubnetworkIAMMember editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMMember:SubnetworkIAMMember editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMMember:SubnetworkIAMMember editor projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:compute/SubnetworkIAMMemberCondition:SubnetworkIAMMemberCondition", @@ -155348,11 +155555,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -155383,11 +155591,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -155425,11 +155634,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -155452,7 +155662,7 @@ } }, "gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_subnetwork\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.SubnetworkIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.SubnetworkIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/subnetworks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine subnetwork IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy editor projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Compute Engine Subnetwork. Each of these resources serves a different use case:\n\n* `gcp.compute.SubnetworkIAMPolicy`: Authoritative. Sets the IAM policy for the subnetwork and replaces any existing policy already attached.\n* `gcp.compute.SubnetworkIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subnetwork are preserved.\n* `gcp.compute.SubnetworkIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subnetwork are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.compute.SubnetworkIAMPolicy`: Retrieves the IAM policy for the subnetwork\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMPolicy` **cannot** be used in conjunction with `gcp.compute.SubnetworkIAMBinding` and `gcp.compute.SubnetworkIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.compute.SubnetworkIAMBinding` resources **can be** used in conjunction with `gcp.compute.SubnetworkIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_compute\\_subnetwork\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.SubnetworkIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.SubnetworkIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_compute\\_subnetwork\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.compute.SubnetworkIAMPolicy(\"policy\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.compute.SubnetworkIAMPolicy(\"policy\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Compute.SubnetworkIAMPolicy(\"policy\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.networkUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = compute.NewSubnetworkIAMPolicy(ctx, \"policy\", \u0026compute.SubnetworkIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicy;\nimport com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new SubnetworkIAMPolicy(\"policy\", SubnetworkIAMPolicyArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:compute:SubnetworkIAMPolicy\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.compute.SubnetworkIAMBinding(\"binding\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.compute.SubnetworkIAMBinding(\"binding\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.compute.SubnetworkIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Compute.SubnetworkIAMBinding(\"binding\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMBinding(ctx, \"binding\", \u0026compute.SubnetworkIAMBindingArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026compute.SubnetworkIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMBinding;\nimport com.pulumi.gcp.compute.SubnetworkIAMBindingArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SubnetworkIAMBinding(\"binding\", SubnetworkIAMBindingArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(SubnetworkIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:compute:SubnetworkIAMBinding\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_compute\\_subnetwork\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.compute.SubnetworkIAMMember(\"member\", {\n project: network_with_private_secondary_ip_ranges.project,\n region: network_with_private_secondary_ip_ranges.region,\n subnetwork: network_with_private_secondary_ip_ranges.name,\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.compute.SubnetworkIAMMember(\"member\",\n project=network_with_private_secondary_ip_ranges[\"project\"],\n region=network_with_private_secondary_ip_ranges[\"region\"],\n subnetwork=network_with_private_secondary_ip_ranges[\"name\"],\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.compute.SubnetworkIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Compute.SubnetworkIAMMember(\"member\", new()\n {\n Project = network_with_private_secondary_ip_ranges.Project,\n Region = network_with_private_secondary_ip_ranges.Region,\n Subnetwork = network_with_private_secondary_ip_ranges.Name,\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := compute.NewSubnetworkIAMMember(ctx, \"member\", \u0026compute.SubnetworkIAMMemberArgs{\n\t\t\tProject: pulumi.Any(network_with_private_secondary_ip_ranges.Project),\n\t\t\tRegion: pulumi.Any(network_with_private_secondary_ip_ranges.Region),\n\t\t\tSubnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026compute.SubnetworkIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.SubnetworkIAMMember;\nimport com.pulumi.gcp.compute.SubnetworkIAMMemberArgs;\nimport com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SubnetworkIAMMember(\"member\", SubnetworkIAMMemberArgs.builder() \n .project(network_with_private_secondary_ip_ranges.project())\n .region(network_with_private_secondary_ip_ranges.region())\n .subnetwork(network_with_private_secondary_ip_ranges.name())\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(SubnetworkIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:compute:SubnetworkIAMMember\n properties:\n project: ${[\"network-with-private-secondary-ip-ranges\"].project}\n region: ${[\"network-with-private-secondary-ip-ranges\"].region}\n subnetwork: ${[\"network-with-private-secondary-ip-ranges\"].name}\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/regions/{{region}}/subnetworks/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCompute Engine subnetwork IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy editor \"projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}} roles/compute.networkUser\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:compute/subnetworkIAMPolicy:SubnetworkIAMPolicy editor projects/{{project}}/regions/{{region}}/subnetworks/{{subnetwork}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -155464,7 +155674,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -155489,7 +155699,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -155520,7 +155730,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -160465,7 +160675,7 @@ } }, "gcp:containeranalysis/noteIamBinding:NoteIamBinding": { - "description": "Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_container\\_analysis\\_note\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder() \n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/notes/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nContainer Registry note IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor projects/{{project}}/notes/{{note}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_container\\_analysis\\_note\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder() \n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_container\\_analysis\\_note\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder() \n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/notes/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nContainer Registry note IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor projects/{{project}}/notes/{{note}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:containeranalysis/NoteIamBindingCondition:NoteIamBindingCondition" @@ -160478,7 +160688,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "note": { "type": "string", @@ -160486,7 +160697,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -160509,7 +160720,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "note": { "type": "string", @@ -160518,7 +160730,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -160547,7 +160759,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "note": { "type": "string", @@ -160556,7 +160769,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -160569,7 +160782,7 @@ } }, "gcp:containeranalysis/noteIamMember:NoteIamMember": { - "description": "Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_container\\_analysis\\_note\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder() \n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/notes/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nContainer Registry note IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor projects/{{project}}/notes/{{note}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_container\\_analysis\\_note\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder() \n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_container\\_analysis\\_note\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder() \n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/notes/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nContainer Registry note IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor projects/{{project}}/notes/{{note}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:containeranalysis/NoteIamMemberCondition:NoteIamMemberCondition" @@ -160579,7 +160792,8 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "note": { "type": "string", @@ -160587,7 +160801,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -160608,6 +160822,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "note": { @@ -160617,7 +160832,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -160644,6 +160859,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "note": { @@ -160653,7 +160869,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -160666,7 +160882,7 @@ } }, "gcp:containeranalysis/noteIamPolicy:NoteIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_container\\_analysis\\_note\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder() \n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/notes/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nContainer Registry note IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor projects/{{project}}/notes/{{note}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:\n\n* `gcp.containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached.\n* `gcp.containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved.\n* `gcp.containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `gcp.containeranalysis.NoteIamBinding` and `gcp.containeranalysis.NoteIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `gcp.containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_container\\_analysis\\_note\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder() \n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_container\\_analysis\\_note\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.containeranalysis.NoteIamPolicy(\"policy\", {\n project: note.project,\n note: note.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.containeranalysis.NoteIamPolicy(\"policy\",\n project=note[\"project\"],\n note=note[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ContainerAnalysis.NoteIamPolicy(\"policy\", new()\n {\n Project = note.Project,\n Note = note.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/containeranalysis.notes.occurrences.viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = containeranalysis.NewNoteIamPolicy(ctx, \"policy\", \u0026containeranalysis.NoteIamPolicyArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicy;\nimport com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NoteIamPolicy(\"policy\", NoteIamPolicyArgs.builder() \n .project(note.project())\n .note(note.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:containeranalysis:NoteIamPolicy\n properties:\n project: ${note.project}\n note: ${note.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.containeranalysis.NoteIamBinding(\"binding\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.containeranalysis.NoteIamBinding(\"binding\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ContainerAnalysis.NoteIamBinding(\"binding\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamBinding(ctx, \"binding\", \u0026containeranalysis.NoteIamBindingArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamBinding;\nimport com.pulumi.gcp.containeranalysis.NoteIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NoteIamBinding(\"binding\", NoteIamBindingArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:containeranalysis:NoteIamBinding\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_container\\_analysis\\_note\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.containeranalysis.NoteIamMember(\"member\", {\n project: note.project,\n note: note.name,\n role: \"roles/containeranalysis.notes.occurrences.viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.containeranalysis.NoteIamMember(\"member\",\n project=note[\"project\"],\n note=note[\"name\"],\n role=\"roles/containeranalysis.notes.occurrences.viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ContainerAnalysis.NoteIamMember(\"member\", new()\n {\n Project = note.Project,\n Note = note.Name,\n Role = \"roles/containeranalysis.notes.occurrences.viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := containeranalysis.NewNoteIamMember(ctx, \"member\", \u0026containeranalysis.NoteIamMemberArgs{\n\t\t\tProject: pulumi.Any(note.Project),\n\t\t\tNote: pulumi.Any(note.Name),\n\t\t\tRole: pulumi.String(\"roles/containeranalysis.notes.occurrences.viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.containeranalysis.NoteIamMember;\nimport com.pulumi.gcp.containeranalysis.NoteIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NoteIamMember(\"member\", NoteIamMemberArgs.builder() \n .project(note.project())\n .note(note.name())\n .role(\"roles/containeranalysis.notes.occurrences.viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:containeranalysis:NoteIamMember\n properties:\n project: ${note.project}\n note: ${note.name}\n role: roles/containeranalysis.notes.occurrences.viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/notes/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nContainer Registry note IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor \"projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor projects/{{project}}/notes/{{note}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -160682,7 +160898,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -160703,7 +160919,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -160729,7 +160945,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -161579,7 +161795,7 @@ } }, "gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding": { - "description": "Three different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n\n* {{project}}/{{region}}/{{entry_group}}\n\n* {{region}}/{{entry_group}}\n\n* {{entry_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding editor projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n\n* {{project}}/{{region}}/{{entry_group}}\n\n* {{region}}/{{entry_group}}\n\n* {{entry_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamBinding:EntryGroupIamBinding editor projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/EntryGroupIamBindingCondition:EntryGroupIamBindingCondition" @@ -161596,11 +161812,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -161632,11 +161849,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -161674,11 +161892,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -161695,7 +161914,7 @@ } }, "gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember": { - "description": "Three different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n\n* {{project}}/{{region}}/{{entry_group}}\n\n* {{region}}/{{entry_group}}\n\n* {{entry_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember editor projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n\n* {{project}}/{{region}}/{{entry_group}}\n\n* {{region}}/{{entry_group}}\n\n* {{entry_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamMember:EntryGroupIamMember editor projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/EntryGroupIamMemberCondition:EntryGroupIamMemberCondition" @@ -161709,11 +161928,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -161743,11 +161963,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -161783,11 +162004,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -161804,7 +162026,7 @@ } }, "gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n\n* {{project}}/{{region}}/{{entry_group}}\n\n* {{region}}/{{entry_group}}\n\n* {{entry_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy editor projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog EntryGroup. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Authoritative. Sets the IAM policy for the entrygroup and replaces any existing policy already attached.\n* `gcp.datacatalog.EntryGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the entrygroup are preserved.\n* `gcp.datacatalog.EntryGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the entrygroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.EntryGroupIamPolicy`: Retrieves the IAM policy for the entrygroup\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.EntryGroupIamBinding` and `gcp.datacatalog.EntryGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.EntryGroupIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.EntryGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.EntryGroupIamPolicy(\"policy\", {\n entryGroup: basicEntryGroup.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.EntryGroupIamPolicy(\"policy\",\n entry_group=basic_entry_group[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.EntryGroupIamPolicy(\"policy\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewEntryGroupIamPolicy(ctx, \"policy\", \u0026datacatalog.EntryGroupIamPolicyArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicy;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new EntryGroupIamPolicy(\"policy\", EntryGroupIamPolicyArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:EntryGroupIamPolicy\n properties:\n entryGroup: ${basicEntryGroup.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.EntryGroupIamBinding(\"binding\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.EntryGroupIamBinding(\"binding\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.EntryGroupIamBinding(\"binding\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamBinding(ctx, \"binding\", \u0026datacatalog.EntryGroupIamBindingArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBinding;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new EntryGroupIamBinding(\"binding\", EntryGroupIamBindingArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:EntryGroupIamBinding\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.EntryGroupIamMember(\"member\", {\n entryGroup: basicEntryGroup.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.EntryGroupIamMember(\"member\",\n entry_group=basic_entry_group[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.EntryGroupIamMember(\"member\", new()\n {\n EntryGroup = basicEntryGroup.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewEntryGroupIamMember(ctx, \"member\", \u0026datacatalog.EntryGroupIamMemberArgs{\n\t\t\tEntryGroup: pulumi.Any(basicEntryGroup.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMember;\nimport com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new EntryGroupIamMember(\"member\", EntryGroupIamMemberArgs.builder() \n .entryGroup(basicEntryGroup.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:EntryGroupIamMember\n properties:\n entryGroup: ${basicEntryGroup.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n\n* {{project}}/{{region}}/{{entry_group}}\n\n* {{region}}/{{entry_group}}\n\n* {{entry_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog entrygroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy editor \"projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/entryGroupIamPolicy:EntryGroupIamPolicy editor projects/{{project}}/locations/{{region}}/entryGroups/{{entry_group}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "entryGroup": { "type": "string", @@ -161820,7 +162042,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -161845,7 +162067,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -161875,7 +162097,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -161982,7 +162204,7 @@ } }, "gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding": { - "description": "Three different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder() \n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{policy_tag}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog policytag IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding editor \"{{policy_tag}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding editor \"{{policy_tag}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding editor {{policy_tag}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder() \n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder() \n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{policy_tag}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog policytag IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding editor \"{{policy_tag}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding editor \"{{policy_tag}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamBinding:PolicyTagIamBinding editor {{policy_tag}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/PolicyTagIamBindingCondition:PolicyTagIamBindingCondition" @@ -161995,11 +162217,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "policyTag": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "role": { "type": "string", @@ -162021,11 +162244,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "policyTag": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -162054,11 +162278,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "policyTag": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -162071,7 +162296,7 @@ } }, "gcp:datacatalog/policyTagIamMember:PolicyTagIamMember": { - "description": "Three different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder() \n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{policy_tag}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog policytag IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamMember:PolicyTagIamMember editor \"{{policy_tag}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamMember:PolicyTagIamMember editor \"{{policy_tag}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamMember:PolicyTagIamMember editor {{policy_tag}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder() \n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder() \n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{policy_tag}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog policytag IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamMember:PolicyTagIamMember editor \"{{policy_tag}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamMember:PolicyTagIamMember editor \"{{policy_tag}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamMember:PolicyTagIamMember editor {{policy_tag}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/PolicyTagIamMemberCondition:PolicyTagIamMemberCondition" @@ -162081,11 +162306,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "policyTag": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "role": { "type": "string", @@ -162105,11 +162331,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "policyTag": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -162136,11 +162363,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "policyTag": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -162153,7 +162381,7 @@ } }, "gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder() \n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{policy_tag}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog policytag IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy editor \"{{policy_tag}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy editor \"{{policy_tag}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy editor {{policy_tag}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog PolicyTag. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Authoritative. Sets the IAM policy for the policytag and replaces any existing policy already attached.\n* `gcp.datacatalog.PolicyTagIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the policytag are preserved.\n* `gcp.datacatalog.PolicyTagIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the policytag are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.PolicyTagIamPolicy`: Retrieves the IAM policy for the policytag\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.PolicyTagIamBinding` and `gcp.datacatalog.PolicyTagIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.PolicyTagIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.PolicyTagIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder() \n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.PolicyTagIamPolicy(\"policy\", {\n policyTag: basicPolicyTag.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.PolicyTagIamPolicy(\"policy\",\n policy_tag=basic_policy_tag[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.PolicyTagIamPolicy(\"policy\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewPolicyTagIamPolicy(ctx, \"policy\", \u0026datacatalog.PolicyTagIamPolicyArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicy;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new PolicyTagIamPolicy(\"policy\", PolicyTagIamPolicyArgs.builder() \n .policyTag(basicPolicyTag.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:PolicyTagIamPolicy\n properties:\n policyTag: ${basicPolicyTag.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.PolicyTagIamBinding(\"binding\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.PolicyTagIamBinding(\"binding\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.PolicyTagIamBinding(\"binding\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamBinding(ctx, \"binding\", \u0026datacatalog.PolicyTagIamBindingArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBinding;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new PolicyTagIamBinding(\"binding\", PolicyTagIamBindingArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:PolicyTagIamBinding\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.PolicyTagIamMember(\"member\", {\n policyTag: basicPolicyTag.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.PolicyTagIamMember(\"member\",\n policy_tag=basic_policy_tag[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.PolicyTagIamMember(\"member\", new()\n {\n PolicyTag = basicPolicyTag.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewPolicyTagIamMember(ctx, \"member\", \u0026datacatalog.PolicyTagIamMemberArgs{\n\t\t\tPolicyTag: pulumi.Any(basicPolicyTag.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMember;\nimport com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new PolicyTagIamMember(\"member\", PolicyTagIamMemberArgs.builder() \n .policyTag(basicPolicyTag.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:PolicyTagIamMember\n properties:\n policyTag: ${basicPolicyTag.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{policy_tag}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog policytag IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy editor \"{{policy_tag}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy editor \"{{policy_tag}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/policyTagIamPolicy:PolicyTagIamPolicy editor {{policy_tag}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -162165,7 +162393,7 @@ }, "policyTag": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" } }, "required": [ @@ -162180,7 +162408,7 @@ }, "policyTag": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -162201,7 +162429,7 @@ }, "policyTag": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -162428,7 +162656,7 @@ } }, "gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding": { - "description": "Three different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n\n* {{project}}/{{region}}/{{tag_template}}\n\n* {{region}}/{{tag_template}}\n\n* {{tag_template}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog tagtemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding editor projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n\n* {{project}}/{{region}}/{{tag_template}}\n\n* {{region}}/{{tag_template}}\n\n* {{tag_template}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog tagtemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamBinding:TagTemplateIamBinding editor projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/TagTemplateIamBindingCondition:TagTemplateIamBindingCondition" @@ -162441,11 +162669,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -162476,11 +162705,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -162518,11 +162748,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -162544,7 +162775,7 @@ } }, "gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember": { - "description": "Three different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n\n* {{project}}/{{region}}/{{tag_template}}\n\n* {{region}}/{{tag_template}}\n\n* {{tag_template}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog tagtemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember editor projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n\n* {{project}}/{{region}}/{{tag_template}}\n\n* {{region}}/{{tag_template}}\n\n* {{tag_template}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog tagtemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamMember:TagTemplateIamMember editor projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/TagTemplateIamMemberCondition:TagTemplateIamMemberCondition" @@ -162554,11 +162785,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -162587,11 +162819,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -162627,11 +162860,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -162653,7 +162887,7 @@ } }, "gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n\n* {{project}}/{{region}}/{{tag_template}}\n\n* {{region}}/{{tag_template}}\n\n* {{tag_template}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog tagtemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy editor projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog TagTemplate. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Authoritative. Sets the IAM policy for the tagtemplate and replaces any existing policy already attached.\n* `gcp.datacatalog.TagTemplateIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagtemplate are preserved.\n* `gcp.datacatalog.TagTemplateIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagtemplate are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TagTemplateIamPolicy`: Retrieves the IAM policy for the tagtemplate\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TagTemplateIamBinding` and `gcp.datacatalog.TagTemplateIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TagTemplateIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TagTemplateIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TagTemplateIamPolicy(\"policy\", {\n tagTemplate: basicTagTemplate.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TagTemplateIamPolicy(\"policy\",\n tag_template=basic_tag_template[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TagTemplateIamPolicy(\"policy\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTagTemplateIamPolicy(ctx, \"policy\", \u0026datacatalog.TagTemplateIamPolicyArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicy;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagTemplateIamPolicy(\"policy\", TagTemplateIamPolicyArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TagTemplateIamPolicy\n properties:\n tagTemplate: ${basicTagTemplate.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TagTemplateIamBinding(\"binding\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TagTemplateIamBinding(\"binding\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TagTemplateIamBinding(\"binding\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamBinding(ctx, \"binding\", \u0026datacatalog.TagTemplateIamBindingArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBinding;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagTemplateIamBinding(\"binding\", TagTemplateIamBindingArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TagTemplateIamBinding\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TagTemplateIamMember(\"member\", {\n tagTemplate: basicTagTemplate.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TagTemplateIamMember(\"member\",\n tag_template=basic_tag_template[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TagTemplateIamMember(\"member\", new()\n {\n TagTemplate = basicTagTemplate.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTagTemplateIamMember(ctx, \"member\", \u0026datacatalog.TagTemplateIamMemberArgs{\n\t\t\tTagTemplate: pulumi.Any(basicTagTemplate.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMember;\nimport com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagTemplateIamMember(\"member\", TagTemplateIamMemberArgs.builder() \n .tagTemplate(basicTagTemplate.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TagTemplateIamMember\n properties:\n tagTemplate: ${basicTagTemplate.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n\n* {{project}}/{{region}}/{{tag_template}}\n\n* {{region}}/{{tag_template}}\n\n* {{tag_template}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog tagtemplate IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy editor \"projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/tagTemplateIamPolicy:TagTemplateIamPolicy editor projects/{{project}}/locations/{{region}}/tagTemplates/{{tag_template}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -162665,7 +162899,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -162689,7 +162923,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -162719,7 +162953,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -162839,7 +163073,7 @@ } }, "gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding": { - "description": "Three different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n\n* {{project}}/{{region}}/{{taxonomy}}\n\n* {{region}}/{{taxonomy}}\n\n* {{taxonomy}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog taxonomy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding editor projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n\n* {{project}}/{{region}}/{{taxonomy}}\n\n* {{region}}/{{taxonomy}}\n\n* {{taxonomy}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog taxonomy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamBinding:TaxonomyIamBinding editor projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/TaxonomyIamBindingCondition:TaxonomyIamBindingCondition" @@ -162852,11 +163086,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -162887,11 +163122,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -162929,11 +163165,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -162955,7 +163192,7 @@ } }, "gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember": { - "description": "Three different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n\n* {{project}}/{{region}}/{{taxonomy}}\n\n* {{region}}/{{taxonomy}}\n\n* {{taxonomy}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog taxonomy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember editor projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n\n* {{project}}/{{region}}/{{taxonomy}}\n\n* {{region}}/{{taxonomy}}\n\n* {{taxonomy}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog taxonomy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamMember:TaxonomyIamMember editor projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:datacatalog/TaxonomyIamMemberCondition:TaxonomyIamMemberCondition" @@ -162965,11 +163202,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -162998,11 +163236,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -163038,11 +163277,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -163064,7 +163304,7 @@ } }, "gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n\n* {{project}}/{{region}}/{{taxonomy}}\n\n* {{region}}/{{taxonomy}}\n\n* {{taxonomy}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog taxonomy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy editor projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Data catalog Taxonomy. Each of these resources serves a different use case:\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Authoritative. Sets the IAM policy for the taxonomy and replaces any existing policy already attached.\n* `gcp.datacatalog.TaxonomyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the taxonomy are preserved.\n* `gcp.datacatalog.TaxonomyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the taxonomy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.datacatalog.TaxonomyIamPolicy`: Retrieves the IAM policy for the taxonomy\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamPolicy` **cannot** be used in conjunction with `gcp.datacatalog.TaxonomyIamBinding` and `gcp.datacatalog.TaxonomyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.datacatalog.TaxonomyIamBinding` resources **can be** used in conjunction with `gcp.datacatalog.TaxonomyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.datacatalog.TaxonomyIamPolicy(\"policy\", {\n taxonomy: basicTaxonomy.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.datacatalog.TaxonomyIamPolicy(\"policy\",\n taxonomy=basic_taxonomy[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataCatalog.TaxonomyIamPolicy(\"policy\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = datacatalog.NewTaxonomyIamPolicy(ctx, \"policy\", \u0026datacatalog.TaxonomyIamPolicyArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicy;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaxonomyIamPolicy(\"policy\", TaxonomyIamPolicyArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:datacatalog:TaxonomyIamPolicy\n properties:\n taxonomy: ${basicTaxonomy.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.datacatalog.TaxonomyIamBinding(\"binding\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.datacatalog.TaxonomyIamBinding(\"binding\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataCatalog.TaxonomyIamBinding(\"binding\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamBinding(ctx, \"binding\", \u0026datacatalog.TaxonomyIamBindingArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBinding;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaxonomyIamBinding(\"binding\", TaxonomyIamBindingArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:datacatalog:TaxonomyIamBinding\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_data\\_catalog\\_taxonomy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.datacatalog.TaxonomyIamMember(\"member\", {\n taxonomy: basicTaxonomy.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.datacatalog.TaxonomyIamMember(\"member\",\n taxonomy=basic_taxonomy[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataCatalog.TaxonomyIamMember(\"member\", new()\n {\n Taxonomy = basicTaxonomy.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := datacatalog.NewTaxonomyIamMember(ctx, \"member\", \u0026datacatalog.TaxonomyIamMemberArgs{\n\t\t\tTaxonomy: pulumi.Any(basicTaxonomy.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMember;\nimport com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaxonomyIamMember(\"member\", TaxonomyIamMemberArgs.builder() \n .taxonomy(basicTaxonomy.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:datacatalog:TaxonomyIamMember\n properties:\n taxonomy: ${basicTaxonomy.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n\n* {{project}}/{{region}}/{{taxonomy}}\n\n* {{region}}/{{taxonomy}}\n\n* {{taxonomy}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nData catalog taxonomy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy editor \"projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:datacatalog/taxonomyIamPolicy:TaxonomyIamPolicy editor projects/{{project}}/locations/{{region}}/taxonomies/{{taxonomy}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -163076,7 +163316,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -163100,7 +163340,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -163130,7 +163370,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -166055,7 +166295,7 @@ } }, "gcp:dataplex/assetIamBinding:AssetIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_asset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex asset IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamBinding:AssetIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamBinding:AssetIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamBinding:AssetIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_asset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_asset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex asset IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamBinding:AssetIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamBinding:AssetIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamBinding:AssetIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "asset": { "type": "string", @@ -166081,11 +166321,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -166128,11 +166369,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -166180,11 +166422,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -166197,7 +166440,7 @@ } }, "gcp:dataplex/assetIamMember:AssetIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_asset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex asset IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamMember:AssetIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamMember:AssetIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamMember:AssetIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_asset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_asset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex asset IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamMember:AssetIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamMember:AssetIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamMember:AssetIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "asset": { "type": "string", @@ -166220,11 +166463,12 @@ "type": "string" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -166265,11 +166509,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -166315,11 +166560,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -166332,7 +166578,7 @@ } }, "gcp:dataplex/assetIamPolicy:AssetIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_asset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex asset IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamPolicy:AssetIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamPolicy:AssetIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamPolicy:AssetIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Asset. Each of these resources serves a different use case:\n\n* `gcp.dataplex.AssetIamPolicy`: Authoritative. Sets the IAM policy for the asset and replaces any existing policy already attached.\n* `gcp.dataplex.AssetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the asset are preserved.\n* `gcp.dataplex.AssetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the asset are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.AssetIamPolicy`: Retrieves the IAM policy for the asset\n\n\u003e **Note:** `gcp.dataplex.AssetIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.AssetIamBinding` and `gcp.dataplex.AssetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.AssetIamBinding` resources **can be** used in conjunction with `gcp.dataplex.AssetIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_asset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_asset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.AssetIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.AssetIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.AssetIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewAssetIamPolicy(ctx, \"policy\", \u0026dataplex.AssetIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.AssetIamPolicy;\nimport com.pulumi.gcp.dataplex.AssetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AssetIamPolicy(\"policy\", AssetIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:AssetIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.AssetIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.AssetIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.AssetIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamBinding(ctx, \"binding\", \u0026dataplex.AssetIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamBinding;\nimport com.pulumi.gcp.dataplex.AssetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AssetIamBinding(\"binding\", AssetIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:AssetIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_asset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.AssetIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.dataplexZone,\n asset: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.AssetIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"dataplexZone\"],\n asset=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.AssetIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.DataplexZone,\n Asset = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewAssetIamMember(ctx, \"member\", \u0026dataplex.AssetIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.DataplexZone),\n\t\t\tAsset: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.AssetIamMember;\nimport com.pulumi.gcp.dataplex.AssetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AssetIamMember(\"member\", AssetIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.dataplexZone())\n .asset(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:AssetIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.dataplexZone}\n asset: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{location}}/{{lake}}/{{dataplex_zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex asset IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamPolicy:AssetIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamPolicy:AssetIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/assetIamPolicy:AssetIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{dataplex_zone}}/assets/{{asset}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "asset": { "type": "string", @@ -166357,7 +166603,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -166393,7 +166639,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -166433,7 +166679,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -166707,7 +166953,7 @@ } }, "gcp:dataplex/datascanIamBinding:DatascanIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_datascan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n\n* {{project}}/{{location}}/{{data_scan_id}}\n\n* {{location}}/{{data_scan_id}}\n\n* {{data_scan_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex datascan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamBinding:DatascanIamBinding editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamBinding:DatascanIamBinding editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamBinding:DatascanIamBinding editor projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_datascan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_datascan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n\n* {{project}}/{{location}}/{{data_scan_id}}\n\n* {{location}}/{{data_scan_id}}\n\n* {{data_scan_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex datascan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamBinding:DatascanIamBinding editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamBinding:DatascanIamBinding editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamBinding:DatascanIamBinding editor projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/DatascanIamBindingCondition:DatascanIamBindingCondition" @@ -166727,11 +166973,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -166764,11 +167011,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -166806,11 +167054,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -166823,7 +167072,7 @@ } }, "gcp:dataplex/datascanIamMember:DatascanIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_datascan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n\n* {{project}}/{{location}}/{{data_scan_id}}\n\n* {{location}}/{{data_scan_id}}\n\n* {{data_scan_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex datascan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamMember:DatascanIamMember editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamMember:DatascanIamMember editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamMember:DatascanIamMember editor projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_datascan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_datascan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n\n* {{project}}/{{location}}/{{data_scan_id}}\n\n* {{location}}/{{data_scan_id}}\n\n* {{data_scan_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex datascan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamMember:DatascanIamMember editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamMember:DatascanIamMember editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamMember:DatascanIamMember editor projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/DatascanIamMemberCondition:DatascanIamMemberCondition" @@ -166840,11 +167089,12 @@ "description": "The location where the data scan should reside.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -166875,11 +167125,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -166915,11 +167166,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -166932,7 +167184,7 @@ } }, "gcp:dataplex/datascanIamPolicy:DatascanIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_datascan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n\n* {{project}}/{{location}}/{{data_scan_id}}\n\n* {{location}}/{{data_scan_id}}\n\n* {{data_scan_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex datascan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamPolicy:DatascanIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamPolicy:DatascanIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamPolicy:DatascanIamPolicy editor projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Datascan. Each of these resources serves a different use case:\n\n* `gcp.dataplex.DatascanIamPolicy`: Authoritative. Sets the IAM policy for the datascan and replaces any existing policy already attached.\n* `gcp.dataplex.DatascanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the datascan are preserved.\n* `gcp.dataplex.DatascanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the datascan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.DatascanIamPolicy`: Retrieves the IAM policy for the datascan\n\n\u003e **Note:** `gcp.dataplex.DatascanIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.DatascanIamBinding` and `gcp.dataplex.DatascanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.DatascanIamBinding` resources **can be** used in conjunction with `gcp.dataplex.DatascanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_datascan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_datascan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.DatascanIamPolicy(\"policy\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.DatascanIamPolicy(\"policy\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.DatascanIamPolicy(\"policy\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewDatascanIamPolicy(ctx, \"policy\", \u0026dataplex.DatascanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicy;\nimport com.pulumi.gcp.dataplex.DatascanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DatascanIamPolicy(\"policy\", DatascanIamPolicyArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:DatascanIamPolicy\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.DatascanIamBinding(\"binding\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.DatascanIamBinding(\"binding\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.DatascanIamBinding(\"binding\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamBinding(ctx, \"binding\", \u0026dataplex.DatascanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamBinding;\nimport com.pulumi.gcp.dataplex.DatascanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DatascanIamBinding(\"binding\", DatascanIamBindingArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:DatascanIamBinding\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_datascan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.DatascanIamMember(\"member\", {\n project: basicProfile.project,\n location: basicProfile.location,\n dataScanId: basicProfile.dataScanId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.DatascanIamMember(\"member\",\n project=basic_profile[\"project\"],\n location=basic_profile[\"location\"],\n data_scan_id=basic_profile[\"dataScanId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.DatascanIamMember(\"member\", new()\n {\n Project = basicProfile.Project,\n Location = basicProfile.Location,\n DataScanId = basicProfile.DataScanId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewDatascanIamMember(ctx, \"member\", \u0026dataplex.DatascanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basicProfile.Project),\n\t\t\tLocation: pulumi.Any(basicProfile.Location),\n\t\t\tDataScanId: pulumi.Any(basicProfile.DataScanId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.DatascanIamMember;\nimport com.pulumi.gcp.dataplex.DatascanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DatascanIamMember(\"member\", DatascanIamMemberArgs.builder() \n .project(basicProfile.project())\n .location(basicProfile.location())\n .dataScanId(basicProfile.dataScanId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:DatascanIamMember\n properties:\n project: ${basicProfile.project}\n location: ${basicProfile.location}\n dataScanId: ${basicProfile.dataScanId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n\n* {{project}}/{{location}}/{{data_scan_id}}\n\n* {{location}}/{{data_scan_id}}\n\n* {{data_scan_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex datascan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamPolicy:DatascanIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamPolicy:DatascanIamPolicy editor \"projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/datascanIamPolicy:DatascanIamPolicy editor projects/{{project}}/locations/{{location}}/dataScans/{{data_scan_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "dataScanId": { "type": "string" @@ -166951,7 +167203,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -166977,7 +167229,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -167007,7 +167259,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -167242,7 +167494,7 @@ } }, "gcp:dataplex/lakeIamBinding:LakeIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_lake\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex lake IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamBinding:LakeIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamBinding:LakeIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamBinding:LakeIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_lake\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_lake\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex lake IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamBinding:LakeIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamBinding:LakeIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamBinding:LakeIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/LakeIamBindingCondition:LakeIamBindingCondition" @@ -167262,11 +167514,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -167299,11 +167552,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -167341,11 +167595,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -167358,7 +167613,7 @@ } }, "gcp:dataplex/lakeIamMember:LakeIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_lake\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex lake IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamMember:LakeIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamMember:LakeIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamMember:LakeIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_lake\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_lake\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex lake IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamMember:LakeIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamMember:LakeIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamMember:LakeIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/LakeIamMemberCondition:LakeIamMemberCondition" @@ -167375,11 +167630,12 @@ "type": "string" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -167410,11 +167666,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -167450,11 +167707,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -167467,7 +167725,7 @@ } }, "gcp:dataplex/lakeIamPolicy:LakeIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_lake\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex lake IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamPolicy:LakeIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamPolicy:LakeIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamPolicy:LakeIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Lake. Each of these resources serves a different use case:\n\n* `gcp.dataplex.LakeIamPolicy`: Authoritative. Sets the IAM policy for the lake and replaces any existing policy already attached.\n* `gcp.dataplex.LakeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the lake are preserved.\n* `gcp.dataplex.LakeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the lake are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.LakeIamPolicy`: Retrieves the IAM policy for the lake\n\n\u003e **Note:** `gcp.dataplex.LakeIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.LakeIamBinding` and `gcp.dataplex.LakeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.LakeIamBinding` resources **can be** used in conjunction with `gcp.dataplex.LakeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_lake\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_lake\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.LakeIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.LakeIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.LakeIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewLakeIamPolicy(ctx, \"policy\", \u0026dataplex.LakeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.LakeIamPolicy;\nimport com.pulumi.gcp.dataplex.LakeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new LakeIamPolicy(\"policy\", LakeIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:LakeIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.LakeIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.LakeIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.LakeIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamBinding(ctx, \"binding\", \u0026dataplex.LakeIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamBinding;\nimport com.pulumi.gcp.dataplex.LakeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new LakeIamBinding(\"binding\", LakeIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:LakeIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_lake\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.LakeIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.LakeIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.LakeIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewLakeIamMember(ctx, \"member\", \u0026dataplex.LakeIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.LakeIamMember;\nimport com.pulumi.gcp.dataplex.LakeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new LakeIamMember(\"member\", LakeIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:LakeIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex lake IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamPolicy:LakeIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamPolicy:LakeIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/lakeIamPolicy:LakeIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -167486,7 +167744,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -167512,7 +167770,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -167542,7 +167800,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -167815,7 +168073,7 @@ } }, "gcp:dataplex/taskIamBinding:TaskIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_task\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n\n* {{project}}/{{location}}/{{lake}}/{{task_id}}\n\n* {{location}}/{{lake}}/{{task_id}}\n\n* {{task_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex task IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamBinding:TaskIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamBinding:TaskIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamBinding:TaskIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_task\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_task\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n\n* {{project}}/{{location}}/{{lake}}/{{task_id}}\n\n* {{location}}/{{lake}}/{{task_id}}\n\n* {{task_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex task IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamBinding:TaskIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamBinding:TaskIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamBinding:TaskIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/TaskIamBindingCondition:TaskIamBindingCondition" @@ -167836,11 +168094,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -167878,11 +168137,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -167926,11 +168186,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -167947,7 +168208,7 @@ } }, "gcp:dataplex/taskIamMember:TaskIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_task\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n\n* {{project}}/{{location}}/{{lake}}/{{task_id}}\n\n* {{location}}/{{lake}}/{{task_id}}\n\n* {{task_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex task IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamMember:TaskIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamMember:TaskIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamMember:TaskIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_task\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_task\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n\n* {{project}}/{{location}}/{{lake}}/{{task_id}}\n\n* {{location}}/{{lake}}/{{task_id}}\n\n* {{task_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex task IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamMember:TaskIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamMember:TaskIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamMember:TaskIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/TaskIamMemberCondition:TaskIamMemberCondition" @@ -167965,11 +168226,12 @@ "description": "The location in which the task will be created in.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -168005,11 +168267,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -168051,11 +168314,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -168072,7 +168336,7 @@ } }, "gcp:dataplex/taskIamPolicy:TaskIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_task\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n\n* {{project}}/{{location}}/{{lake}}/{{task_id}}\n\n* {{location}}/{{lake}}/{{task_id}}\n\n* {{task_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex task IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamPolicy:TaskIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamPolicy:TaskIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamPolicy:TaskIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Task. Each of these resources serves a different use case:\n\n* `gcp.dataplex.TaskIamPolicy`: Authoritative. Sets the IAM policy for the task and replaces any existing policy already attached.\n* `gcp.dataplex.TaskIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the task are preserved.\n* `gcp.dataplex.TaskIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the task are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.TaskIamPolicy`: Retrieves the IAM policy for the task\n\n\u003e **Note:** `gcp.dataplex.TaskIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.TaskIamBinding` and `gcp.dataplex.TaskIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.TaskIamBinding` resources **can be** used in conjunction with `gcp.dataplex.TaskIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_task\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_task\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.TaskIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.TaskIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.TaskIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewTaskIamPolicy(ctx, \"policy\", \u0026dataplex.TaskIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.TaskIamPolicy;\nimport com.pulumi.gcp.dataplex.TaskIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TaskIamPolicy(\"policy\", TaskIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:TaskIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.TaskIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.TaskIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.TaskIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamBinding(ctx, \"binding\", \u0026dataplex.TaskIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamBinding;\nimport com.pulumi.gcp.dataplex.TaskIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TaskIamBinding(\"binding\", TaskIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:TaskIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_task\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.TaskIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n taskId: example.taskId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.TaskIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n task_id=example[\"taskId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.TaskIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n TaskId = example.TaskId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewTaskIamMember(ctx, \"member\", \u0026dataplex.TaskIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tTaskId: pulumi.Any(example.TaskId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.TaskIamMember;\nimport com.pulumi.gcp.dataplex.TaskIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TaskIamMember(\"member\", TaskIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .taskId(example.taskId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:TaskIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n taskId: ${example.taskId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n\n* {{project}}/{{location}}/{{lake}}/{{task_id}}\n\n* {{location}}/{{lake}}/{{task_id}}\n\n* {{task_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex task IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamPolicy:TaskIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamPolicy:TaskIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/taskIamPolicy:TaskIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/tasks/{{task_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -168092,7 +168356,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "taskId": { "type": "string" @@ -168123,7 +168387,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "taskId": { @@ -168159,7 +168423,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "taskId": { @@ -168424,7 +168688,7 @@ } }, "gcp:dataplex/zoneIamBinding:ZoneIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{name}}\n\n* {{location}}/{{lake}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex zone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamBinding:ZoneIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamBinding:ZoneIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamBinding:ZoneIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{name}}\n\n* {{location}}/{{lake}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex zone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamBinding:ZoneIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamBinding:ZoneIamBinding editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamBinding:ZoneIamBinding editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/ZoneIamBindingCondition:ZoneIamBindingCondition" @@ -168447,11 +168711,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -168489,11 +168754,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -168536,11 +168802,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -168553,7 +168820,7 @@ } }, "gcp:dataplex/zoneIamMember:ZoneIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{name}}\n\n* {{location}}/{{lake}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex zone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamMember:ZoneIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamMember:ZoneIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamMember:ZoneIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{name}}\n\n* {{location}}/{{lake}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex zone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamMember:ZoneIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamMember:ZoneIamMember editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamMember:ZoneIamMember editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataplex/ZoneIamMemberCondition:ZoneIamMemberCondition" @@ -168573,11 +168840,12 @@ "type": "string" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -168613,11 +168881,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -168658,11 +168927,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -168675,7 +168945,7 @@ } }, "gcp:dataplex/zoneIamPolicy:ZoneIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{name}}\n\n* {{location}}/{{lake}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex zone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamPolicy:ZoneIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamPolicy:ZoneIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamPolicy:ZoneIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataplex Zone. Each of these resources serves a different use case:\n\n* `gcp.dataplex.ZoneIamPolicy`: Authoritative. Sets the IAM policy for the zone and replaces any existing policy already attached.\n* `gcp.dataplex.ZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the zone are preserved.\n* `gcp.dataplex.ZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the zone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataplex.ZoneIamPolicy`: Retrieves the IAM policy for the zone\n\n\u003e **Note:** `gcp.dataplex.ZoneIamPolicy` **cannot** be used in conjunction with `gcp.dataplex.ZoneIamBinding` and `gcp.dataplex.ZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataplex.ZoneIamBinding` resources **can be** used in conjunction with `gcp.dataplex.ZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataplex\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataplex\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataplex.ZoneIamPolicy(\"policy\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataplex.ZoneIamPolicy(\"policy\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.DataPlex.ZoneIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataplex.NewZoneIamPolicy(ctx, \"policy\", \u0026dataplex.ZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicy;\nimport com.pulumi.gcp.dataplex.ZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ZoneIamPolicy(\"policy\", ZoneIamPolicyArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataplex:ZoneIamPolicy\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataplex.ZoneIamBinding(\"binding\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataplex.ZoneIamBinding(\"binding\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.DataPlex.ZoneIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamBinding(ctx, \"binding\", \u0026dataplex.ZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamBinding;\nimport com.pulumi.gcp.dataplex.ZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ZoneIamBinding(\"binding\", ZoneIamBindingArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataplex:ZoneIamBinding\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataplex\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataplex.ZoneIamMember(\"member\", {\n project: example.project,\n location: example.location,\n lake: example.lake,\n dataplexZone: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataplex.ZoneIamMember(\"member\",\n project=example[\"project\"],\n location=example[\"location\"],\n lake=example[\"lake\"],\n dataplex_zone=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.DataPlex.ZoneIamMember(\"member\", new()\n {\n Project = example.Project,\n Location = example.Location,\n Lake = example.Lake,\n DataplexZone = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataplex.NewZoneIamMember(ctx, \"member\", \u0026dataplex.ZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tLocation: pulumi.Any(example.Location),\n\t\t\tLake: pulumi.Any(example.Lake),\n\t\t\tDataplexZone: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataplex.ZoneIamMember;\nimport com.pulumi.gcp.dataplex.ZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ZoneIamMember(\"member\", ZoneIamMemberArgs.builder() \n .project(example.project())\n .location(example.location())\n .lake(example.lake())\n .dataplexZone(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataplex:ZoneIamMember\n properties:\n project: ${example.project}\n location: ${example.location}\n lake: ${example.lake}\n dataplexZone: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{name}}\n\n* {{project}}/{{location}}/{{lake}}/{{name}}\n\n* {{location}}/{{lake}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataplex zone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamPolicy:ZoneIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamPolicy:ZoneIamPolicy editor \"projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataplex/zoneIamPolicy:ZoneIamPolicy editor projects/{{project}}/locations/{{location}}/lakes/{{lake}}/zones/{{zone}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "dataplexZone": { "type": "string", @@ -168697,7 +168967,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -168728,7 +168998,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -168763,7 +169033,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -168876,7 +169146,7 @@ } }, "gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n\n* {{project}}/{{location}}/{{policy_id}}\n\n* {{location}}/{{policy_id}}\n\n* {{policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc autoscalingpolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding editor projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n\n* {{project}}/{{location}}/{{policy_id}}\n\n* {{location}}/{{policy_id}}\n\n* {{policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc autoscalingpolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamBinding:AutoscalingPolicyIamBinding editor projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/AutoscalingPolicyIamBindingCondition:AutoscalingPolicyIamBindingCondition" @@ -168893,7 +169163,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "policyId": { "type": "string", @@ -168901,7 +169172,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -168930,7 +169201,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "policyId": { "type": "string", @@ -168939,7 +169211,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -168973,7 +169245,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "policyId": { "type": "string", @@ -168982,7 +169255,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -168995,7 +169268,7 @@ } }, "gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n\n* {{project}}/{{location}}/{{policy_id}}\n\n* {{location}}/{{policy_id}}\n\n* {{policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc autoscalingpolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember editor projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n\n* {{project}}/{{location}}/{{policy_id}}\n\n* {{location}}/{{policy_id}}\n\n* {{policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc autoscalingpolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamMember:AutoscalingPolicyIamMember editor projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/AutoscalingPolicyIamMemberCondition:AutoscalingPolicyIamMemberCondition" @@ -169009,7 +169282,8 @@ "description": "The location where the autoscaling policy should reside.\nThe default value is `global`.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "policyId": { "type": "string", @@ -169017,7 +169291,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -169044,6 +169318,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "policyId": { @@ -169053,7 +169328,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -169085,6 +169360,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "policyId": { @@ -169094,7 +169370,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -169107,7 +169383,7 @@ } }, "gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n\n* {{project}}/{{location}}/{{policy_id}}\n\n* {{location}}/{{policy_id}}\n\n* {{policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc autoscalingpolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy editor projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc AutoscalingPolicy. Each of these resources serves a different use case:\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Authoritative. Sets the IAM policy for the autoscalingpolicy and replaces any existing policy already attached.\n* `gcp.dataproc.AutoscalingPolicyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the autoscalingpolicy are preserved.\n* `gcp.dataproc.AutoscalingPolicyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the autoscalingpolicy are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.AutoscalingPolicyIamPolicy`: Retrieves the IAM policy for the autoscalingpolicy\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.AutoscalingPolicyIamBinding` and `gcp.dataproc.AutoscalingPolicyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.AutoscalingPolicyIamBinding` resources **can be** used in conjunction with `gcp.dataproc.AutoscalingPolicyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.AutoscalingPolicyIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, \"policy\", \u0026dataproc.AutoscalingPolicyIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AutoscalingPolicyIamPolicy(\"policy\", AutoscalingPolicyIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:AutoscalingPolicyIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.AutoscalingPolicyIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, \"binding\", \u0026dataproc.AutoscalingPolicyIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AutoscalingPolicyIamBinding(\"binding\", AutoscalingPolicyIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:AutoscalingPolicyIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.AutoscalingPolicyIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n policyId: basic.policyId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.AutoscalingPolicyIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n policy_id=basic[\"policyId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.AutoscalingPolicyIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n PolicyId = basic.PolicyId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewAutoscalingPolicyIamMember(ctx, \"member\", \u0026dataproc.AutoscalingPolicyIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tPolicyId: pulumi.Any(basic.PolicyId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember;\nimport com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AutoscalingPolicyIamMember(\"member\", AutoscalingPolicyIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .policyId(basic.policyId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:AutoscalingPolicyIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n policyId: ${basic.policyId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n\n* {{project}}/{{location}}/{{policy_id}}\n\n* {{location}}/{{policy_id}}\n\n* {{policy_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc autoscalingpolicy IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy editor \"projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/autoscalingPolicyIamPolicy:AutoscalingPolicyIamPolicy editor projects/{{project}}/locations/{{location}}/autoscalingPolicies/{{policy_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -169127,7 +169403,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -169154,7 +169430,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -169185,7 +169461,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -169345,11 +169621,11 @@ } }, "gcp:dataproc/clusterIAMBinding:ClusterIAMBinding": { - "description": "Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:\n\n* `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.\n* `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.\n* `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_dataproc\\_cluster\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `cluster` identifier of the Dataproc Cluster resource only. For example:\n\n* `projects/{project}/regions/{region}/clusters/{cluster}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{project}/regions/{region}/clusters/{cluster}\n\n to = google_dataproc_cluster_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/clusterIAMBinding:ClusterIAMBinding default projects/{project}/regions/{region}/clusters/{cluster}\n```\n\n", + "description": "Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:\n\n* `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.\n* `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.\n* `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_dataproc\\_cluster\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `cluster` identifier of the Dataproc Cluster resource only. For example:\n\n* `projects/{project}/regions/{region}/clusters/{cluster}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{project}/regions/{region}/clusters/{cluster}\n\n to = google_dataproc_cluster_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/clusterIAMBinding:ClusterIAMBinding default projects/{project}/regions/{region}/clusters/{cluster}\n```\n\n", "properties": { "cluster": { "type": "string", - "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n" }, "condition": { "$ref": "#/types/gcp:dataproc/ClusterIAMBindingCondition:ClusterIAMBindingCondition" @@ -169362,7 +169638,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -169388,7 +169665,7 @@ "inputProperties": { "cluster": { "type": "string", - "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n", "willReplaceOnChanges": true }, "condition": { @@ -169399,7 +169676,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -169427,7 +169705,7 @@ "properties": { "cluster": { "type": "string", - "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n", "willReplaceOnChanges": true }, "condition": { @@ -169442,7 +169720,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -169464,11 +169743,11 @@ } }, "gcp:dataproc/clusterIAMMember:ClusterIAMMember": { - "description": "Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:\n\n* `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.\n* `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.\n* `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_dataproc\\_cluster\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `cluster` identifier of the Dataproc Cluster resource only. For example:\n\n* `projects/{project}/regions/{region}/clusters/{cluster}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{project}/regions/{region}/clusters/{cluster}\n\n to = google_dataproc_cluster_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/clusterIAMMember:ClusterIAMMember default projects/{project}/regions/{region}/clusters/{cluster}\n```\n\n", + "description": "Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:\n\n* `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.\n* `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.\n* `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_dataproc\\_cluster\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `cluster` identifier of the Dataproc Cluster resource only. For example:\n\n* `projects/{project}/regions/{region}/clusters/{cluster}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{project}/regions/{region}/clusters/{cluster}\n\n to = google_dataproc_cluster_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/clusterIAMMember:ClusterIAMMember default projects/{project}/regions/{region}/clusters/{cluster}\n```\n\n", "properties": { "cluster": { "type": "string", - "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n" }, "condition": { "$ref": "#/types/gcp:dataproc/ClusterIAMMemberCondition:ClusterIAMMemberCondition" @@ -169478,7 +169757,8 @@ "description": "(Computed) The etag of the clusters's IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -169504,7 +169784,7 @@ "inputProperties": { "cluster": { "type": "string", - "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n", "willReplaceOnChanges": true }, "condition": { @@ -169513,6 +169793,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -169541,7 +169822,7 @@ "properties": { "cluster": { "type": "string", - "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n", "willReplaceOnChanges": true }, "condition": { @@ -169554,6 +169835,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -169576,11 +169858,11 @@ } }, "gcp:dataproc/clusterIAMPolicy:ClusterIAMPolicy": { - "description": "Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:\n\n* `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.\n* `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.\n* `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_dataproc\\_cluster\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `cluster` identifier of the Dataproc Cluster resource only. For example:\n\n* `projects/{project}/regions/{region}/clusters/{cluster}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{project}/regions/{region}/clusters/{cluster}\n\n to = google_dataproc_cluster_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/clusterIAMPolicy:ClusterIAMPolicy default projects/{project}/regions/{region}/clusters/{cluster}\n```\n\n", + "description": "Three different resources help you manage IAM policies on dataproc clusters. Each of these resources serves a different use case:\n\n* `gcp.dataproc.ClusterIAMPolicy`: Authoritative. Sets the IAM policy for the cluster and replaces any existing policy already attached.\n* `gcp.dataproc.ClusterIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the cluster are preserved.\n* `gcp.dataproc.ClusterIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the cluster are preserved.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.ClusterIAMBinding` and `gcp.dataproc.ClusterIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the cluster as `gcp.dataproc.ClusterIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.ClusterIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.ClusterIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_dataproc\\_cluster\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.ClusterIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n cluster: \"your-dataproc-cluster\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.ClusterIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n cluster=\"your-dataproc-cluster\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.ClusterIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n Cluster = \"your-dataproc-cluster\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewClusterIAMPolicy(ctx, \"editor\", \u0026dataproc.ClusterIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicy;\nimport com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new ClusterIAMPolicy(\"editor\", ClusterIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .cluster(\"your-dataproc-cluster\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMPolicy\n properties:\n project: your-project\n region: your-region\n cluster: your-dataproc-cluster\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMBinding(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMBinding(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMBinding(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMBinding(ctx, \"editor\", \u0026dataproc.ClusterIAMBindingArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMBinding;\nimport com.pulumi.gcp.dataproc.ClusterIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMBinding(\"editor\", ClusterIAMBindingArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMBinding\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_cluster\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.ClusterIAMMember(\"editor\", {\n cluster: \"your-dataproc-cluster\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.ClusterIAMMember(\"editor\",\n cluster=\"your-dataproc-cluster\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.ClusterIAMMember(\"editor\", new()\n {\n Cluster = \"your-dataproc-cluster\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewClusterIAMMember(ctx, \"editor\", \u0026dataproc.ClusterIAMMemberArgs{\n\t\t\tCluster: pulumi.String(\"your-dataproc-cluster\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.ClusterIAMMember;\nimport com.pulumi.gcp.dataproc.ClusterIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new ClusterIAMMember(\"editor\", ClusterIAMMemberArgs.builder() \n .cluster(\"your-dataproc-cluster\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:ClusterIAMMember\n properties:\n cluster: your-dataproc-cluster\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `cluster` identifier of the Dataproc Cluster resource only. For example:\n\n* `projects/{project}/regions/{region}/clusters/{cluster}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = projects/{project}/regions/{region}/clusters/{cluster}\n\n to = google_dataproc_cluster_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/clusterIAMPolicy:ClusterIAMPolicy default projects/{project}/regions/{region}/clusters/{cluster}\n```\n\n", "properties": { "cluster": { "type": "string", - "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n" }, "etag": { "type": "string", @@ -169609,7 +169891,7 @@ "inputProperties": { "cluster": { "type": "string", - "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n", "willReplaceOnChanges": true }, "policyData": { @@ -169636,7 +169918,7 @@ "properties": { "cluster": { "type": "string", - "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name or relative resource id of the cluster to manage IAM policies for.\n\nFor `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`:\n", "willReplaceOnChanges": true }, "etag": { @@ -169948,7 +170230,7 @@ } }, "gcp:dataproc/jobIAMBinding:JobIAMBinding": { - "description": "Three different resources help you manage IAM policies on dataproc jobs. Each of these resources serves a different use case:\n\n* `gcp.dataproc.JobIAMPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.dataproc.JobIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.dataproc.JobIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\n\u003e **Note:** `gcp.dataproc.JobIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.JobIAMBinding` and `gcp.dataproc.JobIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the job as `gcp.dataproc.JobIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.JobIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.JobIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_dataproc\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `job_id` identifier of the Dataproc Job resource only. For example:\n\n* `projects/{project}/regions/{region}/jobs/{job_id}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/regions/{region}/jobs/{job_id}\"\n\n to = google_dataproc_job_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/jobIAMBinding:JobIAMBinding default \"projects/{project}/regions/{region}/jobs/{job_id}\"\n```\n\n", + "description": "Three different resources help you manage IAM policies on dataproc jobs. Each of these resources serves a different use case:\n\n* `gcp.dataproc.JobIAMPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.dataproc.JobIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.dataproc.JobIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\n\u003e **Note:** `gcp.dataproc.JobIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.JobIAMBinding` and `gcp.dataproc.JobIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the job as `gcp.dataproc.JobIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.JobIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.JobIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_dataproc\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `job_id` identifier of the Dataproc Job resource only. For example:\n\n* `projects/{project}/regions/{region}/jobs/{job_id}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/regions/{region}/jobs/{job_id}\"\n\n to = google_dataproc_job_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/jobIAMBinding:JobIAMBinding default \"projects/{project}/regions/{region}/jobs/{job_id}\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/JobIAMBindingCondition:JobIAMBindingCondition" @@ -169964,7 +170246,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -170000,7 +170283,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -170042,7 +170326,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -170064,7 +170349,7 @@ } }, "gcp:dataproc/jobIAMMember:JobIAMMember": { - "description": "Three different resources help you manage IAM policies on dataproc jobs. Each of these resources serves a different use case:\n\n* `gcp.dataproc.JobIAMPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.dataproc.JobIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.dataproc.JobIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\n\u003e **Note:** `gcp.dataproc.JobIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.JobIAMBinding` and `gcp.dataproc.JobIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the job as `gcp.dataproc.JobIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.JobIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.JobIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_dataproc\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `job_id` identifier of the Dataproc Job resource only. For example:\n\n* `projects/{project}/regions/{region}/jobs/{job_id}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/regions/{region}/jobs/{job_id}\"\n\n to = google_dataproc_job_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/jobIAMMember:JobIAMMember default \"projects/{project}/regions/{region}/jobs/{job_id}\"\n```\n\n", + "description": "Three different resources help you manage IAM policies on dataproc jobs. Each of these resources serves a different use case:\n\n* `gcp.dataproc.JobIAMPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.dataproc.JobIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.dataproc.JobIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\n\u003e **Note:** `gcp.dataproc.JobIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.JobIAMBinding` and `gcp.dataproc.JobIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the job as `gcp.dataproc.JobIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.JobIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.JobIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_dataproc\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `job_id` identifier of the Dataproc Job resource only. For example:\n\n* `projects/{project}/regions/{region}/jobs/{job_id}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/regions/{region}/jobs/{job_id}\"\n\n to = google_dataproc_job_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/jobIAMMember:JobIAMMember default \"projects/{project}/regions/{region}/jobs/{job_id}\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/JobIAMMemberCondition:JobIAMMemberCondition" @@ -170077,7 +170362,8 @@ "type": "string" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -170111,6 +170397,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -170151,6 +170438,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -170173,7 +170461,7 @@ } }, "gcp:dataproc/jobIAMPolicy:JobIAMPolicy": { - "description": "Three different resources help you manage IAM policies on dataproc jobs. Each of these resources serves a different use case:\n\n* `gcp.dataproc.JobIAMPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.dataproc.JobIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.dataproc.JobIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\n\u003e **Note:** `gcp.dataproc.JobIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.JobIAMBinding` and `gcp.dataproc.JobIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the job as `gcp.dataproc.JobIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.JobIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.JobIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_dataproc\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `job_id` identifier of the Dataproc Job resource only. For example:\n\n* `projects/{project}/regions/{region}/jobs/{job_id}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/regions/{region}/jobs/{job_id}\"\n\n to = google_dataproc_job_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/jobIAMPolicy:JobIAMPolicy default \"projects/{project}/regions/{region}/jobs/{job_id}\"\n```\n\n", + "description": "Three different resources help you manage IAM policies on dataproc jobs. Each of these resources serves a different use case:\n\n* `gcp.dataproc.JobIAMPolicy`: Authoritative. Sets the IAM policy for the job and replaces any existing policy already attached.\n* `gcp.dataproc.JobIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the job are preserved.\n* `gcp.dataproc.JobIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the job are preserved.\n\n\u003e **Note:** `gcp.dataproc.JobIAMPolicy` **cannot** be used in conjunction with `gcp.dataproc.JobIAMBinding` and `gcp.dataproc.JobIAMMember` or they will fight over what your policy should be. In addition, be careful not to accidentally unset ownership of the job as `gcp.dataproc.JobIAMPolicy` replaces the entire policy.\n\n\u003e **Note:** `gcp.dataproc.JobIAMBinding` resources **can be** used in conjunction with `gcp.dataproc.JobIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_dataproc\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.dataproc.JobIAMPolicy(\"editor\", {\n project: \"your-project\",\n region: \"your-region\",\n jobId: \"your-dataproc-job\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.dataproc.JobIAMPolicy(\"editor\",\n project=\"your-project\",\n region=\"your-region\",\n job_id=\"your-dataproc-job\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.Dataproc.JobIAMPolicy(\"editor\", new()\n {\n Project = \"your-project\",\n Region = \"your-region\",\n JobId = \"your-dataproc-job\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewJobIAMPolicy(ctx, \"editor\", \u0026dataproc.JobIAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project\"),\n\t\t\tRegion: pulumi.String(\"your-region\"),\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.JobIAMPolicy;\nimport com.pulumi.gcp.dataproc.JobIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new JobIAMPolicy(\"editor\", JobIAMPolicyArgs.builder() \n .project(\"your-project\")\n .region(\"your-region\")\n .jobId(\"your-dataproc-job\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMPolicy\n properties:\n project: your-project\n region: your-region\n jobId: your-dataproc-job\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMBinding(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMBinding(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMBinding(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMBinding(ctx, \"editor\", \u0026dataproc.JobIAMBindingArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMBinding;\nimport com.pulumi.gcp.dataproc.JobIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMBinding(\"editor\", JobIAMBindingArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMBinding\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_job\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.dataproc.JobIAMMember(\"editor\", {\n jobId: \"your-dataproc-job\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.dataproc.JobIAMMember(\"editor\",\n job_id=\"your-dataproc-job\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.Dataproc.JobIAMMember(\"editor\", new()\n {\n JobId = \"your-dataproc-job\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewJobIAMMember(ctx, \"editor\", \u0026dataproc.JobIAMMemberArgs{\n\t\t\tJobId: pulumi.String(\"your-dataproc-job\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.JobIAMMember;\nimport com.pulumi.gcp.dataproc.JobIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new JobIAMMember(\"editor\", JobIAMMemberArgs.builder() \n .jobId(\"your-dataproc-job\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:dataproc:JobIAMMember\n properties:\n jobId: your-dataproc-job\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the `job_id` identifier of the Dataproc Job resource only. For example:\n\n* `projects/{project}/regions/{region}/jobs/{job_id}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{project}/regions/{region}/jobs/{job_id}\"\n\n to = google_dataproc_job_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:dataproc/jobIAMPolicy:JobIAMPolicy default \"projects/{project}/regions/{region}/jobs/{job_id}\"\n```\n\n", "properties": { "etag": { "type": "string", @@ -170477,11 +170765,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -170514,11 +170803,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -170556,11 +170846,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -170590,11 +170881,12 @@ "description": "The location where the metastore federation should reside.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -170625,11 +170917,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -170665,11 +170958,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -170701,7 +170995,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -170727,7 +171021,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -170757,7 +171051,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -171104,7 +171398,7 @@ } }, "gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{service_id}}\n\n* {{location}}/{{service_id}}\n\n* {{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding editor projects/{{project}}/locations/{{location}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{service_id}}\n\n* {{location}}/{{service_id}}\n\n* {{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamBinding:MetastoreServiceIamBinding editor projects/{{project}}/locations/{{location}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/MetastoreServiceIamBindingCondition:MetastoreServiceIamBindingCondition" @@ -171121,11 +171415,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -171157,11 +171452,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -171199,11 +171495,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -171220,7 +171517,7 @@ } }, "gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{service_id}}\n\n* {{location}}/{{service_id}}\n\n* {{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember editor projects/{{project}}/locations/{{location}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{service_id}}\n\n* {{location}}/{{service_id}}\n\n* {{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamMember:MetastoreServiceIamMember editor projects/{{project}}/locations/{{location}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dataproc/MetastoreServiceIamMemberCondition:MetastoreServiceIamMemberCondition" @@ -171234,11 +171531,12 @@ "description": "The location where the metastore service should reside.\nThe default value is `global`.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -171268,11 +171566,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -171308,11 +171607,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -171329,7 +171629,7 @@ } }, "gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{service_id}}\n\n* {{location}}/{{service_id}}\n\n* {{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy editor projects/{{project}}/locations/{{location}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Dataproc metastore Service. Each of these resources serves a different use case:\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.dataproc.MetastoreServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.dataproc.MetastoreServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dataproc.MetastoreServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamPolicy` **cannot** be used in conjunction with `gcp.dataproc.MetastoreServiceIamBinding` and `gcp.dataproc.MetastoreServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dataproc.MetastoreServiceIamBinding` resources **can be** used in conjunction with `gcp.dataproc.MetastoreServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dataproc.MetastoreServiceIamPolicy(\"policy\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dataproc.MetastoreServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dataproc.NewMetastoreServiceIamPolicy(ctx, \"policy\", \u0026dataproc.MetastoreServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MetastoreServiceIamPolicy(\"policy\", MetastoreServiceIamPolicyArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dataproc:MetastoreServiceIamPolicy\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dataproc.MetastoreServiceIamBinding(\"binding\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dataproc.MetastoreServiceIamBinding(\"binding\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dataproc.MetastoreServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamBinding(ctx, \"binding\", \u0026dataproc.MetastoreServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBinding;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MetastoreServiceIamBinding(\"binding\", MetastoreServiceIamBindingArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dataproc:MetastoreServiceIamBinding\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dataproc\\_metastore\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dataproc.MetastoreServiceIamMember(\"member\", {\n project: _default.project,\n location: _default.location,\n serviceId: _default.serviceId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dataproc.MetastoreServiceIamMember(\"member\",\n project=default[\"project\"],\n location=default[\"location\"],\n service_id=default[\"serviceId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dataproc.MetastoreServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Location = @default.Location,\n ServiceId = @default.ServiceId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dataproc.NewMetastoreServiceIamMember(ctx, \"member\", \u0026dataproc.MetastoreServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tLocation: pulumi.Any(_default.Location),\n\t\t\tServiceId: pulumi.Any(_default.ServiceId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMember;\nimport com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MetastoreServiceIamMember(\"member\", MetastoreServiceIamMemberArgs.builder() \n .project(default_.project())\n .location(default_.location())\n .serviceId(default_.serviceId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dataproc:MetastoreServiceIamMember\n properties:\n project: ${default.project}\n location: ${default.location}\n serviceId: ${default.serviceId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{service_id}}\n\n* {{location}}/{{service_id}}\n\n* {{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nDataproc metastore service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dataproc/metastoreServiceIamPolicy:MetastoreServiceIamPolicy editor projects/{{project}}/locations/{{location}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -171345,7 +171645,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "serviceId": { "type": "string" @@ -171370,7 +171670,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "serviceId": { @@ -171400,7 +171700,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "serviceId": { @@ -175390,7 +175690,7 @@ } }, "gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dns\\_managed\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/managedZones/{{managed_zone}}\n\n* {{project}}/{{managed_zone}}\n\n* {{managed_zone}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud DNS managedzone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding editor projects/{{project}}/managedZones/{{managed_zone}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dns\\_managed\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dns\\_managed\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/managedZones/{{managed_zone}}\n\n* {{project}}/{{managed_zone}}\n\n* {{managed_zone}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud DNS managedzone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamBinding:DnsManagedZoneIamBinding editor projects/{{project}}/managedZones/{{managed_zone}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dns/DnsManagedZoneIamBindingCondition:DnsManagedZoneIamBindingCondition" @@ -175407,11 +175707,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -175439,11 +175740,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -175477,11 +175779,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -175494,7 +175797,7 @@ } }, "gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dns\\_managed\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/managedZones/{{managed_zone}}\n\n* {{project}}/{{managed_zone}}\n\n* {{managed_zone}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud DNS managedzone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember editor projects/{{project}}/managedZones/{{managed_zone}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dns\\_managed\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dns\\_managed\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/managedZones/{{managed_zone}}\n\n* {{project}}/{{managed_zone}}\n\n* {{managed_zone}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud DNS managedzone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamMember:DnsManagedZoneIamMember editor projects/{{project}}/managedZones/{{managed_zone}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:dns/DnsManagedZoneIamMemberCondition:DnsManagedZoneIamMemberCondition" @@ -175508,11 +175811,12 @@ "description": "Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -175538,11 +175842,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -175574,11 +175879,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -175591,7 +175897,7 @@ } }, "gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dns\\_managed\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/managedZones/{{managed_zone}}\n\n* {{project}}/{{managed_zone}}\n\n* {{managed_zone}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud DNS managedzone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy editor projects/{{project}}/managedZones/{{managed_zone}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud DNS ManagedZone. Each of these resources serves a different use case:\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Authoritative. Sets the IAM policy for the managedzone and replaces any existing policy already attached.\n* `gcp.dns.DnsManagedZoneIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the managedzone are preserved.\n* `gcp.dns.DnsManagedZoneIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the managedzone are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.dns.DnsManagedZoneIamPolicy`: Retrieves the IAM policy for the managedzone\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamPolicy` **cannot** be used in conjunction with `gcp.dns.DnsManagedZoneIamBinding` and `gcp.dns.DnsManagedZoneIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.dns.DnsManagedZoneIamBinding` resources **can be** used in conjunction with `gcp.dns.DnsManagedZoneIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_dns\\_managed\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_dns\\_managed\\_zone\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.dns.DnsManagedZoneIamPolicy(\"policy\", {\n project: _default.project,\n managedZone: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.dns.DnsManagedZoneIamPolicy(\"policy\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Dns.DnsManagedZoneIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = dns.NewDnsManagedZoneIamPolicy(ctx, \"policy\", \u0026dns.DnsManagedZoneIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicy;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new DnsManagedZoneIamPolicy(\"policy\", DnsManagedZoneIamPolicyArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:dns:DnsManagedZoneIamPolicy\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.dns.DnsManagedZoneIamBinding(\"binding\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.dns.DnsManagedZoneIamBinding(\"binding\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Dns.DnsManagedZoneIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamBinding(ctx, \"binding\", \u0026dns.DnsManagedZoneIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBinding;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new DnsManagedZoneIamBinding(\"binding\", DnsManagedZoneIamBindingArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:dns:DnsManagedZoneIamBinding\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_dns\\_managed\\_zone\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.dns.DnsManagedZoneIamMember(\"member\", {\n project: _default.project,\n managedZone: _default.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.dns.DnsManagedZoneIamMember(\"member\",\n project=default[\"project\"],\n managed_zone=default[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Dns.DnsManagedZoneIamMember(\"member\", new()\n {\n Project = @default.Project,\n ManagedZone = @default.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := dns.NewDnsManagedZoneIamMember(ctx, \"member\", \u0026dns.DnsManagedZoneIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tManagedZone: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMember;\nimport com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new DnsManagedZoneIamMember(\"member\", DnsManagedZoneIamMemberArgs.builder() \n .project(default_.project())\n .managedZone(default_.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:dns:DnsManagedZoneIamMember\n properties:\n project: ${default.project}\n managedZone: ${default.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/managedZones/{{managed_zone}}\n\n* {{project}}/{{managed_zone}}\n\n* {{managed_zone}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud DNS managedzone IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy editor \"projects/{{project}}/managedZones/{{managed_zone}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:dns/dnsManagedZoneIamPolicy:DnsManagedZoneIamPolicy editor projects/{{project}}/managedZones/{{managed_zone}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -175607,7 +175913,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -175628,7 +175934,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -175654,7 +175960,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -177616,7 +177922,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -177646,7 +177953,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -177683,7 +177991,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -177712,7 +178021,8 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -177740,6 +178050,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -177775,6 +178086,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -177989,7 +178301,7 @@ } }, "gcp:endpoints/serviceIamBinding:ServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_endpoints\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* services/{{service_name}}\n\n* {{service_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Endpoints service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamBinding:ServiceIamBinding editor \"services/{{service_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamBinding:ServiceIamBinding editor \"services/{{service_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamBinding:ServiceIamBinding editor services/{{service_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_endpoints\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_endpoints\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* services/{{service_name}}\n\n* {{service_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Endpoints service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamBinding:ServiceIamBinding editor \"services/{{service_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamBinding:ServiceIamBinding editor \"services/{{service_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamBinding:ServiceIamBinding editor services/{{service_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:endpoints/ServiceIamBindingCondition:ServiceIamBindingCondition" @@ -178002,7 +178314,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -178027,7 +178340,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -178059,7 +178373,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -178075,7 +178390,7 @@ } }, "gcp:endpoints/serviceIamMember:ServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_endpoints\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* services/{{service_name}}\n\n* {{service_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Endpoints service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamMember:ServiceIamMember editor \"services/{{service_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamMember:ServiceIamMember editor \"services/{{service_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamMember:ServiceIamMember editor services/{{service_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_endpoints\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_endpoints\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* services/{{service_name}}\n\n* {{service_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Endpoints service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamMember:ServiceIamMember editor \"services/{{service_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamMember:ServiceIamMember editor \"services/{{service_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamMember:ServiceIamMember editor services/{{service_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:endpoints/ServiceIamMemberCondition:ServiceIamMemberCondition" @@ -178085,7 +178400,8 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -178108,6 +178424,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -178138,6 +178455,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -178154,7 +178472,7 @@ } }, "gcp:endpoints/serviceIamPolicy:ServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_endpoints\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* services/{{service_name}}\n\n* {{service_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Endpoints service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamPolicy:ServiceIamPolicy editor \"services/{{service_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamPolicy:ServiceIamPolicy editor \"services/{{service_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamPolicy:ServiceIamPolicy editor services/{{service_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Endpoints Service. Each of these resources serves a different use case:\n\n* `gcp.endpoints.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.endpoints.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.endpoints.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.endpoints.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.endpoints.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.endpoints.ServiceIamBinding` and `gcp.endpoints.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.endpoints.ServiceIamBinding` resources **can be** used in conjunction with `gcp.endpoints.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_endpoints\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_endpoints\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.endpoints.ServiceIamPolicy(\"policy\", {\n serviceName: endpointsService.serviceName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.endpoints.ServiceIamPolicy(\"policy\",\n service_name=endpoints_service[\"serviceName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Endpoints.ServiceIamPolicy(\"policy\", new()\n {\n ServiceName = endpointsService.ServiceName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = endpoints.NewServiceIamPolicy(ctx, \"policy\", \u0026endpoints.ServiceIamPolicyArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicy;\nimport com.pulumi.gcp.endpoints.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .serviceName(endpointsService.serviceName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:endpoints:ServiceIamPolicy\n properties:\n serviceName: ${endpointsService.serviceName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.endpoints.ServiceIamBinding(\"binding\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.endpoints.ServiceIamBinding(\"binding\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Endpoints.ServiceIamBinding(\"binding\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamBinding(ctx, \"binding\", \u0026endpoints.ServiceIamBindingArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamBinding;\nimport com.pulumi.gcp.endpoints.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:endpoints:ServiceIamBinding\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_endpoints\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.endpoints.ServiceIamMember(\"member\", {\n serviceName: endpointsService.serviceName,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.endpoints.ServiceIamMember(\"member\",\n service_name=endpoints_service[\"serviceName\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Endpoints.ServiceIamMember(\"member\", new()\n {\n ServiceName = endpointsService.ServiceName,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := endpoints.NewServiceIamMember(ctx, \"member\", \u0026endpoints.ServiceIamMemberArgs{\n\t\t\tServiceName: pulumi.Any(endpointsService.ServiceName),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.endpoints.ServiceIamMember;\nimport com.pulumi.gcp.endpoints.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .serviceName(endpointsService.serviceName())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:endpoints:ServiceIamMember\n properties:\n serviceName: ${endpointsService.serviceName}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* services/{{service_name}}\n\n* {{service_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Endpoints service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamPolicy:ServiceIamPolicy editor \"services/{{service_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamPolicy:ServiceIamPolicy editor \"services/{{service_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:endpoints/serviceIamPolicy:ServiceIamPolicy editor services/{{service_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -182864,7 +183182,7 @@ } }, "gcp:folder/iAMMember:IAMMember": { - "description": "Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:\n\n* `gcp.folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.\n* `gcp.folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.\n* `gcp.folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.\n* `gcp.folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.folder.IAMPolicy` **cannot** be used in conjunction with `gcp.folder.IAMBinding`, `gcp.folder.IAMMember`, or `gcp.folder.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.folder.IAMBinding` resources **can be** used in conjunction with `gcp.folder.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_folder\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.folder.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.folder.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder() \n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_folder_iam_audit_config` resource using the resource's `folder_id` and the `service`, e.g:\n\n* `\"folder/{{folder_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"folder/{{folder_id}} foo.googleapis.com\"\n\n to = google_folder_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:folder/iAMMember:IAMMember default \"folder/{{folder_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:\n\n* `gcp.folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.\n* `gcp.folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.\n* `gcp.folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.\n* `gcp.folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.folder.IAMPolicy` **cannot** be used in conjunction with `gcp.folder.IAMBinding`, `gcp.folder.IAMMember`, or `gcp.folder.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.folder.IAMBinding` resources **can be** used in conjunction with `gcp.folder.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_folder\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.folder.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.folder.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder() \n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.folder.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.folder.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder() \n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_folder_iam_audit_config` resource using the resource's `folder_id` and the `service`, e.g:\n\n* `\"folder/{{folder_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"folder/{{folder_id}} foo.googleapis.com\"\n\n to = google_folder_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:folder/iAMMember:IAMMember default \"folder/{{folder_id}} foo.googleapis.com\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:folder/IAMMemberCondition:IAMMemberCondition", @@ -182879,7 +183197,8 @@ "description": "The resource name of the folder the policy is attached to. Its format is folders/{folder_id}.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -182905,6 +183224,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -182937,6 +183257,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -182949,7 +183270,7 @@ } }, "gcp:folder/iAMPolicy:IAMPolicy": { - "description": "Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:\n\n* `gcp.folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.\n* `gcp.folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.\n* `gcp.folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.\n* `gcp.folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.folder.IAMPolicy` **cannot** be used in conjunction with `gcp.folder.IAMBinding`, `gcp.folder.IAMMember`, or `gcp.folder.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.folder.IAMBinding` resources **can be** used in conjunction with `gcp.folder.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_folder\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.folder.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.folder.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder() \n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_folder_iam_audit_config` resource using the resource's `folder_id` and the `service`, e.g:\n\n* `\"folder/{{folder_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"folder/{{folder_id}} foo.googleapis.com\"\n\n to = google_folder_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:folder/iAMPolicy:IAMPolicy default \"folder/{{folder_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:\n\n* `gcp.folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.\n* `gcp.folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.\n* `gcp.folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.\n* `gcp.folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.folder.IAMPolicy` **cannot** be used in conjunction with `gcp.folder.IAMBinding`, `gcp.folder.IAMMember`, or `gcp.folder.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.folder.IAMBinding` resources **can be** used in conjunction with `gcp.folder.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_folder\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.folder.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.folder.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder() \n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.folder.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.folder.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder() \n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_folder_iam_audit_config` resource using the resource's `folder_id` and the `service`, e.g:\n\n* `\"folder/{{folder_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"folder/{{folder_id}} foo.googleapis.com\"\n\n to = google_folder_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:folder/iAMPolicy:IAMPolicy default \"folder/{{folder_id}} foo.googleapis.com\"\n```\n\n", "properties": { "etag": { "type": "string", @@ -183005,7 +183326,7 @@ } }, "gcp:folder/iamAuditConfig:IamAuditConfig": { - "description": "Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:\n\n* `gcp.folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.\n* `gcp.folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.\n* `gcp.folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.\n* `gcp.folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.folder.IAMPolicy` **cannot** be used in conjunction with `gcp.folder.IAMBinding`, `gcp.folder.IAMMember`, or `gcp.folder.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.folder.IAMBinding` resources **can be** used in conjunction with `gcp.folder.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_folder\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.folder.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.folder.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder() \n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_folder_iam_audit_config` resource using the resource's `folder_id` and the `service`, e.g:\n\n* `\"folder/{{folder_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"folder/{{folder_id}} foo.googleapis.com\"\n\n to = google_folder_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig default \"folder/{{folder_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a folder. Each of these resources serves a different use case:\n\n* `gcp.folder.IAMPolicy`: Authoritative. Sets the IAM policy for the folder and replaces any existing policy already attached.\n* `gcp.folder.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the folder are preserved.\n* `gcp.folder.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the folder are preserved.\n* `gcp.folder.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.folder.IAMPolicy` **cannot** be used in conjunction with `gcp.folder.IAMBinding`, `gcp.folder.IAMMember`, or `gcp.folder.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.folder.IAMBinding` resources **can be** used in conjunction with `gcp.folder.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning a 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_folder\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.folder.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.folder.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder() \n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your folder\n using this resource. Deleting a `gcp.folder.IAMPolicy` removes access\n from anyone without permissions on its parent folder/organization. Proceed with caution.\n It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder\n to avoid locking yourself out, and it should generally only be used with folders\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst folder = new gcp.folder.IAMPolicy(\"folder\", {\n folder: \"folders/1234567\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nfolder = gcp.folder.IAMPolicy(\"folder\",\n folder=\"folders/1234567\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var folder = new Gcp.Folder.IAMPolicy(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = folder.NewIAMPolicy(ctx, \"folder\", \u0026folder.IAMPolicyArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.folder.IAMPolicy;\nimport com.pulumi.gcp.folder.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var folder = new IAMPolicy(\"folder\", IAMPolicyArgs.builder() \n .folder(\"folders/1234567\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMPolicy\n properties:\n folder: folders/1234567\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMBinding(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMBinding(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.folder.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMBinding(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMBinding(ctx, \"folder\", \u0026folder.IAMBindingArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026folder.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMBinding;\nimport com.pulumi.gcp.folder.IAMBindingArgs;\nimport com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMBinding(\"folder\", IAMBindingArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMBinding\n properties:\n folder: folders/1234567\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IAMMember(\"folder\", {\n folder: \"folders/1234567\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IAMMember(\"folder\",\n folder=\"folders/1234567\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.folder.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IAMMember(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIAMMember(ctx, \"folder\", \u0026folder.IAMMemberArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026folder.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IAMMember;\nimport com.pulumi.gcp.folder.IAMMemberArgs;\nimport com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IAMMember(\"folder\", IAMMemberArgs.builder() \n .folder(\"folders/1234567\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IAMMember\n properties:\n folder: folders/1234567\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_folder\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst folder = new gcp.folder.IamAuditConfig(\"folder\", {\n folder: \"folders/1234567\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfolder = gcp.folder.IamAuditConfig(\"folder\",\n folder=\"folders/1234567\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.folder.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var folder = new Gcp.Folder.IamAuditConfig(\"folder\", new()\n {\n Folder = \"folders/1234567\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := folder.NewIamAuditConfig(ctx, \"folder\", \u0026folder.IamAuditConfigArgs{\n\t\t\tFolder: pulumi.String(\"folders/1234567\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026folder.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.folder.IamAuditConfig;\nimport com.pulumi.gcp.folder.IamAuditConfigArgs;\nimport com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var folder = new IamAuditConfig(\"folder\", IamAuditConfigArgs.builder() \n .folder(\"folders/1234567\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n folder:\n type: gcp:folder:IamAuditConfig\n properties:\n folder: folders/1234567\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_folder_iam_audit_config` resource using the resource's `folder_id` and the `service`, e.g:\n\n* `\"folder/{{folder_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"folder/{{folder_id}} foo.googleapis.com\"\n\n to = google_folder_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:folder/iamAuditConfig:IamAuditConfig default \"folder/{{folder_id}} foo.googleapis.com\"\n```\n\n", "properties": { "auditLogConfigs": { "type": "array", @@ -183440,7 +183761,7 @@ } }, "gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding": { - "description": "Three different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/backupPlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE backupplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding editor projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/backupPlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE backupplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamBinding:BackupPlanIamBinding editor projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkebackup/BackupPlanIamBindingCondition:BackupPlanIamBindingCondition" @@ -183457,7 +183778,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -183465,7 +183787,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -183494,7 +183816,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -183503,7 +183826,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -183536,7 +183859,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -183545,7 +183869,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -183558,7 +183882,7 @@ } }, "gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember": { - "description": "Three different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/backupPlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE backupplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember editor projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/backupPlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE backupplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamMember:BackupPlanIamMember editor projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkebackup/BackupPlanIamMemberCondition:BackupPlanIamMemberCondition" @@ -183572,7 +183896,8 @@ "description": "The region of the Backup Plan.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -183580,7 +183905,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -183607,6 +183932,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -183616,7 +183942,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -183647,6 +183973,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -183656,7 +183983,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -183669,7 +183996,7 @@ } }, "gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/backupPlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE backupplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy editor projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Backup for GKE BackupPlan. Each of these resources serves a different use case:\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Authoritative. Sets the IAM policy for the backupplan and replaces any existing policy already attached.\n* `gcp.gkebackup.BackupPlanIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the backupplan are preserved.\n* `gcp.gkebackup.BackupPlanIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the backupplan are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkebackup.BackupPlanIamPolicy`: Retrieves the IAM policy for the backupplan\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamPolicy` **cannot** be used in conjunction with `gcp.gkebackup.BackupPlanIamBinding` and `gcp.gkebackup.BackupPlanIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkebackup.BackupPlanIamBinding` resources **can be** used in conjunction with `gcp.gkebackup.BackupPlanIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkebackup.BackupPlanIamPolicy(\"policy\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkebackup.BackupPlanIamPolicy(\"policy\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeBackup.BackupPlanIamPolicy(\"policy\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkebackup.NewBackupPlanIamPolicy(ctx, \"policy\", \u0026gkebackup.BackupPlanIamPolicyArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicy;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BackupPlanIamPolicy(\"policy\", BackupPlanIamPolicyArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkebackup:BackupPlanIamPolicy\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkebackup.BackupPlanIamBinding(\"binding\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkebackup.BackupPlanIamBinding(\"binding\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeBackup.BackupPlanIamBinding(\"binding\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamBinding(ctx, \"binding\", \u0026gkebackup.BackupPlanIamBindingArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBinding;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BackupPlanIamBinding(\"binding\", BackupPlanIamBindingArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkebackup:BackupPlanIamBinding\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkebackup.BackupPlanIamMember(\"member\", {\n project: basic.project,\n location: basic.location,\n name: basic.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkebackup.BackupPlanIamMember(\"member\",\n project=basic[\"project\"],\n location=basic[\"location\"],\n name=basic[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeBackup.BackupPlanIamMember(\"member\", new()\n {\n Project = basic.Project,\n Location = basic.Location,\n Name = basic.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkebackup.NewBackupPlanIamMember(ctx, \"member\", \u0026gkebackup.BackupPlanIamMemberArgs{\n\t\t\tProject: pulumi.Any(basic.Project),\n\t\t\tLocation: pulumi.Any(basic.Location),\n\t\t\tName: pulumi.Any(basic.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMember;\nimport com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BackupPlanIamMember(\"member\", BackupPlanIamMemberArgs.builder() \n .project(basic.project())\n .location(basic.location())\n .name(basic.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkebackup:BackupPlanIamMember\n properties:\n project: ${basic.project}\n location: ${basic.location}\n name: ${basic.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/backupPlans/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nBackup for GKE backupplan IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy editor \"projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkebackup/backupPlanIamPolicy:BackupPlanIamPolicy editor projects/{{project}}/locations/{{location}}/backupPlans/{{backup_plan}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -183689,7 +184016,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -183716,7 +184043,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -183746,7 +184073,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -184455,7 +184782,7 @@ } }, "gcp:gkehub/featureIamBinding:FeatureIamBinding": { - "description": "Three different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_feature\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/features/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub feature IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamBinding:FeatureIamBinding editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamBinding:FeatureIamBinding editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamBinding:FeatureIamBinding editor projects/{{project}}/locations/{{location}}/features/{{feature}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_feature\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_gke\\_hub\\_feature\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/features/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub feature IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamBinding:FeatureIamBinding editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamBinding:FeatureIamBinding editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamBinding:FeatureIamBinding editor projects/{{project}}/locations/{{location}}/features/{{feature}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkehub/FeatureIamBindingCondition:FeatureIamBindingCondition" @@ -184472,7 +184799,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -184480,7 +184808,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -184509,7 +184837,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -184518,7 +184847,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -184551,7 +184880,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -184560,7 +184890,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -184573,7 +184903,7 @@ } }, "gcp:gkehub/featureIamMember:FeatureIamMember": { - "description": "Three different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_feature\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/features/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub feature IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamMember:FeatureIamMember editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamMember:FeatureIamMember editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamMember:FeatureIamMember editor projects/{{project}}/locations/{{location}}/features/{{feature}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_feature\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_gke\\_hub\\_feature\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/features/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub feature IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamMember:FeatureIamMember editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamMember:FeatureIamMember editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamMember:FeatureIamMember editor projects/{{project}}/locations/{{location}}/features/{{feature}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkehub/FeatureIamMemberCondition:FeatureIamMemberCondition" @@ -184587,7 +184917,8 @@ "description": "The location for the resource Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", @@ -184595,7 +184926,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -184622,6 +184953,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -184631,7 +184963,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -184662,6 +184994,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { @@ -184671,7 +185004,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -184684,7 +185017,7 @@ } }, "gcp:gkehub/featureIamPolicy:FeatureIamPolicy": { - "description": "Three different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_feature\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/features/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub feature IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamPolicy:FeatureIamPolicy editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamPolicy:FeatureIamPolicy editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamPolicy:FeatureIamPolicy editor projects/{{project}}/locations/{{location}}/features/{{feature}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Feature. Each of these resources serves a different use case:\n\n* `gcp.gkehub.FeatureIamPolicy`: Authoritative. Sets the IAM policy for the feature and replaces any existing policy already attached.\n* `gcp.gkehub.FeatureIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the feature are preserved.\n* `gcp.gkehub.FeatureIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the feature are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.FeatureIamPolicy`: Retrieves the IAM policy for the feature\n\n\u003e **Note:** `gcp.gkehub.FeatureIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.FeatureIamBinding` and `gcp.gkehub.FeatureIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.FeatureIamBinding` resources **can be** used in conjunction with `gcp.gkehub.FeatureIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_feature\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_gke\\_hub\\_feature\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.FeatureIamPolicy(\"policy\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.FeatureIamPolicy(\"policy\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.FeatureIamPolicy(\"policy\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewFeatureIamPolicy(ctx, \"policy\", \u0026gkehub.FeatureIamPolicyArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicy;\nimport com.pulumi.gcp.gkehub.FeatureIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new FeatureIamPolicy(\"policy\", FeatureIamPolicyArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:FeatureIamPolicy\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.FeatureIamBinding(\"binding\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.FeatureIamBinding(\"binding\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.FeatureIamBinding(\"binding\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamBinding(ctx, \"binding\", \u0026gkehub.FeatureIamBindingArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamBinding;\nimport com.pulumi.gcp.gkehub.FeatureIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new FeatureIamBinding(\"binding\", FeatureIamBindingArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:FeatureIamBinding\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_feature\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.FeatureIamMember(\"member\", {\n project: feature.project,\n location: feature.location,\n name: feature.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.FeatureIamMember(\"member\",\n project=feature[\"project\"],\n location=feature[\"location\"],\n name=feature[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.FeatureIamMember(\"member\", new()\n {\n Project = feature.Project,\n Location = feature.Location,\n Name = feature.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewFeatureIamMember(ctx, \"member\", \u0026gkehub.FeatureIamMemberArgs{\n\t\t\tProject: pulumi.Any(feature.Project),\n\t\t\tLocation: pulumi.Any(feature.Location),\n\t\t\tName: pulumi.Any(feature.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.FeatureIamMember;\nimport com.pulumi.gcp.gkehub.FeatureIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new FeatureIamMember(\"member\", FeatureIamMemberArgs.builder() \n .project(feature.project())\n .location(feature.location())\n .name(feature.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:FeatureIamMember\n properties:\n project: ${feature.project}\n location: ${feature.location}\n name: ${feature.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/features/{{name}}\n\n* {{project}}/{{location}}/{{name}}\n\n* {{location}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub feature IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamPolicy:FeatureIamPolicy editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamPolicy:FeatureIamPolicy editor \"projects/{{project}}/locations/{{location}}/features/{{feature}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/featureIamPolicy:FeatureIamPolicy editor projects/{{project}}/locations/{{location}}/features/{{feature}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -184704,7 +185037,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -184731,7 +185064,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -184761,7 +185094,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -185380,7 +185713,7 @@ } }, "gcp:gkehub/membershipIamBinding:MembershipIamBinding": { - "description": "Three different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_membership\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n\n* {{project}}/{{location}}/{{membership_id}}\n\n* {{location}}/{{membership_id}}\n\n* {{membership_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub membership IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamBinding:MembershipIamBinding editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamBinding:MembershipIamBinding editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamBinding:MembershipIamBinding editor projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_membership\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_gke\\_hub\\_membership\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n\n* {{project}}/{{location}}/{{membership_id}}\n\n* {{location}}/{{membership_id}}\n\n* {{membership_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub membership IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamBinding:MembershipIamBinding editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamBinding:MembershipIamBinding editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamBinding:MembershipIamBinding editor projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkehub/MembershipIamBindingCondition:MembershipIamBindingCondition" @@ -185397,14 +185730,15 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "membershipId": { "type": "string" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -185433,7 +185767,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "membershipId": { "type": "string", @@ -185441,7 +185776,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -185475,7 +185810,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "membershipId": { "type": "string", @@ -185483,7 +185819,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -185496,7 +185832,7 @@ } }, "gcp:gkehub/membershipIamMember:MembershipIamMember": { - "description": "Three different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_membership\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n\n* {{project}}/{{location}}/{{membership_id}}\n\n* {{location}}/{{membership_id}}\n\n* {{membership_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub membership IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamMember:MembershipIamMember editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamMember:MembershipIamMember editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamMember:MembershipIamMember editor projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_membership\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_gke\\_hub\\_membership\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n\n* {{project}}/{{location}}/{{membership_id}}\n\n* {{location}}/{{membership_id}}\n\n* {{membership_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub membership IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamMember:MembershipIamMember editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamMember:MembershipIamMember editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamMember:MembershipIamMember editor projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkehub/MembershipIamMemberCondition:MembershipIamMemberCondition" @@ -185510,14 +185846,15 @@ "description": "Location of the membership.\nThe default value is `global`.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "membershipId": { "type": "string" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -185544,6 +185881,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "membershipId": { @@ -185552,7 +185890,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -185584,6 +185922,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "membershipId": { @@ -185592,7 +185931,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -185605,7 +185944,7 @@ } }, "gcp:gkehub/membershipIamPolicy:MembershipIamPolicy": { - "description": "Three different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_membership\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n\n* {{project}}/{{location}}/{{membership_id}}\n\n* {{location}}/{{membership_id}}\n\n* {{membership_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub membership IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamPolicy:MembershipIamPolicy editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamPolicy:MembershipIamPolicy editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamPolicy:MembershipIamPolicy editor projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Membership. Each of these resources serves a different use case:\n\n* `gcp.gkehub.MembershipIamPolicy`: Authoritative. Sets the IAM policy for the membership and replaces any existing policy already attached.\n* `gcp.gkehub.MembershipIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the membership are preserved.\n* `gcp.gkehub.MembershipIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the membership are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.MembershipIamPolicy`: Retrieves the IAM policy for the membership\n\n\u003e **Note:** `gcp.gkehub.MembershipIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.MembershipIamBinding` and `gcp.gkehub.MembershipIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.MembershipIamBinding` resources **can be** used in conjunction with `gcp.gkehub.MembershipIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_membership\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_gke\\_hub\\_membership\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.MembershipIamPolicy(\"policy\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.MembershipIamPolicy(\"policy\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.MembershipIamPolicy(\"policy\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewMembershipIamPolicy(ctx, \"policy\", \u0026gkehub.MembershipIamPolicyArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicy;\nimport com.pulumi.gcp.gkehub.MembershipIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new MembershipIamPolicy(\"policy\", MembershipIamPolicyArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:MembershipIamPolicy\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.MembershipIamBinding(\"binding\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.MembershipIamBinding(\"binding\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.MembershipIamBinding(\"binding\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamBinding(ctx, \"binding\", \u0026gkehub.MembershipIamBindingArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamBinding;\nimport com.pulumi.gcp.gkehub.MembershipIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new MembershipIamBinding(\"binding\", MembershipIamBindingArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:MembershipIamBinding\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_membership\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.MembershipIamMember(\"member\", {\n project: membership.project,\n location: membership.location,\n membershipId: membership.membershipId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.MembershipIamMember(\"member\",\n project=membership[\"project\"],\n location=membership[\"location\"],\n membership_id=membership[\"membershipId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.MembershipIamMember(\"member\", new()\n {\n Project = membership.Project,\n Location = membership.Location,\n MembershipId = membership.MembershipId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewMembershipIamMember(ctx, \"member\", \u0026gkehub.MembershipIamMemberArgs{\n\t\t\tProject: pulumi.Any(membership.Project),\n\t\t\tLocation: pulumi.Any(membership.Location),\n\t\t\tMembershipId: pulumi.Any(membership.MembershipId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.MembershipIamMember;\nimport com.pulumi.gcp.gkehub.MembershipIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new MembershipIamMember(\"member\", MembershipIamMemberArgs.builder() \n .project(membership.project())\n .location(membership.location())\n .membershipId(membership.membershipId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:MembershipIamMember\n properties:\n project: ${membership.project}\n location: ${membership.location}\n membershipId: ${membership.membershipId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n\n* {{project}}/{{location}}/{{membership_id}}\n\n* {{location}}/{{membership_id}}\n\n* {{membership_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub membership IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamPolicy:MembershipIamPolicy editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamPolicy:MembershipIamPolicy editor \"projects/{{project}}/locations/{{location}}/memberships/{{membership_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/membershipIamPolicy:MembershipIamPolicy editor projects/{{project}}/locations/{{location}}/memberships/{{membership_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -185624,7 +185963,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -185650,7 +185989,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -185680,7 +186019,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -186260,7 +186599,7 @@ } }, "gcp:gkehub/scopeIamBinding:ScopeIamBinding": { - "description": "Three different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_scope\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/scopes/{{scope_id}}\n\n* {{project}}/{{scope_id}}\n\n* {{scope_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub scope IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamBinding:ScopeIamBinding editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamBinding:ScopeIamBinding editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamBinding:ScopeIamBinding editor projects/{{project}}/locations/global/scopes/{{scope_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_scope\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_gke\\_hub\\_scope\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/scopes/{{scope_id}}\n\n* {{project}}/{{scope_id}}\n\n* {{scope_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub scope IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamBinding:ScopeIamBinding editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamBinding:ScopeIamBinding editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamBinding:ScopeIamBinding editor projects/{{project}}/locations/global/scopes/{{scope_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkehub/ScopeIamBindingCondition:ScopeIamBindingCondition" @@ -186273,11 +186612,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -186303,11 +186643,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -186340,11 +186681,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -186361,7 +186703,7 @@ } }, "gcp:gkehub/scopeIamMember:ScopeIamMember": { - "description": "Three different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_scope\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/scopes/{{scope_id}}\n\n* {{project}}/{{scope_id}}\n\n* {{scope_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub scope IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamMember:ScopeIamMember editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamMember:ScopeIamMember editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamMember:ScopeIamMember editor projects/{{project}}/locations/global/scopes/{{scope_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_scope\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_gke\\_hub\\_scope\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/scopes/{{scope_id}}\n\n* {{project}}/{{scope_id}}\n\n* {{scope_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub scope IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamMember:ScopeIamMember editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamMember:ScopeIamMember editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamMember:ScopeIamMember editor projects/{{project}}/locations/global/scopes/{{scope_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:gkehub/ScopeIamMemberCondition:ScopeIamMemberCondition" @@ -186371,11 +186713,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -186399,11 +186742,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -186434,11 +186778,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -186455,7 +186800,7 @@ } }, "gcp:gkehub/scopeIamPolicy:ScopeIamPolicy": { - "description": "Three different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_scope\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/scopes/{{scope_id}}\n\n* {{project}}/{{scope_id}}\n\n* {{scope_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub scope IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamPolicy:ScopeIamPolicy editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamPolicy:ScopeIamPolicy editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamPolicy:ScopeIamPolicy editor projects/{{project}}/locations/global/scopes/{{scope_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for GKEHub Scope. Each of these resources serves a different use case:\n\n* `gcp.gkehub.ScopeIamPolicy`: Authoritative. Sets the IAM policy for the scope and replaces any existing policy already attached.\n* `gcp.gkehub.ScopeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the scope are preserved.\n* `gcp.gkehub.ScopeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the scope are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.gkehub.ScopeIamPolicy`: Retrieves the IAM policy for the scope\n\n\u003e **Note:** `gcp.gkehub.ScopeIamPolicy` **cannot** be used in conjunction with `gcp.gkehub.ScopeIamBinding` and `gcp.gkehub.ScopeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.gkehub.ScopeIamBinding` resources **can be** used in conjunction with `gcp.gkehub.ScopeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_gke\\_hub\\_scope\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_gke\\_hub\\_scope\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.gkehub.ScopeIamPolicy(\"policy\", {\n project: scope.project,\n scopeId: scope.scopeId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.gkehub.ScopeIamPolicy(\"policy\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.GkeHub.ScopeIamPolicy(\"policy\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = gkehub.NewScopeIamPolicy(ctx, \"policy\", \u0026gkehub.ScopeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicy;\nimport com.pulumi.gcp.gkehub.ScopeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ScopeIamPolicy(\"policy\", ScopeIamPolicyArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:gkehub:ScopeIamPolicy\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.gkehub.ScopeIamBinding(\"binding\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.gkehub.ScopeIamBinding(\"binding\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.GkeHub.ScopeIamBinding(\"binding\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamBinding(ctx, \"binding\", \u0026gkehub.ScopeIamBindingArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamBinding;\nimport com.pulumi.gcp.gkehub.ScopeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ScopeIamBinding(\"binding\", ScopeIamBindingArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:gkehub:ScopeIamBinding\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_gke\\_hub\\_scope\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.gkehub.ScopeIamMember(\"member\", {\n project: scope.project,\n scopeId: scope.scopeId,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.gkehub.ScopeIamMember(\"member\",\n project=scope[\"project\"],\n scope_id=scope[\"scopeId\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.GkeHub.ScopeIamMember(\"member\", new()\n {\n Project = scope.Project,\n ScopeId = scope.ScopeId,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := gkehub.NewScopeIamMember(ctx, \"member\", \u0026gkehub.ScopeIamMemberArgs{\n\t\t\tProject: pulumi.Any(scope.Project),\n\t\t\tScopeId: pulumi.Any(scope.ScopeId),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.gkehub.ScopeIamMember;\nimport com.pulumi.gcp.gkehub.ScopeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ScopeIamMember(\"member\", ScopeIamMemberArgs.builder() \n .project(scope.project())\n .scopeId(scope.scopeId())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:gkehub:ScopeIamMember\n properties:\n project: ${scope.project}\n scopeId: ${scope.scopeId}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/global/scopes/{{scope_id}}\n\n* {{project}}/{{scope_id}}\n\n* {{scope_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nGKEHub scope IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamPolicy:ScopeIamPolicy editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamPolicy:ScopeIamPolicy editor \"projects/{{project}}/locations/global/scopes/{{scope_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:gkehub/scopeIamPolicy:ScopeIamPolicy editor projects/{{project}}/locations/global/scopes/{{scope_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -186467,7 +186812,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "scopeId": { "type": "string" @@ -186486,7 +186831,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "scopeId": { @@ -186511,7 +186856,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "scopeId": { @@ -188563,7 +188908,7 @@ } }, "gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{dataset}}/consentStores/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding editor {{dataset}}/consentStores/{{consent_store}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{dataset}}/consentStores/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamBinding:ConsentStoreIamBinding editor {{dataset}}/consentStores/{{consent_store}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/ConsentStoreIamBindingCondition:ConsentStoreIamBindingCondition" @@ -188574,7 +188919,7 @@ }, "dataset": { "type": "string", - "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n" }, "etag": { "type": "string", @@ -188584,7 +188929,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -188610,14 +188956,15 @@ }, "dataset": { "type": "string", - "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -188645,7 +188992,7 @@ }, "dataset": { "type": "string", - "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "etag": { @@ -188656,7 +189003,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -188668,7 +189016,7 @@ } }, "gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{dataset}}/consentStores/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember editor {{dataset}}/consentStores/{{consent_store}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{dataset}}/consentStores/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamMember:ConsentStoreIamMember editor {{dataset}}/consentStores/{{consent_store}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/ConsentStoreIamMemberCondition:ConsentStoreIamMemberCondition" @@ -188679,14 +189027,15 @@ }, "dataset": { "type": "string", - "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n" }, "etag": { "type": "string", "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -188712,11 +189061,12 @@ }, "dataset": { "type": "string", - "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -188745,7 +189095,7 @@ }, "dataset": { "type": "string", - "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "etag": { @@ -188754,6 +189104,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -188766,7 +189117,7 @@ } }, "gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{dataset}}/consentStores/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy editor {{dataset}}/consentStores/{{consent_store}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Healthcare ConsentStore. Each of these resources serves a different use case:\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Authoritative. Sets the IAM policy for the consentstore and replaces any existing policy already attached.\n* `gcp.healthcare.ConsentStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the consentstore are preserved.\n* `gcp.healthcare.ConsentStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the consentstore are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.healthcare.ConsentStoreIamPolicy`: Retrieves the IAM policy for the consentstore\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.ConsentStoreIamBinding` and `gcp.healthcare.ConsentStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.ConsentStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.ConsentStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.healthcare.ConsentStoreIamPolicy(\"policy\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.healthcare.ConsentStoreIamPolicy(\"policy\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Healthcare.ConsentStoreIamPolicy(\"policy\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewConsentStoreIamPolicy(ctx, \"policy\", \u0026healthcare.ConsentStoreIamPolicyArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ConsentStoreIamPolicy(\"policy\", ConsentStoreIamPolicyArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:healthcare:ConsentStoreIamPolicy\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.healthcare.ConsentStoreIamBinding(\"binding\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.healthcare.ConsentStoreIamBinding(\"binding\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Healthcare.ConsentStoreIamBinding(\"binding\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamBinding(ctx, \"binding\", \u0026healthcare.ConsentStoreIamBindingArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBinding;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ConsentStoreIamBinding(\"binding\", ConsentStoreIamBindingArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:healthcare:ConsentStoreIamBinding\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_consent\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.healthcare.ConsentStoreIamMember(\"member\", {\n dataset: my_consent.dataset,\n consentStoreId: my_consent.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.healthcare.ConsentStoreIamMember(\"member\",\n dataset=my_consent[\"dataset\"],\n consent_store_id=my_consent[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Healthcare.ConsentStoreIamMember(\"member\", new()\n {\n Dataset = my_consent.Dataset,\n ConsentStoreId = my_consent.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewConsentStoreIamMember(ctx, \"member\", \u0026healthcare.ConsentStoreIamMemberArgs{\n\t\t\tDataset: pulumi.Any(my_consent.Dataset),\n\t\t\tConsentStoreId: pulumi.Any(my_consent.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMember;\nimport com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ConsentStoreIamMember(\"member\", ConsentStoreIamMemberArgs.builder() \n .dataset(my_consent.dataset())\n .consentStoreId(my_consent.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:healthcare:ConsentStoreIamMember\n properties:\n dataset: ${[\"my-consent\"].dataset}\n consentStoreId: ${[\"my-consent\"].name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* {{dataset}}/consentStores/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Healthcare consentstore IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy editor \"{{dataset}}/consentStores/{{consent_store}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:healthcare/consentStoreIamPolicy:ConsentStoreIamPolicy editor {{dataset}}/consentStores/{{consent_store}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "consentStoreId": { "type": "string", @@ -188774,7 +189125,7 @@ }, "dataset": { "type": "string", - "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n" }, "etag": { "type": "string", @@ -188799,7 +189150,7 @@ }, "dataset": { "type": "string", - "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "policyData": { @@ -188822,7 +189173,7 @@ }, "dataset": { "type": "string", - "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Identifies the dataset addressed by this request. Must be in the format\n'projects/{project}/locations/{location}/datasets/{dataset}'\nUsed to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "etag": { @@ -188923,14 +189274,14 @@ } }, "gcp:healthcare/datasetIamBinding:DatasetIamBinding": { - "description": "Three different resources help you manage your IAM policy for Healthcare dataset. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.healthcare.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.healthcare.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DatasetIamBinding` and `gcp.healthcare.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcase Dataset resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}\"\n\n to = google_healthcare_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/datasetIamBinding:DatasetIamBinding default {{project_id}}/{{location}}/{{dataset}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare dataset. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.healthcare.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.healthcare.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DatasetIamBinding` and `gcp.healthcare.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcase Dataset resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}\"\n\n to = google_healthcare_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/datasetIamBinding:DatasetIamBinding default {{project_id}}/{{location}}/{{dataset}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/DatasetIamBindingCondition:DatasetIamBindingCondition" }, "datasetId": { "type": "string", - "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "etag": { "type": "string", @@ -188940,7 +189291,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -188960,14 +189312,15 @@ }, "datasetId": { "type": "string", - "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -188989,7 +189342,7 @@ }, "datasetId": { "type": "string", - "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "etag": { @@ -189000,7 +189353,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -189012,21 +189366,22 @@ } }, "gcp:healthcare/datasetIamMember:DatasetIamMember": { - "description": "Three different resources help you manage your IAM policy for Healthcare dataset. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.healthcare.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.healthcare.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DatasetIamBinding` and `gcp.healthcare.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcase Dataset resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}\"\n\n to = google_healthcare_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/datasetIamMember:DatasetIamMember default {{project_id}}/{{location}}/{{dataset}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare dataset. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.healthcare.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.healthcare.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DatasetIamBinding` and `gcp.healthcare.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcase Dataset resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}\"\n\n to = google_healthcare_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/datasetIamMember:DatasetIamMember default {{project_id}}/{{location}}/{{dataset}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/DatasetIamMemberCondition:DatasetIamMemberCondition" }, "datasetId": { "type": "string", - "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "etag": { "type": "string", "description": "(Computed) The etag of the dataset's IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -189046,11 +189401,12 @@ }, "datasetId": { "type": "string", - "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -189073,7 +189429,7 @@ }, "datasetId": { "type": "string", - "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "etag": { @@ -189082,6 +189438,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -189094,11 +189451,11 @@ } }, "gcp:healthcare/datasetIamPolicy:DatasetIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Healthcare dataset. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.healthcare.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.healthcare.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DatasetIamBinding` and `gcp.healthcare.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcase Dataset resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}\"\n\n to = google_healthcare_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/datasetIamPolicy:DatasetIamPolicy default {{project_id}}/{{location}}/{{dataset}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare dataset. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DatasetIamPolicy`: Authoritative. Sets the IAM policy for the dataset and replaces any existing policy already attached.\n* `gcp.healthcare.DatasetIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the dataset are preserved.\n* `gcp.healthcare.DatasetIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the dataset are preserved.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DatasetIamBinding` and `gcp.healthcare.DatasetIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DatasetIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DatasetIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dataset = new gcp.healthcare.DatasetIamPolicy(\"dataset\", {\n datasetId: \"your-dataset-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndataset = gcp.healthcare.DatasetIamPolicy(\"dataset\",\n dataset_id=\"your-dataset-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dataset = new Gcp.Healthcare.DatasetIamPolicy(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDatasetIamPolicy(ctx, \"dataset\", \u0026healthcare.DatasetIamPolicyArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicy;\nimport com.pulumi.gcp.healthcare.DatasetIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dataset = new DatasetIamPolicy(\"dataset\", DatasetIamPolicyArgs.builder() \n .datasetId(\"your-dataset-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamPolicy\n properties:\n datasetId: your-dataset-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamBinding(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamBinding(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamBinding(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamBinding(ctx, \"dataset\", \u0026healthcare.DatasetIamBindingArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamBinding;\nimport com.pulumi.gcp.healthcare.DatasetIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamBinding(\"dataset\", DatasetIamBindingArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamBinding\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dataset\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dataset = new gcp.healthcare.DatasetIamMember(\"dataset\", {\n datasetId: \"your-dataset-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndataset = gcp.healthcare.DatasetIamMember(\"dataset\",\n dataset_id=\"your-dataset-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dataset = new Gcp.Healthcare.DatasetIamMember(\"dataset\", new()\n {\n DatasetId = \"your-dataset-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDatasetIamMember(ctx, \"dataset\", \u0026healthcare.DatasetIamMemberArgs{\n\t\t\tDatasetId: pulumi.String(\"your-dataset-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DatasetIamMember;\nimport com.pulumi.gcp.healthcare.DatasetIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dataset = new DatasetIamMember(\"dataset\", DatasetIamMemberArgs.builder() \n .datasetId(\"your-dataset-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dataset:\n type: gcp:healthcare:DatasetIamMember\n properties:\n datasetId: your-dataset-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcase Dataset resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}\"\n\n to = google_healthcare_dataset_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/datasetIamPolicy:DatasetIamPolicy default {{project_id}}/{{location}}/{{dataset}}\n```\n\n", "properties": { "datasetId": { "type": "string", - "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "etag": { "type": "string", @@ -189117,7 +189474,7 @@ "inputProperties": { "datasetId": { "type": "string", - "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "policyData": { @@ -189134,7 +189491,7 @@ "properties": { "datasetId": { "type": "string", - "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The dataset ID, in the form\n`{project_id}/{location_name}/{dataset_name}` or\n`{location_name}/{dataset_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "etag": { @@ -189295,14 +189652,14 @@ } }, "gcp:healthcare/dicomStoreIamBinding:DicomStoreIamBinding": { - "description": "Three different resources help you manage your IAM policy for Healthcare DICOM store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DicomStoreIamPolicy`: Authoritative. Sets the IAM policy for the DICOM store and replaces any existing policy already attached.\n* `gcp.healthcare.DicomStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the DICOM store are preserved.\n* `gcp.healthcare.DicomStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the DICOM store are preserved.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DicomStoreIamBinding` and `gcp.healthcare.DicomStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DicomStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare DICOM store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"\n\n to = google_healthcare_dicom_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/dicomStoreIamBinding:DicomStoreIamBinding default {{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare DICOM store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DicomStoreIamPolicy`: Authoritative. Sets the IAM policy for the DICOM store and replaces any existing policy already attached.\n* `gcp.healthcare.DicomStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the DICOM store are preserved.\n* `gcp.healthcare.DicomStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the DICOM store are preserved.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DicomStoreIamBinding` and `gcp.healthcare.DicomStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DicomStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare DICOM store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"\n\n to = google_healthcare_dicom_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/dicomStoreIamBinding:DicomStoreIamBinding default {{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/DicomStoreIamBindingCondition:DicomStoreIamBindingCondition" }, "dicomStoreId": { "type": "string", - "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "etag": { "type": "string", @@ -189312,7 +189669,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -189332,14 +189690,15 @@ }, "dicomStoreId": { "type": "string", - "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -189361,7 +189720,7 @@ }, "dicomStoreId": { "type": "string", - "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "etag": { @@ -189372,7 +189731,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -189384,21 +189744,22 @@ } }, "gcp:healthcare/dicomStoreIamMember:DicomStoreIamMember": { - "description": "Three different resources help you manage your IAM policy for Healthcare DICOM store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DicomStoreIamPolicy`: Authoritative. Sets the IAM policy for the DICOM store and replaces any existing policy already attached.\n* `gcp.healthcare.DicomStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the DICOM store are preserved.\n* `gcp.healthcare.DicomStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the DICOM store are preserved.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DicomStoreIamBinding` and `gcp.healthcare.DicomStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DicomStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare DICOM store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"\n\n to = google_healthcare_dicom_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/dicomStoreIamMember:DicomStoreIamMember default {{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare DICOM store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DicomStoreIamPolicy`: Authoritative. Sets the IAM policy for the DICOM store and replaces any existing policy already attached.\n* `gcp.healthcare.DicomStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the DICOM store are preserved.\n* `gcp.healthcare.DicomStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the DICOM store are preserved.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DicomStoreIamBinding` and `gcp.healthcare.DicomStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DicomStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare DICOM store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"\n\n to = google_healthcare_dicom_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/dicomStoreIamMember:DicomStoreIamMember default {{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/DicomStoreIamMemberCondition:DicomStoreIamMemberCondition" }, "dicomStoreId": { "type": "string", - "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "etag": { "type": "string", "description": "(Computed) The etag of the DICOM store's IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -189418,11 +189779,12 @@ }, "dicomStoreId": { "type": "string", - "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -189445,7 +189807,7 @@ }, "dicomStoreId": { "type": "string", - "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "etag": { @@ -189454,6 +189816,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -189466,11 +189829,11 @@ } }, "gcp:healthcare/dicomStoreIamPolicy:DicomStoreIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Healthcare DICOM store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DicomStoreIamPolicy`: Authoritative. Sets the IAM policy for the DICOM store and replaces any existing policy already attached.\n* `gcp.healthcare.DicomStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the DICOM store are preserved.\n* `gcp.healthcare.DicomStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the DICOM store are preserved.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DicomStoreIamBinding` and `gcp.healthcare.DicomStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DicomStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare DICOM store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"\n\n to = google_healthcare_dicom_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/dicomStoreIamPolicy:DicomStoreIamPolicy default {{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare DICOM store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.DicomStoreIamPolicy`: Authoritative. Sets the IAM policy for the DICOM store and replaces any existing policy already attached.\n* `gcp.healthcare.DicomStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the DICOM store are preserved.\n* `gcp.healthcare.DicomStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the DICOM store are preserved.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.DicomStoreIamBinding` and `gcp.healthcare.DicomStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.DicomStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.DicomStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst dicomStore = new gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndicom_store = gcp.healthcare.DicomStoreIamPolicy(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewDicomStoreIamPolicy(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamPolicyArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var dicomStore = new DicomStoreIamPolicy(\"dicomStore\", DicomStoreIamPolicyArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamPolicy\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamBinding(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamBinding(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamBinding(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamBindingArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBinding;\nimport com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamBinding(\"dicomStore\", DicomStoreIamBindingArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamBinding\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_dicom\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst dicomStore = new gcp.healthcare.DicomStoreIamMember(\"dicom_store\", {\n dicomStoreId: \"your-dicom-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndicom_store = gcp.healthcare.DicomStoreIamMember(\"dicom_store\",\n dicom_store_id=\"your-dicom-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var dicomStore = new Gcp.Healthcare.DicomStoreIamMember(\"dicom_store\", new()\n {\n DicomStoreId = \"your-dicom-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewDicomStoreIamMember(ctx, \"dicom_store\", \u0026healthcare.DicomStoreIamMemberArgs{\n\t\t\tDicomStoreId: pulumi.String(\"your-dicom-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMember;\nimport com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var dicomStore = new DicomStoreIamMember(\"dicomStore\", DicomStoreIamMemberArgs.builder() \n .dicomStoreId(\"your-dicom-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n dicomStore:\n type: gcp:healthcare:DicomStoreIamMember\n name: dicom_store\n properties:\n dicomStoreId: your-dicom-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare DICOM store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\"\n\n to = google_healthcare_dicom_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/dicomStoreIamPolicy:DicomStoreIamPolicy default {{project_id}}/{{location}}/{{dataset}}/{{dicom_store}}\n```\n\n", "properties": { "dicomStoreId": { "type": "string", - "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "etag": { "type": "string", @@ -189489,7 +189852,7 @@ "inputProperties": { "dicomStoreId": { "type": "string", - "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "policyData": { @@ -189506,7 +189869,7 @@ "properties": { "dicomStoreId": { "type": "string", - "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The DICOM store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or\n`{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "etag": { @@ -189793,7 +190156,7 @@ } }, "gcp:healthcare/fhirStoreIamBinding:FhirStoreIamBinding": { - "description": "Three different resources help you manage your IAM policy for Healthcare FHIR store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.FhirStoreIamPolicy`: Authoritative. Sets the IAM policy for the FHIR store and replaces any existing policy already attached.\n* `gcp.healthcare.FhirStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the FHIR store are preserved.\n* `gcp.healthcare.FhirStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the FHIR store are preserved.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.FhirStoreIamBinding` and `gcp.healthcare.FhirStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.FhirStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare FHIR store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"\n\n to = google_healthcare_fhir_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/fhirStoreIamBinding:FhirStoreIamBinding default {{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare FHIR store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.FhirStoreIamPolicy`: Authoritative. Sets the IAM policy for the FHIR store and replaces any existing policy already attached.\n* `gcp.healthcare.FhirStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the FHIR store are preserved.\n* `gcp.healthcare.FhirStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the FHIR store are preserved.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.FhirStoreIamBinding` and `gcp.healthcare.FhirStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.FhirStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare FHIR store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"\n\n to = google_healthcare_fhir_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/fhirStoreIamBinding:FhirStoreIamBinding default {{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/FhirStoreIamBindingCondition:FhirStoreIamBindingCondition" @@ -189804,13 +190167,14 @@ }, "fhirStoreId": { "type": "string", - "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -189830,14 +190194,15 @@ }, "fhirStoreId": { "type": "string", - "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -189863,14 +190228,15 @@ }, "fhirStoreId": { "type": "string", - "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -189882,7 +190248,7 @@ } }, "gcp:healthcare/fhirStoreIamMember:FhirStoreIamMember": { - "description": "Three different resources help you manage your IAM policy for Healthcare FHIR store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.FhirStoreIamPolicy`: Authoritative. Sets the IAM policy for the FHIR store and replaces any existing policy already attached.\n* `gcp.healthcare.FhirStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the FHIR store are preserved.\n* `gcp.healthcare.FhirStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the FHIR store are preserved.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.FhirStoreIamBinding` and `gcp.healthcare.FhirStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.FhirStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare FHIR store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"\n\n to = google_healthcare_fhir_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/fhirStoreIamMember:FhirStoreIamMember default {{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare FHIR store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.FhirStoreIamPolicy`: Authoritative. Sets the IAM policy for the FHIR store and replaces any existing policy already attached.\n* `gcp.healthcare.FhirStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the FHIR store are preserved.\n* `gcp.healthcare.FhirStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the FHIR store are preserved.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.FhirStoreIamBinding` and `gcp.healthcare.FhirStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.FhirStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare FHIR store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"\n\n to = google_healthcare_fhir_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/fhirStoreIamMember:FhirStoreIamMember default {{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/FhirStoreIamMemberCondition:FhirStoreIamMemberCondition" @@ -189893,10 +190259,11 @@ }, "fhirStoreId": { "type": "string", - "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -189916,11 +190283,12 @@ }, "fhirStoreId": { "type": "string", - "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -189947,11 +190315,12 @@ }, "fhirStoreId": { "type": "string", - "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -189964,7 +190333,7 @@ } }, "gcp:healthcare/fhirStoreIamPolicy:FhirStoreIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Healthcare FHIR store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.FhirStoreIamPolicy`: Authoritative. Sets the IAM policy for the FHIR store and replaces any existing policy already attached.\n* `gcp.healthcare.FhirStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the FHIR store are preserved.\n* `gcp.healthcare.FhirStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the FHIR store are preserved.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.FhirStoreIamBinding` and `gcp.healthcare.FhirStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.FhirStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare FHIR store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"\n\n to = google_healthcare_fhir_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/fhirStoreIamPolicy:FhirStoreIamPolicy default {{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare FHIR store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.FhirStoreIamPolicy`: Authoritative. Sets the IAM policy for the FHIR store and replaces any existing policy already attached.\n* `gcp.healthcare.FhirStoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the FHIR store are preserved.\n* `gcp.healthcare.FhirStoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the FHIR store are preserved.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.FhirStoreIamBinding` and `gcp.healthcare.FhirStoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.FhirStoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.FhirStoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst fhirStore = new gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nfhir_store = gcp.healthcare.FhirStoreIamPolicy(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewFhirStoreIamPolicy(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamPolicyArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicy;\nimport com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var fhirStore = new FhirStoreIamPolicy(\"fhirStore\", FhirStoreIamPolicyArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamPolicy\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamBinding(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamBinding(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamBinding(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamBindingArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBinding;\nimport com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamBinding(\"fhirStore\", FhirStoreIamBindingArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamBinding\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_fhir\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst fhirStore = new gcp.healthcare.FhirStoreIamMember(\"fhir_store\", {\n fhirStoreId: \"your-fhir-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nfhir_store = gcp.healthcare.FhirStoreIamMember(\"fhir_store\",\n fhir_store_id=\"your-fhir-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var fhirStore = new Gcp.Healthcare.FhirStoreIamMember(\"fhir_store\", new()\n {\n FhirStoreId = \"your-fhir-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewFhirStoreIamMember(ctx, \"fhir_store\", \u0026healthcare.FhirStoreIamMemberArgs{\n\t\t\tFhirStoreId: pulumi.String(\"your-fhir-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMember;\nimport com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var fhirStore = new FhirStoreIamMember(\"fhirStore\", FhirStoreIamMemberArgs.builder() \n .fhirStoreId(\"your-fhir-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n fhirStore:\n type: gcp:healthcare:FhirStoreIamMember\n name: fhir_store\n properties:\n fhirStoreId: your-fhir-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Healthcare FHIR store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\"\n\n to = google_healthcare_fhir_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/fhirStoreIamPolicy:FhirStoreIamPolicy default {{project_id}}/{{location}}/{{dataset}}/{{fhir_store}}\n```\n\n", "properties": { "etag": { "type": "string", @@ -189972,7 +190341,7 @@ }, "fhirStoreId": { "type": "string", - "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "policyData": { "type": "string", @@ -189987,7 +190356,7 @@ "inputProperties": { "fhirStoreId": { "type": "string", - "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "policyData": { @@ -190008,7 +190377,7 @@ }, "fhirStoreId": { "type": "string", - "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The FHIR store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or\n`{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "policyData": { @@ -190193,7 +190562,7 @@ } }, "gcp:healthcare/hl7StoreIamBinding:Hl7StoreIamBinding": { - "description": "Three different resources help you manage your IAM policy for Healthcare HL7v2 store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.Hl7StoreIamPolicy`: Authoritative. Sets the IAM policy for the HL7v2 store and replaces any existing policy already attached.\n* `gcp.healthcare.Hl7StoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the HL7v2 store are preserved.\n* `gcp.healthcare.Hl7StoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the HL7v2 store are preserved.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.Hl7StoreIamBinding` and `gcp.healthcare.Hl7StoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.Hl7StoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Google Cloud Healthcare HL7v2 store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"\n\n to = google_healthcare_hl7_v2_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/hl7StoreIamBinding:Hl7StoreIamBinding default {{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare HL7v2 store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.Hl7StoreIamPolicy`: Authoritative. Sets the IAM policy for the HL7v2 store and replaces any existing policy already attached.\n* `gcp.healthcare.Hl7StoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the HL7v2 store are preserved.\n* `gcp.healthcare.Hl7StoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the HL7v2 store are preserved.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.Hl7StoreIamBinding` and `gcp.healthcare.Hl7StoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.Hl7StoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Google Cloud Healthcare HL7v2 store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"\n\n to = google_healthcare_hl7_v2_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/hl7StoreIamBinding:Hl7StoreIamBinding default {{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/Hl7StoreIamBindingCondition:Hl7StoreIamBindingCondition" @@ -190204,13 +190573,14 @@ }, "hl7V2StoreId": { "type": "string", - "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -190230,14 +190600,15 @@ }, "hl7V2StoreId": { "type": "string", - "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -190263,14 +190634,15 @@ }, "hl7V2StoreId": { "type": "string", - "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -190282,7 +190654,7 @@ } }, "gcp:healthcare/hl7StoreIamMember:Hl7StoreIamMember": { - "description": "Three different resources help you manage your IAM policy for Healthcare HL7v2 store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.Hl7StoreIamPolicy`: Authoritative. Sets the IAM policy for the HL7v2 store and replaces any existing policy already attached.\n* `gcp.healthcare.Hl7StoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the HL7v2 store are preserved.\n* `gcp.healthcare.Hl7StoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the HL7v2 store are preserved.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.Hl7StoreIamBinding` and `gcp.healthcare.Hl7StoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.Hl7StoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Google Cloud Healthcare HL7v2 store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"\n\n to = google_healthcare_hl7_v2_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/hl7StoreIamMember:Hl7StoreIamMember default {{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare HL7v2 store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.Hl7StoreIamPolicy`: Authoritative. Sets the IAM policy for the HL7v2 store and replaces any existing policy already attached.\n* `gcp.healthcare.Hl7StoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the HL7v2 store are preserved.\n* `gcp.healthcare.Hl7StoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the HL7v2 store are preserved.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.Hl7StoreIamBinding` and `gcp.healthcare.Hl7StoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.Hl7StoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Google Cloud Healthcare HL7v2 store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"\n\n to = google_healthcare_hl7_v2_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/hl7StoreIamMember:Hl7StoreIamMember default {{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:healthcare/Hl7StoreIamMemberCondition:Hl7StoreIamMemberCondition" @@ -190293,10 +190665,11 @@ }, "hl7V2StoreId": { "type": "string", - "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -190316,11 +190689,12 @@ }, "hl7V2StoreId": { "type": "string", - "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -190347,11 +190721,12 @@ }, "hl7V2StoreId": { "type": "string", - "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -190364,7 +190739,7 @@ } }, "gcp:healthcare/hl7StoreIamPolicy:Hl7StoreIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Healthcare HL7v2 store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.Hl7StoreIamPolicy`: Authoritative. Sets the IAM policy for the HL7v2 store and replaces any existing policy already attached.\n* `gcp.healthcare.Hl7StoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the HL7v2 store are preserved.\n* `gcp.healthcare.Hl7StoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the HL7v2 store are preserved.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.Hl7StoreIamBinding` and `gcp.healthcare.Hl7StoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.Hl7StoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Google Cloud Healthcare HL7v2 store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"\n\n to = google_healthcare_hl7_v2_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/hl7StoreIamPolicy:Hl7StoreIamPolicy default {{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for Healthcare HL7v2 store. Each of these resources serves a different use case:\n\n* `gcp.healthcare.Hl7StoreIamPolicy`: Authoritative. Sets the IAM policy for the HL7v2 store and replaces any existing policy already attached.\n* `gcp.healthcare.Hl7StoreIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the HL7v2 store are preserved.\n* `gcp.healthcare.Hl7StoreIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the HL7v2 store are preserved.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamPolicy` **cannot** be used in conjunction with `gcp.healthcare.Hl7StoreIamBinding` and `gcp.healthcare.Hl7StoreIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.healthcare.Hl7StoreIamBinding` resources **can be** used in conjunction with `gcp.healthcare.Hl7StoreIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nhl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = healthcare.NewHl7StoreIamPolicy(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamPolicyArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicy;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var hl7V2Store = new Hl7StoreIamPolicy(\"hl7V2Store\", Hl7StoreIamPolicyArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamPolicy\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamBinding(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamBinding(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamBindingArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBinding;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamBinding(\"hl7V2Store\", Hl7StoreIamBindingArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamBinding\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst hl7V2Store = new gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\", {\n hl7V2StoreId: \"your-hl7-v2-store-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nhl7_v2_store = gcp.healthcare.Hl7StoreIamMember(\"hl7_v2_store\",\n hl7_v2_store_id=\"your-hl7-v2-store-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember(\"hl7_v2_store\", new()\n {\n Hl7V2StoreId = \"your-hl7-v2-store-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := healthcare.NewHl7StoreIamMember(ctx, \"hl7_v2_store\", \u0026healthcare.Hl7StoreIamMemberArgs{\n\t\t\tHl7V2StoreId: pulumi.String(\"your-hl7-v2-store-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMember;\nimport com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var hl7V2Store = new Hl7StoreIamMember(\"hl7V2Store\", Hl7StoreIamMemberArgs.builder() \n .hl7V2StoreId(\"your-hl7-v2-store-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n hl7V2Store:\n type: gcp:healthcare:Hl7StoreIamMember\n name: hl7_v2_store\n properties:\n hl7V2StoreId: your-hl7-v2-store-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Google Cloud Healthcare HL7v2 store resource. For example:\n\n* `\"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\"\n\n to = google_healthcare_hl7_v2_store_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:healthcare/hl7StoreIamPolicy:Hl7StoreIamPolicy default {{project_id}}/{{location}}/{{dataset}}/{{hl7_v2_store}}\n```\n\n", "properties": { "etag": { "type": "string", @@ -190372,7 +190747,7 @@ }, "hl7V2StoreId": { "type": "string", - "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "policyData": { "type": "string", @@ -190387,7 +190762,7 @@ "inputProperties": { "hl7V2StoreId": { "type": "string", - "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "policyData": { @@ -190408,7 +190783,7 @@ }, "hl7V2StoreId": { "type": "string", - "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The HL7v2 store ID, in the form\n`{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or\n`{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "policyData": { @@ -191214,7 +191589,7 @@ } }, "gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n\n* {{project}}/{{appId}}/{{service}}\n\n* {{appId}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n\n* {{project}}/{{appId}}/{{service}}\n\n* {{appId}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamBinding:AppEngineServiceIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -191232,11 +191607,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -191270,11 +191646,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -191315,11 +191692,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -191337,7 +191715,7 @@ } }, "gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n\n* {{project}}/{{appId}}/{{service}}\n\n* {{appId}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n\n* {{project}}/{{appId}}/{{service}}\n\n* {{appId}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamMember:AppEngineServiceIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -191352,11 +191730,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -191388,11 +191767,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -191431,11 +191811,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -191453,7 +191834,7 @@ } }, "gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n\n* {{project}}/{{appId}}/{{service}}\n\n* {{appId}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineService. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Authoritative. Sets the IAM policy for the appengineservice and replaces any existing policy already attached.\n* `gcp.iap.AppEngineServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineservice are preserved.\n* `gcp.iap.AppEngineServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineServiceIamPolicy`: Retrieves the IAM policy for the appengineservice\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineServiceIamBinding` and `gcp.iap.AppEngineServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineServiceIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineServiceIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineServiceIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineServiceIamPolicy(ctx, \"policy\", \u0026iap.AppEngineServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineServiceIamPolicy(\"policy\", AppEngineServiceIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineServiceIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineServiceIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineServiceIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineServiceIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamBinding(ctx, \"binding\", \u0026iap.AppEngineServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBinding;\nimport com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineServiceIamBinding(\"binding\", AppEngineServiceIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineServiceIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineServiceIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineServiceIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineServiceIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineServiceIamMember(ctx, \"member\", \u0026iap.AppEngineServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMember;\nimport com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineServiceIamMember(\"member\", AppEngineServiceIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineServiceIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n\n* {{project}}/{{appId}}/{{service}}\n\n* {{appId}}/{{service}}\n\n* {{service}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineServiceIamPolicy:AppEngineServiceIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -191469,7 +191850,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "service": { "type": "string", @@ -191495,7 +191876,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "service": { @@ -191527,7 +191908,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "service": { @@ -191540,7 +191921,7 @@ } }, "gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineVersionIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineVersionIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n\n* {{project}}/{{appId}}/{{service}}/{{versionId}}\n\n* {{appId}}/{{service}}/{{versionId}}\n\n* {{version}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineVersionIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineVersionIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineVersionIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineVersionIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n\n* {{project}}/{{appId}}/{{service}}/{{versionId}}\n\n* {{appId}}/{{service}}/{{versionId}}\n\n* {{version}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamBinding:AppEngineVersionIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -191558,11 +191939,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -191601,11 +191983,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -191652,11 +192035,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -191679,7 +192063,7 @@ } }, "gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineVersionIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineVersionIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n\n* {{project}}/{{appId}}/{{service}}/{{versionId}}\n\n* {{appId}}/{{service}}/{{versionId}}\n\n* {{version}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineVersionIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineVersionIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineVersionIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineVersionIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n\n* {{project}}/{{appId}}/{{service}}/{{versionId}}\n\n* {{appId}}/{{service}}/{{versionId}}\n\n* {{version}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamMember:AppEngineVersionIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -191694,11 +192078,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -191735,11 +192120,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -191784,11 +192170,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -191811,7 +192198,7 @@ } }, "gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineVersionIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineVersionIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n\n* {{project}}/{{appId}}/{{service}}/{{versionId}}\n\n* {{appId}}/{{service}}/{{versionId}}\n\n* {{version}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy AppEngineVersion. Each of these resources serves a different use case:\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Authoritative. Sets the IAM policy for the appengineversion and replaces any existing policy already attached.\n* `gcp.iap.AppEngineVersionIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the appengineversion are preserved.\n* `gcp.iap.AppEngineVersionIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the appengineversion are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.AppEngineVersionIamPolicy`: Retrieves the IAM policy for the appengineversion\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamPolicy` **cannot** be used in conjunction with `gcp.iap.AppEngineVersionIamBinding` and `gcp.iap.AppEngineVersionIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.AppEngineVersionIamBinding` resources **can be** used in conjunction with `gcp.iap.AppEngineVersionIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineVersionIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineVersionIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.AppEngineVersionIamPolicy(\"policy\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.AppEngineVersionIamPolicy(\"policy\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.AppEngineVersionIamPolicy(\"policy\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewAppEngineVersionIamPolicy(ctx, \"policy\", \u0026iap.AppEngineVersionIamPolicyArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicy;\nimport com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new AppEngineVersionIamPolicy(\"policy\", AppEngineVersionIamPolicyArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:AppEngineVersionIamPolicy\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.AppEngineVersionIamBinding(\"binding\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.AppEngineVersionIamBinding(\"binding\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.AppEngineVersionIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.AppEngineVersionIamBinding(\"binding\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamBinding(ctx, \"binding\", \u0026iap.AppEngineVersionIamBindingArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.AppEngineVersionIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBinding;\nimport com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new AppEngineVersionIamBinding(\"binding\", AppEngineVersionIamBindingArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(AppEngineVersionIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:AppEngineVersionIamBinding\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_app\\_engine\\_version\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.AppEngineVersionIamMember(\"member\", {\n project: version.project,\n appId: version.project,\n service: version.service,\n versionId: version.versionId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.AppEngineVersionIamMember(\"member\",\n project=version[\"project\"],\n app_id=version[\"project\"],\n service=version[\"service\"],\n version_id=version[\"versionId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.AppEngineVersionIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.AppEngineVersionIamMember(\"member\", new()\n {\n Project = version.Project,\n AppId = version.Project,\n Service = version.Service,\n VersionId = version.VersionId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewAppEngineVersionIamMember(ctx, \"member\", \u0026iap.AppEngineVersionIamMemberArgs{\n\t\t\tProject: pulumi.Any(version.Project),\n\t\t\tAppId: pulumi.Any(version.Project),\n\t\t\tService: pulumi.Any(version.Service),\n\t\t\tVersionId: pulumi.Any(version.VersionId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.AppEngineVersionIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMember;\nimport com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new AppEngineVersionIamMember(\"member\", AppEngineVersionIamMemberArgs.builder() \n .project(version.project())\n .appId(version.project())\n .service(version.service())\n .versionId(version.versionId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(AppEngineVersionIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:AppEngineVersionIamMember\n properties:\n project: ${version.project}\n appId: ${version.project}\n service: ${version.service}\n versionId: ${version.versionId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n\n* {{project}}/{{appId}}/{{service}}/{{versionId}}\n\n* {{appId}}/{{service}}/{{versionId}}\n\n* {{version}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy appengineversion IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/appEngineVersionIamPolicy:AppEngineVersionIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}/services/{{service}}/versions/{{versionId}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -191827,7 +192214,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "service": { "type": "string", @@ -191858,7 +192245,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "service": { @@ -191896,7 +192283,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "service": { @@ -192179,7 +192566,7 @@ } }, "gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/{{region}}/{{dest_group}}\n\n* {{region}}/{{dest_group}}\n\n* {{dest_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunneldestgroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding editor projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/{{region}}/{{dest_group}}\n\n* {{region}}/{{dest_group}}\n\n* {{dest_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunneldestgroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamBinding:TunnelDestGroupIamBinding editor projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/TunnelDestGroupIamBindingCondition:TunnelDestGroupIamBindingCondition", @@ -192196,11 +192583,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -192233,11 +192621,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -192276,11 +192665,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -192298,7 +192688,7 @@ } }, "gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/{{region}}/{{dest_group}}\n\n* {{region}}/{{dest_group}}\n\n* {{dest_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunneldestgroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember editor projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/{{region}}/{{dest_group}}\n\n* {{region}}/{{dest_group}}\n\n* {{dest_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunneldestgroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamMember:TunnelDestGroupIamMember editor projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/TunnelDestGroupIamMemberCondition:TunnelDestGroupIamMemberCondition", @@ -192312,11 +192702,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -192347,11 +192738,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -192388,11 +192780,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -192410,7 +192803,7 @@ } }, "gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/{{region}}/{{dest_group}}\n\n* {{region}}/{{dest_group}}\n\n* {{dest_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunneldestgroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy editor projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelDestGroup. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Authoritative. Sets the IAM policy for the tunneldestgroup and replaces any existing policy already attached.\n* `gcp.iap.TunnelDestGroupIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunneldestgroup are preserved.\n* `gcp.iap.TunnelDestGroupIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunneldestgroup are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelDestGroupIamPolicy`: Retrieves the IAM policy for the tunneldestgroup\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelDestGroupIamBinding` and `gcp.iap.TunnelDestGroupIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelDestGroupIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelDestGroupIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelDestGroupIamPolicy(\"policy\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelDestGroupIamPolicy(\"policy\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelDestGroupIamPolicy(\"policy\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelDestGroupIamPolicy(ctx, \"policy\", \u0026iap.TunnelDestGroupIamPolicyArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicy;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelDestGroupIamPolicy(\"policy\", TunnelDestGroupIamPolicyArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelDestGroupIamPolicy\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelDestGroupIamBinding(\"binding\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelDestGroupIamBinding(\"binding\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelDestGroupIamBinding(\"binding\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamBinding(ctx, \"binding\", \u0026iap.TunnelDestGroupIamBindingArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBinding;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelDestGroupIamBinding(\"binding\", TunnelDestGroupIamBindingArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelDestGroupIamBinding\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelDestGroupIamMember(\"member\", {\n project: destGroup.project,\n region: destGroup.region,\n destGroup: destGroup.groupName,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelDestGroupIamMember(\"member\",\n project=dest_group[\"project\"],\n region=dest_group[\"region\"],\n dest_group=dest_group[\"groupName\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelDestGroupIamMember(\"member\", new()\n {\n Project = destGroup.Project,\n Region = destGroup.Region,\n DestGroup = destGroup.GroupName,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelDestGroupIamMember(ctx, \"member\", \u0026iap.TunnelDestGroupIamMemberArgs{\n\t\t\tProject: pulumi.Any(destGroup.Project),\n\t\t\tRegion: pulumi.Any(destGroup.Region),\n\t\t\tDestGroup: pulumi.Any(destGroup.GroupName),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelDestGroupIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMember;\nimport com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelDestGroupIamMember(\"member\", TunnelDestGroupIamMemberArgs.builder() \n .project(destGroup.project())\n .region(destGroup.region())\n .destGroup(destGroup.groupName())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelDestGroupIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelDestGroupIamMember\n properties:\n project: ${destGroup.project}\n region: ${destGroup.region}\n destGroup: ${destGroup.groupName}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n\n* {{project}}/{{region}}/{{dest_group}}\n\n* {{region}}/{{dest_group}}\n\n* {{dest_group}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunneldestgroup IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy editor \"projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelDestGroupIamPolicy:TunnelDestGroupIamPolicy editor projects/{{project}}/iap_tunnel/locations/{{region}}/destGroups/{{dest_group}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "destGroup": { "type": "string" @@ -192425,7 +192818,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -192450,7 +192843,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -192480,7 +192873,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -192493,7 +192886,7 @@ } }, "gcp:iap/tunnelIamBinding:TunnelIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor projects/{{project}}/iap_tunnel\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_tunnel\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamBinding:TunnelIamBinding editor projects/{{project}}/iap_tunnel\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/TunnelIamBindingCondition:TunnelIamBindingCondition", @@ -192507,11 +192900,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -192534,11 +192928,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -192567,11 +192962,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -192584,7 +192980,7 @@ } }, "gcp:iap/tunnelIamMember:TunnelIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor projects/{{project}}/iap_tunnel\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_tunnel\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamMember:TunnelIamMember editor projects/{{project}}/iap_tunnel\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/TunnelIamMemberCondition:TunnelIamMemberCondition", @@ -192595,11 +192991,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -192620,11 +193017,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -192651,11 +193049,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -192668,7 +193067,7 @@ } }, "gcp:iap/tunnelIamPolicy:TunnelIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor projects/{{project}}/iap_tunnel\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Tunnel. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelIamPolicy`: Authoritative. Sets the IAM policy for the tunnel and replaces any existing policy already attached.\n* `gcp.iap.TunnelIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnel are preserved.\n* `gcp.iap.TunnelIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnel are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelIamPolicy`: Retrieves the IAM policy for the tunnel\n\n\u003e **Note:** `gcp.iap.TunnelIamPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelIamBinding` and `gcp.iap.TunnelIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelIamBinding` resources **can be** used in conjunction with `gcp.iap.TunnelIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_tunnel\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelIamPolicy(ctx, \"policy\", \u0026iap.TunnelIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelIamPolicy;\nimport com.pulumi.gcp.iap.TunnelIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelIamPolicy(\"policy\", TunnelIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamBinding(ctx, \"binding\", \u0026iap.TunnelIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamBinding;\nimport com.pulumi.gcp.iap.TunnelIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelIamBinding(\"binding\", TunnelIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelIamMember(ctx, \"member\", \u0026iap.TunnelIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelIamMember;\nimport com.pulumi.gcp.iap.TunnelIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelIamMember(\"member\", TunnelIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnel IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor \"projects/{{project}}/iap_tunnel roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelIamPolicy:TunnelIamPolicy editor projects/{{project}}/iap_tunnel\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -192680,7 +193079,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -192695,7 +193094,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -192715,7 +193114,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -192723,7 +193122,7 @@ } }, "gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_tunnel\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMBinding:TunnelInstanceIAMBinding editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/TunnelInstanceIAMBindingCondition:TunnelInstanceIAMBindingCondition", @@ -192741,11 +193140,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -192778,11 +193178,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -192821,11 +193222,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -192842,7 +193244,7 @@ } }, "gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_tunnel\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMMember:TunnelInstanceIAMMember editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/TunnelInstanceIAMMemberCondition:TunnelInstanceIAMMemberCondition", @@ -192857,11 +193259,12 @@ "description": "Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -192892,11 +193295,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -192933,11 +193337,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -192954,7 +193359,7 @@ } }, "gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy TunnelInstance. Each of these resources serves a different use case:\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Authoritative. Sets the IAM policy for the tunnelinstance and replaces any existing policy already attached.\n* `gcp.iap.TunnelInstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tunnelinstance are preserved.\n* `gcp.iap.TunnelInstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tunnelinstance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.TunnelInstanceIAMPolicy`: Retrieves the IAM policy for the tunnelinstance\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMPolicy` **cannot** be used in conjunction with `gcp.iap.TunnelInstanceIAMBinding` and `gcp.iap.TunnelInstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.TunnelInstanceIAMBinding` resources **can be** used in conjunction with `gcp.iap.TunnelInstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_tunnel\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_tunnel\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.TunnelInstanceIAMPolicy(\"policy\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.TunnelInstanceIAMPolicy(\"policy\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.TunnelInstanceIAMPolicy(\"policy\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.tunnelResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewTunnelInstanceIAMPolicy(ctx, \"policy\", \u0026iap.TunnelInstanceIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicy;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new TunnelInstanceIAMPolicy(\"policy\", TunnelInstanceIAMPolicyArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:TunnelInstanceIAMPolicy\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.TunnelInstanceIAMBinding(\"binding\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.TunnelInstanceIAMBinding(\"binding\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.TunnelInstanceIAMBinding(\"binding\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMBinding(ctx, \"binding\", \u0026iap.TunnelInstanceIAMBindingArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBinding;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TunnelInstanceIAMBinding(\"binding\", TunnelInstanceIAMBindingArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:TunnelInstanceIAMBinding\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_tunnel\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.TunnelInstanceIAMMember(\"member\", {\n project: tunnelvm.project,\n zone: tunnelvm.zone,\n instance: tunnelvm.name,\n role: \"roles/iap.tunnelResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.TunnelInstanceIAMMember(\"member\",\n project=tunnelvm[\"project\"],\n zone=tunnelvm[\"zone\"],\n instance=tunnelvm[\"name\"],\n role=\"roles/iap.tunnelResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.TunnelInstanceIAMMember(\"member\", new()\n {\n Project = tunnelvm.Project,\n Zone = tunnelvm.Zone,\n Instance = tunnelvm.Name,\n Role = \"roles/iap.tunnelResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewTunnelInstanceIAMMember(ctx, \"member\", \u0026iap.TunnelInstanceIAMMemberArgs{\n\t\t\tProject: pulumi.Any(tunnelvm.Project),\n\t\t\tZone: pulumi.Any(tunnelvm.Zone),\n\t\t\tInstance: pulumi.Any(tunnelvm.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.tunnelResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.TunnelInstanceIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMember;\nimport com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs;\nimport com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TunnelInstanceIAMMember(\"member\", TunnelInstanceIAMMemberArgs.builder() \n .project(tunnelvm.project())\n .zone(tunnelvm.zone())\n .instance(tunnelvm.name())\n .role(\"roles/iap.tunnelResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(TunnelInstanceIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:TunnelInstanceIAMMember\n properties:\n project: ${tunnelvm.project}\n zone: ${tunnelvm.zone}\n instance: ${tunnelvm.name}\n role: roles/iap.tunnelResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{name}}\n\n* projects/{{project}}/zones/{{zone}}/instances/{{name}}\n\n* {{project}}/{{zone}}/{{name}}\n\n* {{zone}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy tunnelinstance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor \"projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}} roles/iap.tunnelResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/tunnelInstanceIAMPolicy:TunnelInstanceIAMPolicy editor projects/{{project}}/iap_tunnel/zones/{{zone}}/instances/{{tunnel_instance}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -192970,7 +193375,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "zone": { "type": "string" @@ -192995,7 +193400,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "zone": { @@ -193025,7 +193430,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "zone": { @@ -193037,7 +193442,7 @@ } }, "gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute/services/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute/services/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamBinding:WebBackendServiceIamBinding editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebBackendServiceIamBindingCondition:WebBackendServiceIamBindingCondition", @@ -193051,11 +193456,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -193083,11 +193489,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -193122,11 +193529,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -193144,7 +193552,7 @@ } }, "gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute/services/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute/services/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamMember:WebBackendServiceIamMember editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebBackendServiceIamMemberCondition:WebBackendServiceIamMemberCondition", @@ -193155,11 +193563,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -193185,11 +193594,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -193222,11 +193632,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -193244,7 +193655,7 @@ } }, "gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute/services/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webbackendservice are preserved.\n* `gcp.iap.WebBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebBackendServiceIamPolicy`: Retrieves the IAM policy for the webbackendservice\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebBackendServiceIamBinding` and `gcp.iap.WebBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n webBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebBackendServiceIamPolicy(\"policy\", WebBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebBackendServiceIamPolicy\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebBackendServiceIamBinding(\"binding\", WebBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebBackendServiceIamBinding\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebBackendServiceIamMember(\"member\", {\n project: _default.project,\n webBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n web_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n WebBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebBackendServiceIamMember(ctx, \"member\", \u0026iap.WebBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tWebBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebBackendServiceIamMember(\"member\", WebBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .webBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebBackendServiceIamMember\n properties:\n project: ${default.project}\n webBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute/services/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute/services/{{web_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webBackendServiceIamPolicy:WebBackendServiceIamPolicy editor projects/{{project}}/iap_web/compute/services/{{web_backend_service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -193256,7 +193667,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "webBackendService": { "type": "string", @@ -193276,7 +193687,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "webBackendService": { @@ -193302,7 +193713,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "webBackendService": { @@ -193315,7 +193726,7 @@ } }, "gcp:iap/webIamBinding:WebIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor projects/{{project}}/iap_web\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamBinding:WebIamBinding editor projects/{{project}}/iap_web\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebIamBindingCondition:WebIamBindingCondition", @@ -193329,11 +193740,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -193356,11 +193768,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -193389,11 +193802,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -193406,7 +193820,7 @@ } }, "gcp:iap/webIamMember:WebIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamMember:WebIamMember editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamMember:WebIamMember editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamMember:WebIamMember editor projects/{{project}}/iap_web\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamMember:WebIamMember editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamMember:WebIamMember editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamMember:WebIamMember editor projects/{{project}}/iap_web\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebIamMemberCondition:WebIamMemberCondition", @@ -193417,11 +193831,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -193442,11 +193857,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -193473,11 +193889,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -193490,7 +193907,7 @@ } }, "gcp:iap/webIamPolicy:WebIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor projects/{{project}}/iap_web\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy Web. Each of these resources serves a different use case:\n\n* `gcp.iap.WebIamPolicy`: Authoritative. Sets the IAM policy for the web and replaces any existing policy already attached.\n* `gcp.iap.WebIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the web are preserved.\n* `gcp.iap.WebIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the web are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebIamPolicy`: Retrieves the IAM policy for the web\n\n\u003e **Note:** `gcp.iap.WebIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebIamBinding` and `gcp.iap.WebIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebIamBinding` resources **can be** used in conjunction with `gcp.iap.WebIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebIamPolicy(ctx, \"policy\", \u0026iap.WebIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebIamPolicy;\nimport com.pulumi.gcp.iap.WebIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebIamPolicy(\"policy\", WebIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamBinding(ctx, \"binding\", \u0026iap.WebIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamBinding;\nimport com.pulumi.gcp.iap.WebIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebIamBinding(\"binding\", WebIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebIamMember(ctx, \"member\", \u0026iap.WebIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebIamMember;\nimport com.pulumi.gcp.iap.WebIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebIamMember(\"member\", WebIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy web IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor \"projects/{{project}}/iap_web roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webIamPolicy:WebIamPolicy editor projects/{{project}}/iap_web\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -193502,7 +193919,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -193517,7 +193934,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -193537,7 +193954,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -193545,7 +193962,7 @@ } }, "gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute-{{region}}/services/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webregionbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding editor projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute-{{region}}/services/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webregionbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamBinding:WebRegionBackendServiceIamBinding editor projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebRegionBackendServiceIamBindingCondition:WebRegionBackendServiceIamBindingCondition", @@ -193559,11 +193976,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -193595,11 +194013,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -193638,11 +194057,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -193664,7 +194084,7 @@ } }, "gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute-{{region}}/services/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webregionbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember editor projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute-{{region}}/services/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webregionbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamMember:WebRegionBackendServiceIamMember editor projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebRegionBackendServiceIamMemberCondition:WebRegionBackendServiceIamMemberCondition", @@ -193675,11 +194095,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -193709,11 +194130,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -193750,11 +194172,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -193776,7 +194199,7 @@ } }, "gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute-{{region}}/services/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webregionbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy editor projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebRegionBackendService. Each of these resources serves a different use case:\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Authoritative. Sets the IAM policy for the webregionbackendservice and replaces any existing policy already attached.\n* `gcp.iap.WebRegionBackendServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webregionbackendservice are preserved.\n* `gcp.iap.WebRegionBackendServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webregionbackendservice are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebRegionBackendServiceIamPolicy`: Retrieves the IAM policy for the webregionbackendservice\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebRegionBackendServiceIamBinding` and `gcp.iap.WebRegionBackendServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebRegionBackendServiceIamBinding` resources **can be** used in conjunction with `gcp.iap.WebRegionBackendServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebRegionBackendServiceIamPolicy(\"policy\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy(\"policy\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, \"policy\", \u0026iap.WebRegionBackendServiceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebRegionBackendServiceIamPolicy(\"policy\", WebRegionBackendServiceIamPolicyArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebRegionBackendServiceIamPolicy\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebRegionBackendServiceIamBinding(\"binding\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebRegionBackendServiceIamBinding(\"binding\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding(\"binding\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamBinding(ctx, \"binding\", \u0026iap.WebRegionBackendServiceIamBindingArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebRegionBackendServiceIamBinding(\"binding\", WebRegionBackendServiceIamBindingArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebRegionBackendServiceIamBinding\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebRegionBackendServiceIamMember(\"member\", {\n project: _default.project,\n region: _default.region,\n webRegionBackendService: _default.name,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebRegionBackendServiceIamMember(\"member\",\n project=default[\"project\"],\n region=default[\"region\"],\n web_region_backend_service=default[\"name\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebRegionBackendServiceIamMember(\"member\", new()\n {\n Project = @default.Project,\n Region = @default.Region,\n WebRegionBackendService = @default.Name,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebRegionBackendServiceIamMember(ctx, \"member\", \u0026iap.WebRegionBackendServiceIamMemberArgs{\n\t\t\tProject: pulumi.Any(_default.Project),\n\t\t\tRegion: pulumi.Any(_default.Region),\n\t\t\tWebRegionBackendService: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebRegionBackendServiceIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMember;\nimport com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebRegionBackendServiceIamMember(\"member\", WebRegionBackendServiceIamMemberArgs.builder() \n .project(default_.project())\n .region(default_.region())\n .webRegionBackendService(default_.name())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebRegionBackendServiceIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebRegionBackendServiceIamMember\n properties:\n project: ${default.project}\n region: ${default.region}\n webRegionBackendService: ${default.name}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute-{{region}}/services/{{name}}\n\n* {{project}}/{{region}}/{{name}}\n\n* {{region}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webregionbackendservice IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy editor \"projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webRegionBackendServiceIamPolicy:WebRegionBackendServiceIamPolicy editor projects/{{project}}/iap_web/compute-{{region}}/services/{{web_region_backend_service}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -193788,7 +194211,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string" @@ -193812,7 +194235,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -193842,7 +194265,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -193859,7 +194282,7 @@ } }, "gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}\n\n* {{project}}/{{appId}}\n\n* {{appId}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}\n\n* {{project}}/{{appId}}\n\n* {{appId}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamBinding:WebTypeAppEngingIamBinding editor projects/{{project}}/iap_web/appengine-{{appId}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -193877,11 +194300,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -193910,11 +194334,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -193949,11 +194374,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -193966,7 +194392,7 @@ } }, "gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}\n\n* {{project}}/{{appId}}\n\n* {{appId}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}\n\n* {{project}}/{{appId}}\n\n* {{appId}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamMember:WebTypeAppEngingIamMember editor projects/{{project}}/iap_web/appengine-{{appId}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -193981,11 +194407,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -194012,11 +194439,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -194049,11 +194477,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -194066,7 +194495,7 @@ } }, "gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}\n\n* {{project}}/{{appId}}\n\n* {{appId}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeAppEngine. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Authoritative. Sets the IAM policy for the webtypeappengine and replaces any existing policy already attached.\n* `gcp.iap.WebTypeAppEngingIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypeappengine are preserved.\n* `gcp.iap.WebTypeAppEngingIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypeappengine are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeAppEngingIamPolicy`: Retrieves the IAM policy for the webtypeappengine\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeAppEngingIamBinding` and `gcp.iap.WebTypeAppEngingIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeAppEngingIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeAppEngingIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeAppEngingIamPolicy(\"policy\", {\n project: app.project,\n appId: app.appId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeAppEngingIamPolicy(\"policy\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy(\"policy\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeAppEngingIamPolicy(ctx, \"policy\", \u0026iap.WebTypeAppEngingIamPolicyArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeAppEngingIamPolicy(\"policy\", WebTypeAppEngingIamPolicyArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeAppEngingIamPolicy\n properties:\n project: ${app.project}\n appId: ${app.appId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeAppEngingIamBinding(\"binding\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeAppEngingIamBinding(\"binding\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeAppEngingIamBinding(\"binding\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamBinding(ctx, \"binding\", \u0026iap.WebTypeAppEngingIamBindingArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBinding;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeAppEngingIamBinding(\"binding\", WebTypeAppEngingIamBindingArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeAppEngingIamBinding\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeAppEngingIamMember(\"member\", {\n project: app.project,\n appId: app.appId,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeAppEngingIamMember(\"member\",\n project=app[\"project\"],\n app_id=app[\"appId\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeAppEngingIamMember(\"member\", new()\n {\n Project = app.Project,\n AppId = app.AppId,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeAppEngingIamMember(ctx, \"member\", \u0026iap.WebTypeAppEngingIamMemberArgs{\n\t\t\tProject: pulumi.Any(app.Project),\n\t\t\tAppId: pulumi.Any(app.AppId),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeAppEngingIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMember;\nimport com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeAppEngingIamMember(\"member\", WebTypeAppEngingIamMemberArgs.builder() \n .project(app.project())\n .appId(app.appId())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeAppEngingIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeAppEngingIamMember\n properties:\n project: ${app.project}\n appId: ${app.appId}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/appengine-{{appId}}\n\n* {{project}}/{{appId}}\n\n* {{appId}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypeappengine IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor \"projects/{{project}}/iap_web/appengine-{{appId}} roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeAppEngingIamPolicy:WebTypeAppEngingIamPolicy editor projects/{{project}}/iap_web/appengine-{{appId}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "appId": { "type": "string", @@ -194082,7 +194511,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -194103,7 +194532,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -194129,7 +194558,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -194137,7 +194566,7 @@ } }, "gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeComputeIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeComputeIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor projects/{{project}}/iap_web/compute\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeComputeIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeComputeIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeComputeIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeComputeIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamBinding:WebTypeComputeIamBinding editor projects/{{project}}/iap_web/compute\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebTypeComputeIamBindingCondition:WebTypeComputeIamBindingCondition", @@ -194151,11 +194580,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -194178,11 +194608,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -194211,11 +194642,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -194228,7 +194660,7 @@ } }, "gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeComputeIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeComputeIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor projects/{{project}}/iap_web/compute\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeComputeIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeComputeIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeComputeIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeComputeIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamMember:WebTypeComputeIamMember editor projects/{{project}}/iap_web/compute\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:iap/WebTypeComputeIamMemberCondition:WebTypeComputeIamMemberCondition", @@ -194239,11 +194671,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -194264,11 +194697,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -194295,11 +194729,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -194312,7 +194747,7 @@ } }, "gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeComputeIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeComputeIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor projects/{{project}}/iap_web/compute\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Identity-Aware Proxy WebTypeCompute. Each of these resources serves a different use case:\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Authoritative. Sets the IAM policy for the webtypecompute and replaces any existing policy already attached.\n* `gcp.iap.WebTypeComputeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the webtypecompute are preserved.\n* `gcp.iap.WebTypeComputeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the webtypecompute are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.iap.WebTypeComputeIamPolicy`: Retrieves the IAM policy for the webtypecompute\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamPolicy` **cannot** be used in conjunction with `gcp.iap.WebTypeComputeIamBinding` and `gcp.iap.WebTypeComputeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.iap.WebTypeComputeIamBinding` resources **can be** used in conjunction with `gcp.iap.WebTypeComputeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeComputeIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeComputeIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.iap.WebTypeComputeIamPolicy(\"policy\", {\n project: projectService.project,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.iap.WebTypeComputeIamPolicy(\"policy\",\n project=project_service[\"project\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Iap.WebTypeComputeIamPolicy(\"policy\", new()\n {\n Project = projectService.Project,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iap.httpsResourceAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iap.NewWebTypeComputeIamPolicy(ctx, \"policy\", \u0026iap.WebTypeComputeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicy;\nimport com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new WebTypeComputeIamPolicy(\"policy\", WebTypeComputeIamPolicyArgs.builder() \n .project(projectService.project())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:iap:WebTypeComputeIamPolicy\n properties:\n project: ${projectService.project}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.iap.WebTypeComputeIamBinding(\"binding\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.iap.WebTypeComputeIamBinding(\"binding\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.iap.WebTypeComputeIamBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Iap.WebTypeComputeIamBinding(\"binding\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamBinding(ctx, \"binding\", \u0026iap.WebTypeComputeIamBindingArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026iap.WebTypeComputeIamBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBinding;\nimport com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new WebTypeComputeIamBinding(\"binding\", WebTypeComputeIamBindingArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .members(\"user:jane@example.com\")\n .condition(WebTypeComputeIamBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:iap:WebTypeComputeIamBinding\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_iap\\_web\\_type\\_compute\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.iap.WebTypeComputeIamMember(\"member\", {\n project: projectService.project,\n role: \"roles/iap.httpsResourceAccessor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.iap.WebTypeComputeIamMember(\"member\",\n project=project_service[\"project\"],\n role=\"roles/iap.httpsResourceAccessor\",\n member=\"user:jane@example.com\",\n condition=gcp.iap.WebTypeComputeIamMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Iap.WebTypeComputeIamMember(\"member\", new()\n {\n Project = projectService.Project,\n Role = \"roles/iap.httpsResourceAccessor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iap.NewWebTypeComputeIamMember(ctx, \"member\", \u0026iap.WebTypeComputeIamMemberArgs{\n\t\t\tProject: pulumi.Any(projectService.Project),\n\t\t\tRole: pulumi.String(\"roles/iap.httpsResourceAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026iap.WebTypeComputeIamMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMember;\nimport com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs;\nimport com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new WebTypeComputeIamMember(\"member\", WebTypeComputeIamMemberArgs.builder() \n .project(projectService.project())\n .role(\"roles/iap.httpsResourceAccessor\")\n .member(\"user:jane@example.com\")\n .condition(WebTypeComputeIamMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:iap:WebTypeComputeIamMember\n properties:\n project: ${projectService.project}\n role: roles/iap.httpsResourceAccessor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/iap_web/compute\n\n* {{project}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nIdentity-Aware Proxy webtypecompute IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor \"projects/{{project}}/iap_web/compute roles/iap.httpsResourceAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:iap/webTypeComputeIamPolicy:WebTypeComputeIamPolicy editor projects/{{project}}/iap_web/compute\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -194324,7 +194759,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -194339,7 +194774,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -194359,7 +194794,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -196142,7 +196577,7 @@ }, "cryptoKeyId": { "type": "string", - "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n" }, "etag": { "type": "string", @@ -196152,7 +196587,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -196173,14 +196609,15 @@ }, "cryptoKeyId": { "type": "string", - "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -196203,7 +196640,7 @@ }, "cryptoKeyId": { "type": "string", - "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "etag": { @@ -196214,7 +196651,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -196234,14 +196672,15 @@ }, "cryptoKeyId": { "type": "string", - "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n" }, "etag": { "type": "string", "description": "(Computed) The etag of the project's IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -196262,11 +196701,12 @@ }, "cryptoKeyId": { "type": "string", - "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -196290,7 +196730,7 @@ }, "cryptoKeyId": { "type": "string", - "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "etag": { @@ -196299,6 +196739,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -196315,7 +196756,7 @@ "properties": { "cryptoKeyId": { "type": "string", - "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n" }, "etag": { "type": "string", @@ -196334,7 +196775,7 @@ "inputProperties": { "cryptoKeyId": { "type": "string", - "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "policyData": { @@ -196351,7 +196792,7 @@ "properties": { "cryptoKeyId": { "type": "string", - "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The crypto key ID, in the form\n`{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or\n`{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form,\nthe provider's project setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "etag": { @@ -196672,7 +197113,7 @@ } }, "gcp:kms/keyRingIAMBinding:KeyRingIAMBinding": { - "description": "Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:\n\n* `gcp.kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.\n* `gcp.kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.\n* `gcp.kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `gcp.kms.KeyRingIAMBinding` and `gcp.kms.KeyRingIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMBinding` resources **can be** used in conjunction with `gcp.kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_kms\\_key\\_ring\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.kms.KeyRingIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.kms.KeyRingIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Cloud KMS key ring only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}\"\n\n to = google_kms_key_ring_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/keyRingIAMBinding:KeyRingIAMBinding default {{project_id}}/{{location}}/{{key_ring_name}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:\n\n* `gcp.kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.\n* `gcp.kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.\n* `gcp.kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `gcp.kms.KeyRingIAMBinding` and `gcp.kms.KeyRingIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMBinding` resources **can be** used in conjunction with `gcp.kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_kms\\_key\\_ring\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.kms.KeyRingIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.kms.KeyRingIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.kms.KeyRingIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.kms.KeyRingIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Cloud KMS key ring only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}\"\n\n to = google_kms_key_ring_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/keyRingIAMBinding:KeyRingIAMBinding default {{project_id}}/{{location}}/{{key_ring_name}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:kms/KeyRingIAMBindingCondition:KeyRingIAMBindingCondition", @@ -196684,13 +197125,14 @@ }, "keyRingId": { "type": "string", - "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -196711,14 +197153,15 @@ }, "keyRingId": { "type": "string", - "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -196745,14 +197188,15 @@ }, "keyRingId": { "type": "string", - "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -196764,7 +197208,7 @@ } }, "gcp:kms/keyRingIAMMember:KeyRingIAMMember": { - "description": "Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:\n\n* `gcp.kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.\n* `gcp.kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.\n* `gcp.kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `gcp.kms.KeyRingIAMBinding` and `gcp.kms.KeyRingIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMBinding` resources **can be** used in conjunction with `gcp.kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_kms\\_key\\_ring\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.kms.KeyRingIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.kms.KeyRingIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Cloud KMS key ring only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}\"\n\n to = google_kms_key_ring_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/keyRingIAMMember:KeyRingIAMMember default {{project_id}}/{{location}}/{{key_ring_name}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:\n\n* `gcp.kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.\n* `gcp.kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.\n* `gcp.kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `gcp.kms.KeyRingIAMBinding` and `gcp.kms.KeyRingIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMBinding` resources **can be** used in conjunction with `gcp.kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_kms\\_key\\_ring\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.kms.KeyRingIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.kms.KeyRingIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.kms.KeyRingIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.kms.KeyRingIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Cloud KMS key ring only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}\"\n\n to = google_kms_key_ring_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/keyRingIAMMember:KeyRingIAMMember default {{project_id}}/{{location}}/{{key_ring_name}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:kms/KeyRingIAMMemberCondition:KeyRingIAMMemberCondition", @@ -196776,10 +197220,11 @@ }, "keyRingId": { "type": "string", - "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -196800,11 +197245,12 @@ }, "keyRingId": { "type": "string", - "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -196832,11 +197278,12 @@ }, "keyRingId": { "type": "string", - "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -196849,7 +197296,7 @@ } }, "gcp:kms/keyRingIAMPolicy:KeyRingIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:\n\n* `gcp.kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.\n* `gcp.kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.\n* `gcp.kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `gcp.kms.KeyRingIAMBinding` and `gcp.kms.KeyRingIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMBinding` resources **can be** used in conjunction with `gcp.kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_kms\\_key\\_ring\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.kms.KeyRingIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.kms.KeyRingIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Cloud KMS key ring only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}\"\n\n to = google_kms_key_ring_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/keyRingIAMPolicy:KeyRingIAMPolicy default {{project_id}}/{{location}}/{{key_ring_name}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for KMS key ring. Each of these resources serves a different use case:\n\n* `gcp.kms.KeyRingIAMPolicy`: Authoritative. Sets the IAM policy for the key ring and replaces any existing policy already attached.\n* `gcp.kms.KeyRingIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the key ring are preserved.\n* `gcp.kms.KeyRingIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the key ring are preserved.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMPolicy` **cannot** be used in conjunction with `gcp.kms.KeyRingIAMBinding` and `gcp.kms.KeyRingIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.kms.KeyRingIAMBinding` resources **can be** used in conjunction with `gcp.kms.KeyRingIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_kms\\_key\\_ring\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.kms.KeyRingIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.kms.KeyRingIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyring = new gcp.kms.KeyRing(\"keyring\", {\n name: \"keyring-example\",\n location: \"global\",\n});\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst keyRing = new gcp.kms.KeyRingIAMPolicy(\"key_ring\", {\n keyRingId: keyring.id,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkeyring = gcp.kms.KeyRing(\"keyring\",\n name=\"keyring-example\",\n location=\"global\")\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nkey_ring = gcp.kms.KeyRingIAMPolicy(\"key_ring\",\n key_ring_id=keyring.id,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyring = new Gcp.Kms.KeyRing(\"keyring\", new()\n {\n Name = \"keyring-example\",\n Location = \"global\",\n });\n\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var keyRing = new Gcp.Kms.KeyRingIAMPolicy(\"key_ring\", new()\n {\n KeyRingId = keyring.Id,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tkeyring, err := kms.NewKeyRing(ctx, \"keyring\", \u0026kms.KeyRingArgs{\n\t\t\tName: pulumi.String(\"keyring-example\"),\n\t\t\tLocation: pulumi.String(\"global\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = kms.NewKeyRingIAMPolicy(ctx, \"key_ring\", \u0026kms.KeyRingIAMPolicyArgs{\n\t\t\tKeyRingId: keyring.ID(),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRing;\nimport com.pulumi.gcp.kms.KeyRingArgs;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicy;\nimport com.pulumi.gcp.kms.KeyRingIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyring = new KeyRing(\"keyring\", KeyRingArgs.builder() \n .name(\"keyring-example\")\n .location(\"global\")\n .build());\n\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var keyRing = new KeyRingIAMPolicy(\"keyRing\", KeyRingIAMPolicyArgs.builder() \n .keyRingId(keyring.id())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyring:\n type: gcp:kms:KeyRing\n properties:\n name: keyring-example\n location: global\n keyRing:\n type: gcp:kms:KeyRingIAMPolicy\n name: key_ring\n properties:\n keyRingId: ${keyring.id}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMBinding(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMBinding(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.kms.KeyRingIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMBinding(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMBinding(ctx, \"key_ring\", \u0026kms.KeyRingIAMBindingArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026kms.KeyRingIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMBinding;\nimport com.pulumi.gcp.kms.KeyRingIAMBindingArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMBinding(\"keyRing\", KeyRingIAMBindingArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .members(\"user:jane@example.com\")\n .condition(KeyRingIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMBinding\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_kms\\_key\\_ring\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst keyRing = new gcp.kms.KeyRingIAMMember(\"key_ring\", {\n keyRingId: \"your-key-ring-id\",\n role: \"roles/cloudkms.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nkey_ring = gcp.kms.KeyRingIAMMember(\"key_ring\",\n key_ring_id=\"your-key-ring-id\",\n role=\"roles/cloudkms.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.kms.KeyRingIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var keyRing = new Gcp.Kms.KeyRingIAMMember(\"key_ring\", new()\n {\n KeyRingId = \"your-key-ring-id\",\n Role = \"roles/cloudkms.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := kms.NewKeyRingIAMMember(ctx, \"key_ring\", \u0026kms.KeyRingIAMMemberArgs{\n\t\t\tKeyRingId: pulumi.String(\"your-key-ring-id\"),\n\t\t\tRole: pulumi.String(\"roles/cloudkms.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026kms.KeyRingIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.kms.KeyRingIAMMember;\nimport com.pulumi.gcp.kms.KeyRingIAMMemberArgs;\nimport com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var keyRing = new KeyRingIAMMember(\"keyRing\", KeyRingIAMMemberArgs.builder() \n .keyRingId(\"your-key-ring-id\")\n .role(\"roles/cloudkms.admin\")\n .member(\"user:jane@example.com\")\n .condition(KeyRingIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n keyRing:\n type: gcp:kms:KeyRingIAMMember\n name: key_ring\n properties:\n keyRingId: your-key-ring-id\n role: roles/cloudkms.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Cloud KMS key ring only. For example:\n\n* `{{project_id}}/{{location}}/{{key_ring_name}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"{{project_id}}/{{location}}/{{key_ring_name}}\"\n\n to = google_kms_key_ring_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:kms/keyRingIAMPolicy:KeyRingIAMPolicy default {{project_id}}/{{location}}/{{key_ring_name}}\n```\n\n", "properties": { "etag": { "type": "string", @@ -196857,7 +197304,7 @@ }, "keyRingId": { "type": "string", - "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n" }, "policyData": { "type": "string", @@ -196872,7 +197319,7 @@ "inputProperties": { "keyRingId": { "type": "string", - "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "policyData": { @@ -196893,7 +197340,7 @@ }, "keyRingId": { "type": "string", - "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The key ring ID, in the form\n`{project_id}/{location_name}/{key_ring_name}` or\n`{location_name}/{key_ring_name}`. In the second form, the provider's\nproject setting will be used as a fallback.\n", "willReplaceOnChanges": true }, "policyData": { @@ -205258,7 +205705,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -205285,7 +205732,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -205315,7 +205762,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -210154,7 +210601,7 @@ } }, "gcp:notebooks/instanceIamBinding:InstanceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_notebooks\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n\n* {{project}}/{{location}}/{{instance_name}}\n\n* {{location}}/{{instance_name}}\n\n* {{instance_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamBinding:InstanceIamBinding editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamBinding:InstanceIamBinding editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamBinding:InstanceIamBinding editor projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_notebooks\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_notebooks\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n\n* {{project}}/{{location}}/{{instance_name}}\n\n* {{location}}/{{instance_name}}\n\n* {{instance_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamBinding:InstanceIamBinding editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamBinding:InstanceIamBinding editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamBinding:InstanceIamBinding editor projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:notebooks/InstanceIamBindingCondition:InstanceIamBindingCondition" @@ -210175,11 +210622,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -210213,11 +210661,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -210256,11 +210705,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -210273,7 +210723,7 @@ } }, "gcp:notebooks/instanceIamMember:InstanceIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_notebooks\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n\n* {{project}}/{{location}}/{{instance_name}}\n\n* {{location}}/{{instance_name}}\n\n* {{instance_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamMember:InstanceIamMember editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamMember:InstanceIamMember editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamMember:InstanceIamMember editor projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_notebooks\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_notebooks\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n\n* {{project}}/{{location}}/{{instance_name}}\n\n* {{location}}/{{instance_name}}\n\n* {{instance_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamMember:InstanceIamMember editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamMember:InstanceIamMember editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamMember:InstanceIamMember editor projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:notebooks/InstanceIamMemberCondition:InstanceIamMemberCondition" @@ -210291,11 +210741,12 @@ "description": "A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -210327,11 +210778,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -210368,11 +210820,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -210385,7 +210838,7 @@ } }, "gcp:notebooks/instanceIamPolicy:InstanceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_notebooks\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n\n* {{project}}/{{location}}/{{instance_name}}\n\n* {{location}}/{{instance_name}}\n\n* {{instance_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamPolicy:InstanceIamPolicy editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamPolicy:InstanceIamPolicy editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamPolicy:InstanceIamPolicy editor projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Instance. Each of these resources serves a different use case:\n\n* `gcp.notebooks.InstanceIamPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n* `gcp.notebooks.InstanceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.notebooks.InstanceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.InstanceIamPolicy`: Retrieves the IAM policy for the instance\n\n\u003e **Note:** `gcp.notebooks.InstanceIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.InstanceIamBinding` and `gcp.notebooks.InstanceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.InstanceIamBinding` resources **can be** used in conjunction with `gcp.notebooks.InstanceIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_notebooks\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_notebooks\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.InstanceIamPolicy(\"policy\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.InstanceIamPolicy(\"policy\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.InstanceIamPolicy(\"policy\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewInstanceIamPolicy(ctx, \"policy\", \u0026notebooks.InstanceIamPolicyArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicy;\nimport com.pulumi.gcp.notebooks.InstanceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new InstanceIamPolicy(\"policy\", InstanceIamPolicyArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:InstanceIamPolicy\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.InstanceIamBinding(\"binding\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.InstanceIamBinding(\"binding\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.InstanceIamBinding(\"binding\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamBinding(ctx, \"binding\", \u0026notebooks.InstanceIamBindingArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamBinding;\nimport com.pulumi.gcp.notebooks.InstanceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new InstanceIamBinding(\"binding\", InstanceIamBindingArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:InstanceIamBinding\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.InstanceIamMember(\"member\", {\n project: instance.project,\n location: instance.location,\n instanceName: instance.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.InstanceIamMember(\"member\",\n project=instance[\"project\"],\n location=instance[\"location\"],\n instance_name=instance[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.InstanceIamMember(\"member\", new()\n {\n Project = instance.Project,\n Location = instance.Location,\n InstanceName = instance.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewInstanceIamMember(ctx, \"member\", \u0026notebooks.InstanceIamMemberArgs{\n\t\t\tProject: pulumi.Any(instance.Project),\n\t\t\tLocation: pulumi.Any(instance.Location),\n\t\t\tInstanceName: pulumi.Any(instance.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.InstanceIamMember;\nimport com.pulumi.gcp.notebooks.InstanceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new InstanceIamMember(\"member\", InstanceIamMemberArgs.builder() \n .project(instance.project())\n .location(instance.location())\n .instanceName(instance.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:InstanceIamMember\n properties:\n project: ${instance.project}\n location: ${instance.location}\n instanceName: ${instance.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n\n* {{project}}/{{location}}/{{instance_name}}\n\n* {{location}}/{{instance_name}}\n\n* {{instance_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks instance IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamPolicy:InstanceIamPolicy editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamPolicy:InstanceIamPolicy editor \"projects/{{project}}/locations/{{location}}/instances/{{instance_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/instanceIamPolicy:InstanceIamPolicy editor projects/{{project}}/locations/{{location}}/instances/{{instance_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -210405,7 +210858,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -210432,7 +210885,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -210463,7 +210916,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -210711,7 +211164,7 @@ } }, "gcp:notebooks/runtimeIamBinding:RuntimeIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_notebooks\\_runtime\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n\n* {{project}}/{{location}}/{{runtime_name}}\n\n* {{location}}/{{runtime_name}}\n\n* {{runtime_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks runtime IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamBinding:RuntimeIamBinding editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamBinding:RuntimeIamBinding editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamBinding:RuntimeIamBinding editor projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_notebooks\\_runtime\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_notebooks\\_runtime\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n\n* {{project}}/{{location}}/{{runtime_name}}\n\n* {{location}}/{{runtime_name}}\n\n* {{runtime_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks runtime IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamBinding:RuntimeIamBinding editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamBinding:RuntimeIamBinding editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamBinding:RuntimeIamBinding editor projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:notebooks/RuntimeIamBindingCondition:RuntimeIamBindingCondition" @@ -210728,11 +211181,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -210765,11 +211219,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -210808,11 +211263,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -210830,7 +211286,7 @@ } }, "gcp:notebooks/runtimeIamMember:RuntimeIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_notebooks\\_runtime\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n\n* {{project}}/{{location}}/{{runtime_name}}\n\n* {{location}}/{{runtime_name}}\n\n* {{runtime_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks runtime IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamMember:RuntimeIamMember editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamMember:RuntimeIamMember editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamMember:RuntimeIamMember editor projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_notebooks\\_runtime\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_notebooks\\_runtime\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n\n* {{project}}/{{location}}/{{runtime_name}}\n\n* {{location}}/{{runtime_name}}\n\n* {{runtime_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks runtime IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamMember:RuntimeIamMember editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamMember:RuntimeIamMember editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamMember:RuntimeIamMember editor projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:notebooks/RuntimeIamMemberCondition:RuntimeIamMemberCondition" @@ -210844,11 +211300,12 @@ "description": "A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -210879,11 +211336,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -210920,11 +211378,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -210942,7 +211401,7 @@ } }, "gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_notebooks\\_runtime\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n\n* {{project}}/{{location}}/{{runtime_name}}\n\n* {{location}}/{{runtime_name}}\n\n* {{runtime_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks runtime IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy editor projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud AI Notebooks Runtime. Each of these resources serves a different use case:\n\n* `gcp.notebooks.RuntimeIamPolicy`: Authoritative. Sets the IAM policy for the runtime and replaces any existing policy already attached.\n* `gcp.notebooks.RuntimeIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the runtime are preserved.\n* `gcp.notebooks.RuntimeIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the runtime are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.notebooks.RuntimeIamPolicy`: Retrieves the IAM policy for the runtime\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamPolicy` **cannot** be used in conjunction with `gcp.notebooks.RuntimeIamBinding` and `gcp.notebooks.RuntimeIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.notebooks.RuntimeIamBinding` resources **can be** used in conjunction with `gcp.notebooks.RuntimeIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_notebooks\\_runtime\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_notebooks\\_runtime\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.notebooks.RuntimeIamPolicy(\"policy\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.notebooks.RuntimeIamPolicy(\"policy\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Notebooks.RuntimeIamPolicy(\"policy\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = notebooks.NewRuntimeIamPolicy(ctx, \"policy\", \u0026notebooks.RuntimeIamPolicyArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicy;\nimport com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new RuntimeIamPolicy(\"policy\", RuntimeIamPolicyArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:notebooks:RuntimeIamPolicy\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.notebooks.RuntimeIamBinding(\"binding\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.notebooks.RuntimeIamBinding(\"binding\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Notebooks.RuntimeIamBinding(\"binding\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamBinding(ctx, \"binding\", \u0026notebooks.RuntimeIamBindingArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamBinding;\nimport com.pulumi.gcp.notebooks.RuntimeIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new RuntimeIamBinding(\"binding\", RuntimeIamBindingArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:notebooks:RuntimeIamBinding\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_notebooks\\_runtime\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.notebooks.RuntimeIamMember(\"member\", {\n project: runtime.project,\n location: runtime.location,\n runtimeName: runtime.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.notebooks.RuntimeIamMember(\"member\",\n project=runtime[\"project\"],\n location=runtime[\"location\"],\n runtime_name=runtime[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Notebooks.RuntimeIamMember(\"member\", new()\n {\n Project = runtime.Project,\n Location = runtime.Location,\n RuntimeName = runtime.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := notebooks.NewRuntimeIamMember(ctx, \"member\", \u0026notebooks.RuntimeIamMemberArgs{\n\t\t\tProject: pulumi.Any(runtime.Project),\n\t\t\tLocation: pulumi.Any(runtime.Location),\n\t\t\tRuntimeName: pulumi.Any(runtime.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.notebooks.RuntimeIamMember;\nimport com.pulumi.gcp.notebooks.RuntimeIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new RuntimeIamMember(\"member\", RuntimeIamMemberArgs.builder() \n .project(runtime.project())\n .location(runtime.location())\n .runtimeName(runtime.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:notebooks:RuntimeIamMember\n properties:\n project: ${runtime.project}\n location: ${runtime.location}\n runtimeName: ${runtime.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n\n* {{project}}/{{location}}/{{runtime_name}}\n\n* {{location}}/{{runtime_name}}\n\n* {{runtime_name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud AI Notebooks runtime IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy editor \"projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:notebooks/runtimeIamPolicy:RuntimeIamPolicy editor projects/{{project}}/locations/{{location}}/runtimes/{{runtime_name}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -210958,7 +211417,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "runtimeName": { "type": "string", @@ -210984,7 +211443,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "runtimeName": { @@ -211015,7 +211474,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "runtimeName": { @@ -211455,7 +211914,7 @@ } }, "gcp:organizations/iAMMember:IAMMember": { - "description": "Four different resources help you manage your IAM policy for a organization. Each of these resources serves a different use case:\n\n* `gcp.organizations.IAMPolicy`: Authoritative. Sets the IAM policy for the organization and replaces any existing policy already attached.\n* `gcp.organizations.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organization are preserved.\n* `gcp.organizations.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organization are preserved.\n* `gcp.organizations.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.organizations.IAMPolicy` **cannot** be used in conjunction with `gcp.organizations.IAMBinding`, `gcp.organizations.IAMMember`, or `gcp.organizations.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.organizations.IAMBinding` resources **can be** used in conjunction with `gcp.organizations.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_organization\\_iam\\_policy\n\n!\u003e **Warning:** New organizations have several default policies which will,\n without extreme caution, be **overwritten** by use of this resource.\n The safest alternative is to use multiple `gcp.organizations.IAMBinding`\n resources. This resource makes it easy to remove your own access to\n an organization, which will require a call to Google Support to have\n fixed, and can take multiple days to resolve.\n\n\n In general, this resource should only be used with organizations\n fully managed by this provider.I f you do use this resource,\n the best way to be sure that you are not making dangerous changes is to start\n by **importing** your existing policy, and examining the diff very closely.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder() \n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder() \n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_binding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition=gcp.organizations.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.organizations.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.organizations.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder() \n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_organization_iam_audit_config` resource using the resource's `org_id` and the `service`, e.g:\n\n* `\"{{org_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{org_id}} foo.googleapis.com\"\n\n to = google_organization_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:organizations/iAMMember:IAMMember default \"{{org_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a organization. Each of these resources serves a different use case:\n\n* `gcp.organizations.IAMPolicy`: Authoritative. Sets the IAM policy for the organization and replaces any existing policy already attached.\n* `gcp.organizations.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organization are preserved.\n* `gcp.organizations.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organization are preserved.\n* `gcp.organizations.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.organizations.IAMPolicy` **cannot** be used in conjunction with `gcp.organizations.IAMBinding`, `gcp.organizations.IAMMember`, or `gcp.organizations.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.organizations.IAMBinding` resources **can be** used in conjunction with `gcp.organizations.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_organization\\_iam\\_policy\n\n!\u003e **Warning:** New organizations have several default policies which will,\n without extreme caution, be **overwritten** by use of this resource.\n The safest alternative is to use multiple `gcp.organizations.IAMBinding`\n resources. This resource makes it easy to remove your own access to\n an organization, which will require a call to Google Support to have\n fixed, and can take multiple days to resolve.\n\n\n In general, this resource should only be used with organizations\n fully managed by this provider.I f you do use this resource,\n the best way to be sure that you are not making dangerous changes is to start\n by **importing** your existing policy, and examining the diff very closely.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder() \n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder() \n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_binding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition=gcp.organizations.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.organizations.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.organizations.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder() \n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_policy\n\n!\u003e **Warning:** New organizations have several default policies which will,\n without extreme caution, be **overwritten** by use of this resource.\n The safest alternative is to use multiple `gcp.organizations.IAMBinding`\n resources. This resource makes it easy to remove your own access to\n an organization, which will require a call to Google Support to have\n fixed, and can take multiple days to resolve.\n\n\n In general, this resource should only be used with organizations\n fully managed by this provider.I f you do use this resource,\n the best way to be sure that you are not making dangerous changes is to start\n by **importing** your existing policy, and examining the diff very closely.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder() \n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder() \n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_binding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition=gcp.organizations.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.organizations.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.organizations.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder() \n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_organization_iam_audit_config` resource using the resource's `org_id` and the `service`, e.g:\n\n* `\"{{org_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{org_id}} foo.googleapis.com\"\n\n to = google_organization_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:organizations/iAMMember:IAMMember default \"{{org_id}} foo.googleapis.com\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:organizations/IAMMemberCondition:IAMMemberCondition", @@ -211466,7 +211925,8 @@ "description": "(Computed) The etag of the organization's IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "orgId": { "type": "string", @@ -211491,6 +211951,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "orgId": { @@ -211523,6 +211984,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "orgId": { @@ -211540,7 +212002,7 @@ } }, "gcp:organizations/iAMPolicy:IAMPolicy": { - "description": "Four different resources help you manage your IAM policy for a organization. Each of these resources serves a different use case:\n\n* `gcp.organizations.IAMPolicy`: Authoritative. Sets the IAM policy for the organization and replaces any existing policy already attached.\n* `gcp.organizations.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organization are preserved.\n* `gcp.organizations.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organization are preserved.\n* `gcp.organizations.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.organizations.IAMPolicy` **cannot** be used in conjunction with `gcp.organizations.IAMBinding`, `gcp.organizations.IAMMember`, or `gcp.organizations.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.organizations.IAMBinding` resources **can be** used in conjunction with `gcp.organizations.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_organization\\_iam\\_policy\n\n!\u003e **Warning:** New organizations have several default policies which will,\n without extreme caution, be **overwritten** by use of this resource.\n The safest alternative is to use multiple `gcp.organizations.IAMBinding`\n resources. This resource makes it easy to remove your own access to\n an organization, which will require a call to Google Support to have\n fixed, and can take multiple days to resolve.\n\n\n In general, this resource should only be used with organizations\n fully managed by this provider.I f you do use this resource,\n the best way to be sure that you are not making dangerous changes is to start\n by **importing** your existing policy, and examining the diff very closely.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder() \n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder() \n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_binding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition=gcp.organizations.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.organizations.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.organizations.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder() \n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_organization_iam_audit_config` resource using the resource's `org_id` and the `service`, e.g:\n\n* `\"{{org_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{org_id}} foo.googleapis.com\"\n\n to = google_organization_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:organizations/iAMPolicy:IAMPolicy default \"{{org_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a organization. Each of these resources serves a different use case:\n\n* `gcp.organizations.IAMPolicy`: Authoritative. Sets the IAM policy for the organization and replaces any existing policy already attached.\n* `gcp.organizations.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the organization are preserved.\n* `gcp.organizations.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the organization are preserved.\n* `gcp.organizations.IamAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\n\u003e **Note:** `gcp.organizations.IAMPolicy` **cannot** be used in conjunction with `gcp.organizations.IAMBinding`, `gcp.organizations.IAMMember`, or `gcp.organizations.IamAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.organizations.IAMBinding` resources **can be** used in conjunction with `gcp.organizations.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_organization\\_iam\\_policy\n\n!\u003e **Warning:** New organizations have several default policies which will,\n without extreme caution, be **overwritten** by use of this resource.\n The safest alternative is to use multiple `gcp.organizations.IAMBinding`\n resources. This resource makes it easy to remove your own access to\n an organization, which will require a call to Google Support to have\n fixed, and can take multiple days to resolve.\n\n\n In general, this resource should only be used with organizations\n fully managed by this provider.I f you do use this resource,\n the best way to be sure that you are not making dangerous changes is to start\n by **importing** your existing policy, and examining the diff very closely.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder() \n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder() \n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_binding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition=gcp.organizations.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.organizations.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.organizations.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder() \n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_policy\n\n!\u003e **Warning:** New organizations have several default policies which will,\n without extreme caution, be **overwritten** by use of this resource.\n The safest alternative is to use multiple `gcp.organizations.IAMBinding`\n resources. This resource makes it easy to remove your own access to\n an organization, which will require a call to Google Support to have\n fixed, and can take multiple days to resolve.\n\n\n In general, this resource should only be used with organizations\n fully managed by this provider.I f you do use this resource,\n the best way to be sure that you are not making dangerous changes is to start\n by **importing** your existing policy, and examining the diff very closely.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder() \n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst organization = new gcp.organizations.IAMPolicy(\"organization\", {\n orgId: \"1234567890\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\norganization = gcp.organizations.IAMPolicy(\"organization\",\n org_id=\"1234567890\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var organization = new Gcp.Organizations.IAMPolicy(\"organization\", new()\n {\n OrgId = \"1234567890\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = organizations.NewIAMPolicy(ctx, \"organization\", \u0026organizations.IAMPolicyArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.organizations.IAMPolicy;\nimport com.pulumi.gcp.organizations.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var organization = new IAMPolicy(\"organization\", IAMPolicyArgs.builder() \n .orgId(\"1234567890\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMPolicy\n properties:\n orgId: '1234567890'\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_binding\n\n\u003e **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMBinding(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMBinding(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMBinding(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMBinding(ctx, \"organization\", \u0026organizations.IAMBindingArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026organizations.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMBinding;\nimport com.pulumi.gcp.organizations.IAMBindingArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMBinding(\"organization\", IAMBindingArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMBinding\n properties:\n orgId: '1234567890'\n role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IAMMember(\"organization\", {\n orgId: \"1234567890\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IAMMember(\"organization\",\n org_id=\"1234567890\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\",\n condition=gcp.organizations.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IAMMember(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIAMMember(ctx, \"organization\", \u0026organizations.IAMMemberArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026organizations.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IAMMember;\nimport com.pulumi.gcp.organizations.IAMMemberArgs;\nimport com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IAMMember(\"organization\", IAMMemberArgs.builder() \n .orgId(\"1234567890\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IAMMember\n properties:\n orgId: '1234567890'\n role: roles/editor\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_organization\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst organization = new gcp.organizations.IamAuditConfig(\"organization\", {\n orgId: \"1234567890\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\norganization = gcp.organizations.IamAuditConfig(\"organization\",\n org_id=\"1234567890\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.organizations.IamAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.organizations.IamAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var organization = new Gcp.Organizations.IamAuditConfig(\"organization\", new()\n {\n OrgId = \"1234567890\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := organizations.NewIamAuditConfig(ctx, \"organization\", \u0026organizations.IamAuditConfigArgs{\n\t\t\tOrgId: pulumi.String(\"1234567890\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026organizations.IamAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.IamAuditConfig;\nimport com.pulumi.gcp.organizations.IamAuditConfigArgs;\nimport com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var organization = new IamAuditConfig(\"organization\", IamAuditConfigArgs.builder() \n .orgId(\"1234567890\")\n .service(\"allServices\")\n .auditLogConfigs( \n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IamAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n organization:\n type: gcp:organizations:IamAuditConfig\n properties:\n orgId: '1234567890'\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_organization_iam_audit_config` resource using the resource's `org_id` and the `service`, e.g:\n\n* `\"{{org_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{org_id}} foo.googleapis.com\"\n\n to = google_organization_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:organizations/iAMPolicy:IAMPolicy default \"{{org_id}} foo.googleapis.com\"\n```\n\n", "properties": { "etag": { "type": "string", @@ -213156,7 +213618,7 @@ } }, "gcp:projects/iAMAuditConfig:IAMAuditConfig": { - "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_project\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.projects.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.projects.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder() \n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig default \"{{project_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_project\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.projects.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.projects.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder() \n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.projects.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.projects.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder() \n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMAuditConfig:IAMAuditConfig default \"{{project_id}} foo.googleapis.com\"\n```\n\n", "properties": { "auditLogConfigs": { "type": "array", @@ -213235,7 +213697,7 @@ } }, "gcp:projects/iAMBinding:IAMBinding": { - "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_project\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.projects.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.projects.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder() \n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMBinding:IAMBinding default \"{{project_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_project\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.projects.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.projects.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder() \n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.projects.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.projects.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder() \n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMBinding:IAMBinding default \"{{project_id}} foo.googleapis.com\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:projects/IAMBindingCondition:IAMBindingCondition", @@ -213249,7 +213711,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -213276,7 +213739,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -213310,7 +213774,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -213454,7 +213919,7 @@ } }, "gcp:projects/iAMMember:IAMMember": { - "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_project\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.projects.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.projects.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder() \n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMMember:IAMMember default \"{{project_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_project\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.projects.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.projects.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder() \n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.projects.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.projects.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder() \n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMMember:IAMMember default \"{{project_id}} foo.googleapis.com\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:projects/IAMMemberCondition:IAMMemberCondition", @@ -213465,7 +213930,8 @@ "description": "(Computed) The etag of the project's IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -213490,6 +213956,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -213522,6 +213989,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field.\nEach entry can have one of the following values:\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -213539,7 +214007,7 @@ } }, "gcp:projects/iAMPolicy:IAMPolicy": { - "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_project\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.projects.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.projects.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder() \n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMPolicy:IAMPolicy default \"{{project_id}} foo.googleapis.com\"\n```\n\n", + "description": "Four different resources help you manage your IAM policy for a project. Each of these resources serves a different use case:\n\n* `gcp.projects.IAMPolicy`: Authoritative. Sets the IAM policy for the project and replaces any existing policy already attached.\n* `gcp.projects.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the project are preserved.\n* `gcp.projects.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the project are preserved.\n* `gcp.projects.IAMAuditConfig`: Authoritative for a given service. Updates the IAM policy to enable audit logging for the given service.\n\n\u003e **Note:** `gcp.projects.IAMPolicy` **cannot** be used in conjunction with `gcp.projects.IAMBinding`, `gcp.projects.IAMMember`, or `gcp.projects.IAMAuditConfig` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.projects.IAMBinding` resources **can be** used in conjunction with `gcp.projects.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** The underlying API method `projects.setIamPolicy` has a lot of constraints which are documented [here](https://cloud.google.com/resource-manager/reference/rest/v1/projects/setIamPolicy). In addition to these constraints, \n IAM Conditions cannot be used with Basic Roles such as Owner. Violating these constraints will result in the API returning 400 error code so please review these if you encounter errors with this resource.\n\n## google\\_project\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.projects.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.projects.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder() \n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_policy\n\n!\u003e **Be careful!** You can accidentally lock yourself out of your project\n using this resource. Deleting a `gcp.projects.IAMPolicy` removes access\n from anyone without organization-level access to the project. Proceed with caution.\n It's not recommended to use `gcp.projects.IAMPolicy` with your provider project\n to avoid locking yourself out, and it should generally only be used with projects\n fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before\n applying the change.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/compute.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst project = new gcp.projects.IAMPolicy(\"project\", {\n project: \"your-project-id\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/compute.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\nproject = gcp.projects.IAMPolicy(\"project\",\n project=\"your-project-id\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/compute.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var project = new Gcp.Projects.IAMPolicy(\"project\", new()\n {\n Project = \"your-project-id\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/compute.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = projects.NewIAMPolicy(ctx, \"project\", \u0026projects.IAMPolicyArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.projects.IAMPolicy;\nimport com.pulumi.gcp.projects.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/compute.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var project = new IAMPolicy(\"project\", IAMPolicyArgs.builder() \n .project(\"your-project-id\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMPolicy\n properties:\n project: your-project-id\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/compute.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMBinding(\"project\", {\n project: \"your-project-id\",\n role: \"roles/container.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMBinding(\"project\",\n project=\"your-project-id\",\n role=\"roles/container.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.projects.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMBinding(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/container.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMBinding(ctx, \"project\", \u0026projects.IAMBindingArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/container.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026projects.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMBinding;\nimport com.pulumi.gcp.projects.IAMBindingArgs;\nimport com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMBinding(\"project\", IAMBindingArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/container.admin\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMBinding\n properties:\n project: your-project-id\n role: roles/container.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMMember(\"project\", {\n project: \"your-project-id\",\n role: \"roles/firebase.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMMember(\"project\",\n project=\"your-project-id\",\n role=\"roles/firebase.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.projects.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMMember(\"project\", new()\n {\n Project = \"your-project-id\",\n Role = \"roles/firebase.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMMember(ctx, \"project\", \u0026projects.IAMMemberArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tRole: pulumi.String(\"roles/firebase.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026projects.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMMember;\nimport com.pulumi.gcp.projects.IAMMemberArgs;\nimport com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMMember(\"project\", IAMMemberArgs.builder() \n .project(\"your-project-id\")\n .role(\"roles/firebase.admin\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMMember\n properties:\n project: your-project-id\n role: roles/firebase.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_project\\_iam\\_audit\\_config\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst project = new gcp.projects.IAMAuditConfig(\"project\", {\n project: \"your-project-id\",\n service: \"allServices\",\n auditLogConfigs: [\n {\n logType: \"ADMIN_READ\",\n },\n {\n logType: \"DATA_READ\",\n exemptedMembers: [\"user:joebloggs@example.com\"],\n },\n ],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nproject = gcp.projects.IAMAuditConfig(\"project\",\n project=\"your-project-id\",\n service=\"allServices\",\n audit_log_configs=[\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"ADMIN_READ\",\n ),\n gcp.projects.IAMAuditConfigAuditLogConfigArgs(\n log_type=\"DATA_READ\",\n exempted_members=[\"user:joebloggs@example.com\"],\n ),\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var project = new Gcp.Projects.IAMAuditConfig(\"project\", new()\n {\n Project = \"your-project-id\",\n Service = \"allServices\",\n AuditLogConfigs = new[]\n {\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"ADMIN_READ\",\n },\n new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs\n {\n LogType = \"DATA_READ\",\n ExemptedMembers = new[]\n {\n \"user:joebloggs@example.com\",\n },\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := projects.NewIAMAuditConfig(ctx, \"project\", \u0026projects.IAMAuditConfigArgs{\n\t\t\tProject: pulumi.String(\"your-project-id\"),\n\t\t\tService: pulumi.String(\"allServices\"),\n\t\t\tAuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"ADMIN_READ\"),\n\t\t\t\t},\n\t\t\t\t\u0026projects.IAMAuditConfigAuditLogConfigArgs{\n\t\t\t\t\tLogType: pulumi.String(\"DATA_READ\"),\n\t\t\t\t\tExemptedMembers: pulumi.StringArray{\n\t\t\t\t\t\tpulumi.String(\"user:joebloggs@example.com\"),\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.projects.IAMAuditConfig;\nimport com.pulumi.gcp.projects.IAMAuditConfigArgs;\nimport com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var project = new IAMAuditConfig(\"project\", IAMAuditConfigArgs.builder() \n .project(\"your-project-id\")\n .service(\"allServices\")\n .auditLogConfigs( \n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"ADMIN_READ\")\n .build(),\n IAMAuditConfigAuditLogConfigArgs.builder()\n .logType(\"DATA_READ\")\n .exemptedMembers(\"user:joebloggs@example.com\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n project:\n type: gcp:projects:IAMAuditConfig\n properties:\n project: your-project-id\n service: allServices\n auditLogConfigs:\n - logType: ADMIN_READ\n - logType: DATA_READ\n exemptedMembers:\n - user:joebloggs@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing Audit Configs\n\nAn audit config can be imported into a `google_project_iam_audit_config` resource using the resource's `project_id` and the `service`, e.g:\n\n* `\"{{project_id}} foo.googleapis.com\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import audit configs:\n\ntf\n\nimport {\n\n id = \"{{project_id}} foo.googleapis.com\"\n\n to = google_project_iam_audit_config.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:projects/iAMPolicy:IAMPolicy default \"{{project_id}} foo.googleapis.com\"\n```\n\n", "properties": { "etag": { "type": "string", @@ -214263,7 +214731,7 @@ } }, "gcp:pubsub/schemaIamBinding:SchemaIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_schema\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder() \n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/schemas/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamBinding:SchemaIamBinding editor \"projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamBinding:SchemaIamBinding editor \"projects/{{project}}/schemas/{{schema}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamBinding:SchemaIamBinding editor projects/{{project}}/schemas/{{schema}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_schema\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder() \n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_pubsub\\_schema\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder() \n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/schemas/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamBinding:SchemaIamBinding editor \"projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamBinding:SchemaIamBinding editor \"projects/{{project}}/schemas/{{schema}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamBinding:SchemaIamBinding editor projects/{{project}}/schemas/{{schema}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:pubsub/SchemaIamBindingCondition:SchemaIamBindingCondition" @@ -214276,11 +214744,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -214307,11 +214776,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -214345,11 +214815,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -214367,7 +214838,7 @@ } }, "gcp:pubsub/schemaIamMember:SchemaIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_schema\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder() \n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/schemas/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamMember:SchemaIamMember editor \"projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamMember:SchemaIamMember editor \"projects/{{project}}/schemas/{{schema}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamMember:SchemaIamMember editor projects/{{project}}/schemas/{{schema}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_schema\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder() \n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_pubsub\\_schema\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder() \n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/schemas/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamMember:SchemaIamMember editor \"projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamMember:SchemaIamMember editor \"projects/{{project}}/schemas/{{schema}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamMember:SchemaIamMember editor projects/{{project}}/schemas/{{schema}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:pubsub/SchemaIamMemberCondition:SchemaIamMemberCondition" @@ -214377,11 +214848,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -214406,11 +214878,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -214442,11 +214915,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -214464,7 +214938,7 @@ } }, "gcp:pubsub/schemaIamPolicy:SchemaIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_schema\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder() \n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/schemas/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamPolicy:SchemaIamPolicy editor \"projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamPolicy:SchemaIamPolicy editor \"projects/{{project}}/schemas/{{schema}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamPolicy:SchemaIamPolicy editor projects/{{project}}/schemas/{{schema}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Schema. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SchemaIamPolicy`: Authoritative. Sets the IAM policy for the schema and replaces any existing policy already attached.\n* `gcp.pubsub.SchemaIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the schema are preserved.\n* `gcp.pubsub.SchemaIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the schema are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.SchemaIamPolicy`: Retrieves the IAM policy for the schema\n\n\u003e **Note:** `gcp.pubsub.SchemaIamPolicy` **cannot** be used in conjunction with `gcp.pubsub.SchemaIamBinding` and `gcp.pubsub.SchemaIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SchemaIamBinding` resources **can be** used in conjunction with `gcp.pubsub.SchemaIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_schema\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder() \n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_pubsub\\_schema\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.SchemaIamPolicy(\"policy\", {\n project: example.project,\n schema: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.SchemaIamPolicy(\"policy\",\n project=example[\"project\"],\n schema=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.SchemaIamPolicy(\"policy\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSchemaIamPolicy(ctx, \"policy\", \u0026pubsub.SchemaIamPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicy;\nimport com.pulumi.gcp.pubsub.SchemaIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SchemaIamPolicy(\"policy\", SchemaIamPolicyArgs.builder() \n .project(example.project())\n .schema(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:SchemaIamPolicy\n properties:\n project: ${example.project}\n schema: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.SchemaIamBinding(\"binding\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.SchemaIamBinding(\"binding\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.SchemaIamBinding(\"binding\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamBinding(ctx, \"binding\", \u0026pubsub.SchemaIamBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamBinding;\nimport com.pulumi.gcp.pubsub.SchemaIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SchemaIamBinding(\"binding\", SchemaIamBindingArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:SchemaIamBinding\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_schema\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.SchemaIamMember(\"member\", {\n project: example.project,\n schema: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.SchemaIamMember(\"member\",\n project=example[\"project\"],\n schema=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.SchemaIamMember(\"member\", new()\n {\n Project = example.Project,\n Schema = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSchemaIamMember(ctx, \"member\", \u0026pubsub.SchemaIamMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tSchema: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SchemaIamMember;\nimport com.pulumi.gcp.pubsub.SchemaIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SchemaIamMember(\"member\", SchemaIamMemberArgs.builder() \n .project(example.project())\n .schema(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:SchemaIamMember\n properties:\n project: ${example.project}\n schema: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/schemas/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub schema IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamPolicy:SchemaIamPolicy editor \"projects/{{project}}/schemas/{{schema}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamPolicy:SchemaIamPolicy editor \"projects/{{project}}/schemas/{{schema}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/schemaIamPolicy:SchemaIamPolicy editor projects/{{project}}/schemas/{{schema}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -214476,7 +214950,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "schema": { "type": "string", @@ -214496,7 +214970,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "schema": { @@ -214522,7 +214996,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "schema": { @@ -214803,7 +215277,7 @@ } }, "gcp:pubsub/subscriptionIAMBinding:SubscriptionIAMBinding": { - "description": "Three different resources help you manage your IAM policy for pubsub subscription. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SubscriptionIAMPolicy`: Authoritative. Sets the IAM policy for the subscription and replaces any existing policy already attached.\n* `gcp.pubsub.SubscriptionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subscription are preserved.\n* `gcp.pubsub.SubscriptionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subscription are preserved.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.SubscriptionIAMBinding` and `gcp.pubsub.SubscriptionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.SubscriptionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_pubsub\\_subscription\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder() \n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Pubsub Subscription resource. For example:\n\n* `\"projects/{{project_id}}/subscriptions/{{subscription}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{{project_id}}/subscriptions/{{subscription}}\"\n\n to = google_pubsub_subscription_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:pubsub/subscriptionIAMBinding:SubscriptionIAMBinding default projects/{{project_id}}/subscriptions/{{subscription}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for pubsub subscription. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SubscriptionIAMPolicy`: Authoritative. Sets the IAM policy for the subscription and replaces any existing policy already attached.\n* `gcp.pubsub.SubscriptionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subscription are preserved.\n* `gcp.pubsub.SubscriptionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subscription are preserved.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.SubscriptionIAMBinding` and `gcp.pubsub.SubscriptionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.SubscriptionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_pubsub\\_subscription\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder() \n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder() \n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Pubsub Subscription resource. For example:\n\n* `\"projects/{{project_id}}/subscriptions/{{subscription}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{{project_id}}/subscriptions/{{subscription}}\"\n\n to = google_pubsub_subscription_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:pubsub/subscriptionIAMBinding:SubscriptionIAMBinding default projects/{{project_id}}/subscriptions/{{subscription}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:pubsub/SubscriptionIAMBindingCondition:SubscriptionIAMBindingCondition" @@ -214816,7 +215290,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -214828,7 +215303,7 @@ }, "subscription": { "type": "string", - "description": "The subscription name or id to bind to attach IAM policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The subscription name or id to bind to attach IAM policy to.\n" } }, "required": [ @@ -214847,7 +215322,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -214861,7 +215337,7 @@ }, "subscription": { "type": "string", - "description": "The subscription name or id to bind to attach IAM policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The subscription name or id to bind to attach IAM policy to.\n", "willReplaceOnChanges": true } }, @@ -214885,7 +215361,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -214899,7 +215376,7 @@ }, "subscription": { "type": "string", - "description": "The subscription name or id to bind to attach IAM policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The subscription name or id to bind to attach IAM policy to.\n", "willReplaceOnChanges": true } }, @@ -214907,7 +215384,7 @@ } }, "gcp:pubsub/subscriptionIAMMember:SubscriptionIAMMember": { - "description": "Three different resources help you manage your IAM policy for pubsub subscription. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SubscriptionIAMPolicy`: Authoritative. Sets the IAM policy for the subscription and replaces any existing policy already attached.\n* `gcp.pubsub.SubscriptionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subscription are preserved.\n* `gcp.pubsub.SubscriptionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subscription are preserved.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.SubscriptionIAMBinding` and `gcp.pubsub.SubscriptionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.SubscriptionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_pubsub\\_subscription\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder() \n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Pubsub Subscription resource. For example:\n\n* `\"projects/{{project_id}}/subscriptions/{{subscription}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{{project_id}}/subscriptions/{{subscription}}\"\n\n to = google_pubsub_subscription_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:pubsub/subscriptionIAMMember:SubscriptionIAMMember default projects/{{project_id}}/subscriptions/{{subscription}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for pubsub subscription. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SubscriptionIAMPolicy`: Authoritative. Sets the IAM policy for the subscription and replaces any existing policy already attached.\n* `gcp.pubsub.SubscriptionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subscription are preserved.\n* `gcp.pubsub.SubscriptionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subscription are preserved.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.SubscriptionIAMBinding` and `gcp.pubsub.SubscriptionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.SubscriptionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_pubsub\\_subscription\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder() \n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder() \n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Pubsub Subscription resource. For example:\n\n* `\"projects/{{project_id}}/subscriptions/{{subscription}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{{project_id}}/subscriptions/{{subscription}}\"\n\n to = google_pubsub_subscription_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:pubsub/subscriptionIAMMember:SubscriptionIAMMember default projects/{{project_id}}/subscriptions/{{subscription}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:pubsub/SubscriptionIAMMemberCondition:SubscriptionIAMMemberCondition" @@ -214917,7 +215394,8 @@ "description": "(Computed) The etag of the subscription's IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -214929,7 +215407,7 @@ }, "subscription": { "type": "string", - "description": "The subscription name or id to bind to attach IAM policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The subscription name or id to bind to attach IAM policy to.\n" } }, "required": [ @@ -214946,6 +215424,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -214960,7 +215439,7 @@ }, "subscription": { "type": "string", - "description": "The subscription name or id to bind to attach IAM policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The subscription name or id to bind to attach IAM policy to.\n", "willReplaceOnChanges": true } }, @@ -214982,6 +215461,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -214996,7 +215476,7 @@ }, "subscription": { "type": "string", - "description": "The subscription name or id to bind to attach IAM policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The subscription name or id to bind to attach IAM policy to.\n", "willReplaceOnChanges": true } }, @@ -215004,7 +215484,7 @@ } }, "gcp:pubsub/subscriptionIAMPolicy:SubscriptionIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for pubsub subscription. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SubscriptionIAMPolicy`: Authoritative. Sets the IAM policy for the subscription and replaces any existing policy already attached.\n* `gcp.pubsub.SubscriptionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subscription are preserved.\n* `gcp.pubsub.SubscriptionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subscription are preserved.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.SubscriptionIAMBinding` and `gcp.pubsub.SubscriptionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.SubscriptionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_pubsub\\_subscription\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder() \n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Pubsub Subscription resource. For example:\n\n* `\"projects/{{project_id}}/subscriptions/{{subscription}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{{project_id}}/subscriptions/{{subscription}}\"\n\n to = google_pubsub_subscription_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:pubsub/subscriptionIAMPolicy:SubscriptionIAMPolicy default projects/{{project_id}}/subscriptions/{{subscription}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for pubsub subscription. Each of these resources serves a different use case:\n\n* `gcp.pubsub.SubscriptionIAMPolicy`: Authoritative. Sets the IAM policy for the subscription and replaces any existing policy already attached.\n* `gcp.pubsub.SubscriptionIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the subscription are preserved.\n* `gcp.pubsub.SubscriptionIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the subscription are preserved.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.SubscriptionIAMBinding` and `gcp.pubsub.SubscriptionIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.SubscriptionIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.SubscriptionIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_pubsub\\_subscription\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder() \n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst editor = new gcp.pubsub.SubscriptionIAMPolicy(\"editor\", {\n subscription: \"your-subscription-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\neditor = gcp.pubsub.SubscriptionIAMPolicy(\"editor\",\n subscription=\"your-subscription-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var editor = new Gcp.PubSub.SubscriptionIAMPolicy(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewSubscriptionIAMPolicy(ctx, \"editor\", \u0026pubsub.SubscriptionIAMPolicyArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicy;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var editor = new SubscriptionIAMPolicy(\"editor\", SubscriptionIAMPolicyArgs.builder() \n .subscription(\"your-subscription-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMPolicy\n properties:\n subscription: your-subscription-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMBinding(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMBinding(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMBinding(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMBinding(ctx, \"editor\", \u0026pubsub.SubscriptionIAMBindingArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBinding;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMBinding(\"editor\", SubscriptionIAMBindingArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMBinding\n properties:\n subscription: your-subscription-name\n role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_subscription\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst editor = new gcp.pubsub.SubscriptionIAMMember(\"editor\", {\n subscription: \"your-subscription-name\",\n role: \"roles/editor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\neditor = gcp.pubsub.SubscriptionIAMMember(\"editor\",\n subscription=\"your-subscription-name\",\n role=\"roles/editor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var editor = new Gcp.PubSub.SubscriptionIAMMember(\"editor\", new()\n {\n Subscription = \"your-subscription-name\",\n Role = \"roles/editor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewSubscriptionIAMMember(ctx, \"editor\", \u0026pubsub.SubscriptionIAMMemberArgs{\n\t\t\tSubscription: pulumi.String(\"your-subscription-name\"),\n\t\t\tRole: pulumi.String(\"roles/editor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMember;\nimport com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var editor = new SubscriptionIAMMember(\"editor\", SubscriptionIAMMemberArgs.builder() \n .subscription(\"your-subscription-name\")\n .role(\"roles/editor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n editor:\n type: gcp:pubsub:SubscriptionIAMMember\n properties:\n subscription: your-subscription-name\n role: roles/editor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Pubsub Subscription resource. For example:\n\n* `\"projects/{{project_id}}/subscriptions/{{subscription}}\"`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = \"projects/{{project_id}}/subscriptions/{{subscription}}\"\n\n to = google_pubsub_subscription_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:pubsub/subscriptionIAMPolicy:SubscriptionIAMPolicy default projects/{{project_id}}/subscriptions/{{subscription}}\n```\n\n", "properties": { "etag": { "type": "string", @@ -215020,7 +215500,7 @@ }, "subscription": { "type": "string", - "description": "The subscription name or id to bind to attach IAM policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The subscription name or id to bind to attach IAM policy to.\n" } }, "required": [ @@ -215041,7 +215521,7 @@ }, "subscription": { "type": "string", - "description": "The subscription name or id to bind to attach IAM policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The subscription name or id to bind to attach IAM policy to.\n", "willReplaceOnChanges": true } }, @@ -215067,7 +215547,7 @@ }, "subscription": { "type": "string", - "description": "The subscription name or id to bind to attach IAM policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The subscription name or id to bind to attach IAM policy to.\n", "willReplaceOnChanges": true } }, @@ -215237,7 +215717,7 @@ } }, "gcp:pubsub/topicIAMBinding:TopicIAMBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMBinding:TopicIAMBinding editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMBinding:TopicIAMBinding editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMBinding:TopicIAMBinding editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMBinding:TopicIAMBinding editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMBinding:TopicIAMBinding editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMBinding:TopicIAMBinding editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:pubsub/TopicIAMBindingCondition:TopicIAMBindingCondition" @@ -215250,11 +215730,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -215281,11 +215762,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -215319,11 +215801,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -215341,7 +215824,7 @@ } }, "gcp:pubsub/topicIAMMember:TopicIAMMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMMember:TopicIAMMember editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMMember:TopicIAMMember editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMMember:TopicIAMMember editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMMember:TopicIAMMember editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMMember:TopicIAMMember editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMMember:TopicIAMMember editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:pubsub/TopicIAMMemberCondition:TopicIAMMemberCondition" @@ -215351,11 +215834,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -215380,11 +215864,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -215416,11 +215901,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -215438,7 +215924,7 @@ } }, "gcp:pubsub/topicIAMPolicy:TopicIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMPolicy:TopicIAMPolicy editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMPolicy:TopicIAMPolicy editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMPolicy:TopicIAMPolicy editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMPolicy:TopicIAMPolicy editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMPolicy:TopicIAMPolicy editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:pubsub/topicIAMPolicy:TopicIAMPolicy editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -215450,7 +215936,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "topic": { "type": "string", @@ -215470,7 +215956,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "topic": { @@ -215496,7 +215982,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "topic": { @@ -216606,11 +217092,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -216638,11 +217125,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -216676,11 +217164,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -216707,11 +217196,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -216737,11 +217227,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -216773,11 +217264,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -216806,7 +217298,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" } }, "required": [ @@ -216827,7 +217319,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -216853,7 +217345,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true } }, @@ -217212,7 +217704,7 @@ } }, "gcp:secretmanager/secretIamBinding:SecretIamBinding": { - "description": "Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_secret\\_manager\\_secret\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/secrets/{{secret_id}}\n\n* {{project}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager secret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor projects/{{project}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_secret\\_manager\\_secret\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_secret\\_manager\\_secret\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/secrets/{{secret_id}}\n\n* {{project}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager secret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamBinding:SecretIamBinding editor projects/{{project}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:secretmanager/SecretIamBindingCondition:SecretIamBindingCondition" @@ -217225,11 +217717,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -217255,11 +217748,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -217292,11 +217786,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -217313,7 +217808,7 @@ } }, "gcp:secretmanager/secretIamMember:SecretIamMember": { - "description": "Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_secret\\_manager\\_secret\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/secrets/{{secret_id}}\n\n* {{project}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager secret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamMember:SecretIamMember editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamMember:SecretIamMember editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamMember:SecretIamMember editor projects/{{project}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_secret\\_manager\\_secret\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_secret\\_manager\\_secret\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/secrets/{{secret_id}}\n\n* {{project}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager secret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamMember:SecretIamMember editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamMember:SecretIamMember editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamMember:SecretIamMember editor projects/{{project}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:secretmanager/SecretIamMemberCondition:SecretIamMemberCondition" @@ -217323,11 +217818,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -217351,11 +217847,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -217386,11 +217883,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -217407,7 +217905,7 @@ } }, "gcp:secretmanager/secretIamPolicy:SecretIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_secret\\_manager\\_secret\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/secrets/{{secret_id}}\n\n* {{project}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager secret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamPolicy:SecretIamPolicy editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamPolicy:SecretIamPolicy editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamPolicy:SecretIamPolicy editor projects/{{project}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Secret Manager Secret. Each of these resources serves a different use case:\n\n* `gcp.secretmanager.SecretIamPolicy`: Authoritative. Sets the IAM policy for the secret and replaces any existing policy already attached.\n* `gcp.secretmanager.SecretIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the secret are preserved.\n* `gcp.secretmanager.SecretIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the secret are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.secretmanager.SecretIamPolicy`: Retrieves the IAM policy for the secret\n\n\u003e **Note:** `gcp.secretmanager.SecretIamPolicy` **cannot** be used in conjunction with `gcp.secretmanager.SecretIamBinding` and `gcp.secretmanager.SecretIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.secretmanager.SecretIamBinding` resources **can be** used in conjunction with `gcp.secretmanager.SecretIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_secret\\_manager\\_secret\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_secret\\_manager\\_secret\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.secretmanager.SecretIamPolicy(\"policy\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.secretmanager.SecretIamPolicy(\"policy\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.SecretManager.SecretIamPolicy(\"policy\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/secretmanager.secretAccessor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = secretmanager.NewSecretIamPolicy(ctx, \"policy\", \u0026secretmanager.SecretIamPolicyArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicy;\nimport com.pulumi.gcp.secretmanager.SecretIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new SecretIamPolicy(\"policy\", SecretIamPolicyArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:secretmanager:SecretIamPolicy\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.secretmanager.SecretIamBinding(\"binding\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.secretmanager.SecretIamBinding(\"binding\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.SecretManager.SecretIamBinding(\"binding\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamBinding(ctx, \"binding\", \u0026secretmanager.SecretIamBindingArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamBinding;\nimport com.pulumi.gcp.secretmanager.SecretIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new SecretIamBinding(\"binding\", SecretIamBindingArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:secretmanager:SecretIamBinding\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_secret\\_manager\\_secret\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.secretmanager.SecretIamMember(\"member\", {\n project: secret_basic.project,\n secretId: secret_basic.secretId,\n role: \"roles/secretmanager.secretAccessor\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.secretmanager.SecretIamMember(\"member\",\n project=secret_basic[\"project\"],\n secret_id=secret_basic[\"secretId\"],\n role=\"roles/secretmanager.secretAccessor\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.SecretManager.SecretIamMember(\"member\", new()\n {\n Project = secret_basic.Project,\n SecretId = secret_basic.SecretId,\n Role = \"roles/secretmanager.secretAccessor\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := secretmanager.NewSecretIamMember(ctx, \"member\", \u0026secretmanager.SecretIamMemberArgs{\n\t\t\tProject: pulumi.Any(secret_basic.Project),\n\t\t\tSecretId: pulumi.Any(secret_basic.SecretId),\n\t\t\tRole: pulumi.String(\"roles/secretmanager.secretAccessor\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.secretmanager.SecretIamMember;\nimport com.pulumi.gcp.secretmanager.SecretIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new SecretIamMember(\"member\", SecretIamMemberArgs.builder() \n .project(secret_basic.project())\n .secretId(secret_basic.secretId())\n .role(\"roles/secretmanager.secretAccessor\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:secretmanager:SecretIamMember\n properties:\n project: ${[\"secret-basic\"].project}\n secretId: ${[\"secret-basic\"].secretId}\n role: roles/secretmanager.secretAccessor\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/secrets/{{secret_id}}\n\n* {{project}}/{{secret_id}}\n\n* {{secret_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nSecret Manager secret IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamPolicy:SecretIamPolicy editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamPolicy:SecretIamPolicy editor \"projects/{{project}}/secrets/{{secret_id}} roles/secretmanager.secretAccessor\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:secretmanager/secretIamPolicy:SecretIamPolicy editor projects/{{project}}/secrets/{{secret_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -217419,7 +217917,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "secretId": { "type": "string" @@ -217438,7 +217936,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "secretId": { @@ -217463,7 +217961,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "secretId": { @@ -219878,7 +220376,7 @@ ] }, "gcp:serviceaccount/iAMBinding:IAMBinding": { - "description": "When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the google_project_iam set of resources.\n\nThree different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:\n\n* `gcp.serviceaccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached.\n* `gcp.serviceaccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.\n* `gcp.serviceaccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.\n\n\u003e **Note:** `gcp.serviceaccount.IAMPolicy` **cannot** be used in conjunction with `gcp.serviceaccount.IAMBinding` and `gcp.serviceaccount.IAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.serviceaccount.IAMBinding` resources **can be** used in conjunction with `gcp.serviceaccount.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## Example Usage\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n)])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder() \n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.serviceaccount.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition=gcp.serviceaccount.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing with conditions:\n\nHere are examples of importing IAM memberships and bindings that include conditions:\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMBinding:IAMBinding admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31\"\n```\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMBinding:IAMBinding admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31\"\n```\n\n", + "description": "When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the google_project_iam set of resources.\n\nThree different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:\n\n* `gcp.serviceaccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached.\n* `gcp.serviceaccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.\n* `gcp.serviceaccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.\n\n\u003e **Note:** `gcp.serviceaccount.IAMPolicy` **cannot** be used in conjunction with `gcp.serviceaccount.IAMBinding` and `gcp.serviceaccount.IAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.serviceaccount.IAMBinding` resources **can be** used in conjunction with `gcp.serviceaccount.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## Example Usage\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n)])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder() \n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.serviceaccount.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition=gcp.serviceaccount.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Additional Examples\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n)])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder() \n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.serviceaccount.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition=gcp.serviceaccount.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing with conditions:\n\nHere are examples of importing IAM memberships and bindings that include conditions:\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMBinding:IAMBinding admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31\"\n```\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMBinding:IAMBinding admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:serviceaccount/IAMBindingCondition:IAMBindingCondition", @@ -219892,7 +220390,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -219900,7 +220399,7 @@ }, "serviceAccountId": { "type": "string", - "description": "The fully-qualified name of the service account to apply policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The fully-qualified name of the service account to apply policy to.\n" } }, "required": [ @@ -219919,7 +220418,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -219928,7 +220428,7 @@ }, "serviceAccountId": { "type": "string", - "description": "The fully-qualified name of the service account to apply policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The fully-qualified name of the service account to apply policy to.\n", "willReplaceOnChanges": true } }, @@ -219953,7 +220453,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -219962,7 +220463,7 @@ }, "serviceAccountId": { "type": "string", - "description": "The fully-qualified name of the service account to apply policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The fully-qualified name of the service account to apply policy to.\n", "willReplaceOnChanges": true } }, @@ -219975,7 +220476,7 @@ ] }, "gcp:serviceaccount/iAMMember:IAMMember": { - "description": "When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the google_project_iam set of resources.\n\nThree different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:\n\n* `gcp.serviceaccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached.\n* `gcp.serviceaccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.\n* `gcp.serviceaccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.\n\n\u003e **Note:** `gcp.serviceaccount.IAMPolicy` **cannot** be used in conjunction with `gcp.serviceaccount.IAMBinding` and `gcp.serviceaccount.IAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.serviceaccount.IAMBinding` resources **can be** used in conjunction with `gcp.serviceaccount.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## Example Usage\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n)])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder() \n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.serviceaccount.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition=gcp.serviceaccount.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing with conditions:\n\nHere are examples of importing IAM memberships and bindings that include conditions:\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMMember:IAMMember admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31\"\n```\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMMember:IAMMember admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31\"\n```\n\n", + "description": "When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the google_project_iam set of resources.\n\nThree different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:\n\n* `gcp.serviceaccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached.\n* `gcp.serviceaccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.\n* `gcp.serviceaccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.\n\n\u003e **Note:** `gcp.serviceaccount.IAMPolicy` **cannot** be used in conjunction with `gcp.serviceaccount.IAMBinding` and `gcp.serviceaccount.IAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.serviceaccount.IAMBinding` resources **can be** used in conjunction with `gcp.serviceaccount.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## Example Usage\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n)])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder() \n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.serviceaccount.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition=gcp.serviceaccount.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Additional Examples\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n)])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder() \n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.serviceaccount.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition=gcp.serviceaccount.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing with conditions:\n\nHere are examples of importing IAM memberships and bindings that include conditions:\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMMember:IAMMember admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31\"\n```\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMMember:IAMMember admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31\"\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:serviceaccount/IAMMemberCondition:IAMMemberCondition", @@ -219986,7 +220487,8 @@ "description": "(Computed) The etag of the service account IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "role": { "type": "string", @@ -219994,7 +220496,7 @@ }, "serviceAccountId": { "type": "string", - "description": "The fully-qualified name of the service account to apply policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The fully-qualified name of the service account to apply policy to.\n" } }, "required": [ @@ -220011,6 +220513,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -220020,7 +220523,7 @@ }, "serviceAccountId": { "type": "string", - "description": "The fully-qualified name of the service account to apply policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The fully-qualified name of the service account to apply policy to.\n", "willReplaceOnChanges": true } }, @@ -220043,6 +220546,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "role": { @@ -220052,7 +220556,7 @@ }, "serviceAccountId": { "type": "string", - "description": "The fully-qualified name of the service account to apply policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The fully-qualified name of the service account to apply policy to.\n", "willReplaceOnChanges": true } }, @@ -220065,7 +220569,7 @@ ] }, "gcp:serviceaccount/iAMPolicy:IAMPolicy": { - "description": "When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the google_project_iam set of resources.\n\nThree different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:\n\n* `gcp.serviceaccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached.\n* `gcp.serviceaccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.\n* `gcp.serviceaccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.\n\n\u003e **Note:** `gcp.serviceaccount.IAMPolicy` **cannot** be used in conjunction with `gcp.serviceaccount.IAMBinding` and `gcp.serviceaccount.IAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.serviceaccount.IAMBinding` resources **can be** used in conjunction with `gcp.serviceaccount.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## Example Usage\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n)])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder() \n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.serviceaccount.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition=gcp.serviceaccount.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing with conditions:\n\nHere are examples of importing IAM memberships and bindings that include conditions:\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMPolicy:IAMPolicy admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31\"\n```\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMPolicy:IAMPolicy admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31\"\n```\n\n", + "description": "When managing IAM roles, you can treat a service account either as a resource or as an identity. This resource is to add iam policy bindings to a service account resource, such as allowing the members to run operations as or modify the service account. To configure permissions for a service account on other GCP resources, use the google_project_iam set of resources.\n\nThree different resources help you manage your IAM policy for a service account. Each of these resources serves a different use case:\n\n* `gcp.serviceaccount.IAMPolicy`: Authoritative. Sets the IAM policy for the service account and replaces any existing policy already attached.\n* `gcp.serviceaccount.IAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service account are preserved.\n* `gcp.serviceaccount.IAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service account are preserved.\n\n\u003e **Note:** `gcp.serviceaccount.IAMPolicy` **cannot** be used in conjunction with `gcp.serviceaccount.IAMBinding` and `gcp.serviceaccount.IAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.serviceaccount.IAMBinding` resources **can be** used in conjunction with `gcp.serviceaccount.IAMMember` resources **only if** they do not grant privilege to the same role.\n\n## Example Usage\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n)])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder() \n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.serviceaccount.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition=gcp.serviceaccount.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n### Additional Examples\n\n### Service Account IAM Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can interact with\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMPolicy(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n)])\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can interact with\")\nadmin_account_iam = gcp.serviceaccount.IAMPolicy(\"admin-account-iam\",\n service_account_id=sa.name,\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can interact with\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/iam.serviceAccountUser\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can interact with\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMPolicy(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMPolicyArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMPolicy;\nimport com.pulumi.gcp.serviceaccount.IAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can interact with\")\n .build());\n\n var admin_account_iam = new IAMPolicy(\"admin-account-iam\", IAMPolicyArgs.builder() \n .serviceAccountId(sa.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can interact with\n admin-account-iam:\n type: gcp:serviceaccount:IAMPolicy\n properties:\n serviceAccountId: ${sa.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Binding With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that only Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMBinding(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that only Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMBinding(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.serviceaccount.IAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that only Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMBinding(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that only Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMBinding(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMBindingArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026serviceaccount.IAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMBinding;\nimport com.pulumi.gcp.serviceaccount.IAMBindingArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that only Jane can use\")\n .build());\n\n var admin_account_iam = new IAMBinding(\"admin-account-iam\", IAMBindingArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .members(\"user:jane@example.com\")\n .condition(IAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that only Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMBinding\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst default = gcp.compute.getDefaultServiceAccount({});\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n});\n// Allow SA service account use the default GCE account\nconst gce_default_account_iam = new gcp.serviceaccount.IAMMember(\"gce-default-account-iam\", {\n serviceAccountId: _default.then(_default =\u003e _default.name),\n role: \"roles/iam.serviceAccountUser\",\n member: pulumi.interpolate`serviceAccount:${sa.email}`,\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndefault = gcp.compute.get_default_service_account()\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\")\n# Allow SA service account use the default GCE account\ngce_default_account_iam = gcp.serviceaccount.IAMMember(\"gce-default-account-iam\",\n service_account_id=default.name,\n role=\"roles/iam.serviceAccountUser\",\n member=sa.email.apply(lambda email: f\"serviceAccount:{email}\"))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke();\n\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n });\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember(\"gce-default-account-iam\", new()\n {\n ServiceAccountId = @default.Apply(@default =\u003e @default.Apply(getDefaultServiceAccountResult =\u003e getDefaultServiceAccountResult.Name)),\n Role = \"roles/iam.serviceAccountUser\",\n Member = sa.Email.Apply(email =\u003e $\"serviceAccount:{email}\"),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"fmt\"\n\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_default, err := compute.GetDefaultServiceAccount(ctx, nil, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t// Allow SA service account use the default GCE account\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"gce-default-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: pulumi.String(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: sa.Email.ApplyT(func(email string) (string, error) {\n\t\t\t\treturn fmt.Sprintf(\"serviceAccount:%v\", email), nil\n\t\t\t}).(pulumi.StringOutput),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.compute.ComputeFunctions;\nimport com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var default = ComputeFunctions.getDefaultServiceAccount();\n\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n // Allow SA service account use the default GCE account\n var gce_default_account_iam = new IAMMember(\"gce-default-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(default_.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(sa.email().applyValue(email -\u003e String.format(\"serviceAccount:%s\", email)))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n # Allow SA service account use the default GCE account\n gce-default-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${default.name}\n role: roles/iam.serviceAccountUser\n member: serviceAccount:${sa.email}\nvariables:\n default:\n fn::invoke:\n Function: gcp:compute:getDefaultServiceAccount\n Arguments: {}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Service Account IAM Member With IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst sa = new gcp.serviceaccount.Account(\"sa\", {\n accountId: \"my-service-account\",\n displayName: \"A service account that Jane can use\",\n});\nconst admin_account_iam = new gcp.serviceaccount.IAMMember(\"admin-account-iam\", {\n serviceAccountId: sa.name,\n role: \"roles/iam.serviceAccountUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nsa = gcp.serviceaccount.Account(\"sa\",\n account_id=\"my-service-account\",\n display_name=\"A service account that Jane can use\")\nadmin_account_iam = gcp.serviceaccount.IAMMember(\"admin-account-iam\",\n service_account_id=sa.name,\n role=\"roles/iam.serviceAccountUser\",\n member=\"user:jane@example.com\",\n condition=gcp.serviceaccount.IAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var sa = new Gcp.ServiceAccount.Account(\"sa\", new()\n {\n AccountId = \"my-service-account\",\n DisplayName = \"A service account that Jane can use\",\n });\n\n var admin_account_iam = new Gcp.ServiceAccount.IAMMember(\"admin-account-iam\", new()\n {\n ServiceAccountId = sa.Name,\n Role = \"roles/iam.serviceAccountUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tsa, err := serviceaccount.NewAccount(ctx, \"sa\", \u0026serviceaccount.AccountArgs{\n\t\t\tAccountId: pulumi.String(\"my-service-account\"),\n\t\t\tDisplayName: pulumi.String(\"A service account that Jane can use\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = serviceaccount.NewIAMMember(ctx, \"admin-account-iam\", \u0026serviceaccount.IAMMemberArgs{\n\t\t\tServiceAccountId: sa.Name,\n\t\t\tRole: pulumi.String(\"roles/iam.serviceAccountUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026serviceaccount.IAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.serviceaccount.Account;\nimport com.pulumi.gcp.serviceaccount.AccountArgs;\nimport com.pulumi.gcp.serviceaccount.IAMMember;\nimport com.pulumi.gcp.serviceaccount.IAMMemberArgs;\nimport com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var sa = new Account(\"sa\", AccountArgs.builder() \n .accountId(\"my-service-account\")\n .displayName(\"A service account that Jane can use\")\n .build());\n\n var admin_account_iam = new IAMMember(\"admin-account-iam\", IAMMemberArgs.builder() \n .serviceAccountId(sa.name())\n .role(\"roles/iam.serviceAccountUser\")\n .member(\"user:jane@example.com\")\n .condition(IAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n sa:\n type: gcp:serviceaccount:Account\n properties:\n accountId: my-service-account\n displayName: A service account that Jane can use\n admin-account-iam:\n type: gcp:serviceaccount:IAMMember\n properties:\n serviceAccountId: ${sa.name}\n role: roles/iam.serviceAccountUser\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing with conditions:\n\nHere are examples of importing IAM memberships and bindings that include conditions:\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMPolicy:IAMPolicy admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser expires_after_2019_12_31\"\n```\n\n```sh\n$ pulumi import gcp:serviceaccount/iAMPolicy:IAMPolicy admin-account-iam \"projects/{your-project-id}/serviceAccounts/{your-service-account-email} roles/iam.serviceAccountUser user:foo@example.com expires_after_2019_12_31\"\n```\n\n", "properties": { "etag": { "type": "string", @@ -220077,7 +220581,7 @@ }, "serviceAccountId": { "type": "string", - "description": "The fully-qualified name of the service account to apply policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The fully-qualified name of the service account to apply policy to.\n" } }, "required": [ @@ -220092,7 +220596,7 @@ }, "serviceAccountId": { "type": "string", - "description": "The fully-qualified name of the service account to apply policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The fully-qualified name of the service account to apply policy to.\n", "willReplaceOnChanges": true } }, @@ -220113,7 +220617,7 @@ }, "serviceAccountId": { "type": "string", - "description": "The fully-qualified name of the service account to apply policy to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The fully-qualified name of the service account to apply policy to.\n", "willReplaceOnChanges": true } }, @@ -220537,7 +221041,7 @@ } }, "gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}\n\n* {{location}}/{{namespace_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory namespace IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}\n\n* {{location}}/{{namespace_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory namespace IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamBinding:NamespaceIamBinding editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:servicedirectory/NamespaceIamBindingCondition:NamespaceIamBindingCondition" @@ -220550,11 +221054,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "role": { "type": "string", @@ -220576,11 +221081,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -220608,11 +221114,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -220625,7 +221132,7 @@ } }, "gcp:servicedirectory/namespaceIamMember:NamespaceIamMember": { - "description": "Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}\n\n* {{location}}/{{namespace_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory namespace IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamMember:NamespaceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamMember:NamespaceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamMember:NamespaceIamMember editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}\n\n* {{location}}/{{namespace_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory namespace IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamMember:NamespaceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamMember:NamespaceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamMember:NamespaceIamMember editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:servicedirectory/NamespaceIamMemberCondition:NamespaceIamMemberCondition" @@ -220635,11 +221142,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "role": { "type": "string", @@ -220659,11 +221167,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -220689,11 +221198,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -220706,7 +221216,7 @@ } }, "gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}\n\n* {{location}}/{{namespace_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory namespace IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Service Directory Namespace. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Authoritative. Sets the IAM policy for the namespace and replaces any existing policy already attached.\n* `gcp.servicedirectory.NamespaceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the namespace are preserved.\n* `gcp.servicedirectory.NamespaceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the namespace are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.NamespaceIamPolicy`: Retrieves the IAM policy for the namespace\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.NamespaceIamBinding` and `gcp.servicedirectory.NamespaceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.NamespaceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.NamespaceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_service\\_directory\\_namespace\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.NamespaceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.NamespaceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewNamespaceIamPolicy(ctx, \"policy\", \u0026servicedirectory.NamespaceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new NamespaceIamPolicy(\"policy\", NamespaceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:NamespaceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.NamespaceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.NamespaceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.NamespaceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamBinding(ctx, \"binding\", \u0026servicedirectory.NamespaceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBinding;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new NamespaceIamBinding(\"binding\", NamespaceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:NamespaceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_namespace\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.NamespaceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.NamespaceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.NamespaceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewNamespaceIamMember(ctx, \"member\", \u0026servicedirectory.NamespaceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMember;\nimport com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new NamespaceIamMember(\"member\", NamespaceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:NamespaceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}\n\n* {{location}}/{{namespace_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory namespace IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/namespaceIamPolicy:NamespaceIamPolicy editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -220714,7 +221224,7 @@ }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "policyData": { "type": "string", @@ -220729,7 +221239,7 @@ "inputProperties": { "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "policyData": { @@ -220749,7 +221259,7 @@ }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "policyData": { @@ -220838,7 +221348,7 @@ } }, "gcp:servicedirectory/serviceIamBinding:ServiceIamBinding": { - "description": "Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}/{{service_id}}\n\n* {{location}}/{{namespace_id}}/{{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamBinding:ServiceIamBinding editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}/{{service_id}}\n\n* {{location}}/{{namespace_id}}/{{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamBinding:ServiceIamBinding editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamBinding:ServiceIamBinding editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:servicedirectory/ServiceIamBindingCondition:ServiceIamBindingCondition" @@ -220851,11 +221361,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "role": { "type": "string", @@ -220877,11 +221388,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -220909,11 +221421,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -220926,7 +221439,7 @@ } }, "gcp:servicedirectory/serviceIamMember:ServiceIamMember": { - "description": "Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}/{{service_id}}\n\n* {{location}}/{{namespace_id}}/{{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamMember:ServiceIamMember editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}/{{service_id}}\n\n* {{location}}/{{namespace_id}}/{{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamMember:ServiceIamMember editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamMember:ServiceIamMember editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:servicedirectory/ServiceIamMemberCondition:ServiceIamMemberCondition" @@ -220936,11 +221449,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "role": { "type": "string", @@ -220960,11 +221474,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -220990,11 +221505,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "role": { @@ -221007,7 +221523,7 @@ } }, "gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}/{{service_id}}\n\n* {{location}}/{{namespace_id}}/{{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Service Directory Service. Each of these resources serves a different use case:\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Authoritative. Sets the IAM policy for the service and replaces any existing policy already attached.\n* `gcp.servicedirectory.ServiceIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the service are preserved.\n* `gcp.servicedirectory.ServiceIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the service are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.servicedirectory.ServiceIamPolicy`: Retrieves the IAM policy for the service\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamPolicy` **cannot** be used in conjunction with `gcp.servicedirectory.ServiceIamBinding` and `gcp.servicedirectory.ServiceIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.servicedirectory.ServiceIamBinding` resources **can be** used in conjunction with `gcp.servicedirectory.ServiceIamMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_service\\_directory\\_service\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.servicedirectory.ServiceIamPolicy(\"policy\", {\n name: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.servicedirectory.ServiceIamPolicy(\"policy\",\n name=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.ServiceDirectory.ServiceIamPolicy(\"policy\", new()\n {\n Name = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = servicedirectory.NewServiceIamPolicy(ctx, \"policy\", \u0026servicedirectory.ServiceIamPolicyArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicy;\nimport com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new ServiceIamPolicy(\"policy\", ServiceIamPolicyArgs.builder() \n .name(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:servicedirectory:ServiceIamPolicy\n properties:\n name: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.servicedirectory.ServiceIamBinding(\"binding\", {\n name: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.servicedirectory.ServiceIamBinding(\"binding\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.ServiceDirectory.ServiceIamBinding(\"binding\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamBinding(ctx, \"binding\", \u0026servicedirectory.ServiceIamBindingArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBinding;\nimport com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new ServiceIamBinding(\"binding\", ServiceIamBindingArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:servicedirectory:ServiceIamBinding\n properties:\n name: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_service\\_directory\\_service\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.servicedirectory.ServiceIamMember(\"member\", {\n name: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.servicedirectory.ServiceIamMember(\"member\",\n name=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.ServiceDirectory.ServiceIamMember(\"member\", new()\n {\n Name = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := servicedirectory.NewServiceIamMember(ctx, \"member\", \u0026servicedirectory.ServiceIamMemberArgs{\n\t\t\tName: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMember;\nimport com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new ServiceIamMember(\"member\", ServiceIamMemberArgs.builder() \n .name(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:servicedirectory:ServiceIamMember\n properties:\n name: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n\n* {{project}}/{{location}}/{{namespace_id}}/{{service_id}}\n\n* {{location}}/{{namespace_id}}/{{service_id}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nService Directory service IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy editor \"projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:servicedirectory/serviceIamPolicy:ServiceIamPolicy editor projects/{{project}}/locations/{{location}}/namespaces/{{namespace_id}}/services/{{service_id}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -221015,7 +221531,7 @@ }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "policyData": { "type": "string", @@ -221030,7 +221546,7 @@ "inputProperties": { "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "policyData": { @@ -221050,7 +221566,7 @@ }, "name": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "policyData": { @@ -221479,7 +221995,7 @@ } }, "gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamBinding:RepositoryIamBinding editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:sourcerepo/RepositoryIamBindingCondition:RepositoryIamBindingCondition" @@ -221492,11 +222008,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "repository": { "type": "string" @@ -221522,11 +222039,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "repository": { @@ -221559,11 +222077,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "repository": { @@ -221580,7 +222099,7 @@ } }, "gcp:sourcerepo/repositoryIamMember:RepositoryIamMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamMember:RepositoryIamMember editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamMember:RepositoryIamMember editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamMember:RepositoryIamMember editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:sourcerepo/RepositoryIamMemberCondition:RepositoryIamMemberCondition" @@ -221590,11 +222109,12 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "repository": { "type": "string" @@ -221618,11 +222138,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "repository": { @@ -221653,11 +222174,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "repository": { @@ -221674,7 +222196,7 @@ } }, "gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Pub/Sub Topic. Each of these resources serves a different use case:\n\n* `gcp.pubsub.TopicIAMPolicy`: Authoritative. Sets the IAM policy for the topic and replaces any existing policy already attached.\n* `gcp.pubsub.TopicIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the topic are preserved.\n* `gcp.pubsub.TopicIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the topic are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.pubsub.TopicIAMPolicy`: Retrieves the IAM policy for the topic\n\n\u003e **Note:** `gcp.pubsub.TopicIAMPolicy` **cannot** be used in conjunction with `gcp.pubsub.TopicIAMBinding` and `gcp.pubsub.TopicIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.pubsub.TopicIAMBinding` resources **can be** used in conjunction with `gcp.pubsub.TopicIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_pubsub\\_topic\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.pubsub.TopicIAMPolicy(\"policy\", {\n project: example.project,\n topic: example.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.pubsub.TopicIAMPolicy(\"policy\",\n project=example[\"project\"],\n topic=example[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.PubSub.TopicIAMPolicy(\"policy\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = pubsub.NewTopicIAMPolicy(ctx, \"policy\", \u0026pubsub.TopicIAMPolicyArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicy;\nimport com.pulumi.gcp.pubsub.TopicIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TopicIAMPolicy(\"policy\", TopicIAMPolicyArgs.builder() \n .project(example.project())\n .topic(example.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:pubsub:TopicIAMPolicy\n properties:\n project: ${example.project}\n topic: ${example.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.pubsub.TopicIAMBinding(\"binding\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.pubsub.TopicIAMBinding(\"binding\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.PubSub.TopicIAMBinding(\"binding\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMBinding(ctx, \"binding\", \u0026pubsub.TopicIAMBindingArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMBinding;\nimport com.pulumi.gcp.pubsub.TopicIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TopicIAMBinding(\"binding\", TopicIAMBindingArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:pubsub:TopicIAMBinding\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_pubsub\\_topic\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.pubsub.TopicIAMMember(\"member\", {\n project: example.project,\n topic: example.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.pubsub.TopicIAMMember(\"member\",\n project=example[\"project\"],\n topic=example[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.PubSub.TopicIAMMember(\"member\", new()\n {\n Project = example.Project,\n Topic = example.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := pubsub.NewTopicIAMMember(ctx, \"member\", \u0026pubsub.TopicIAMMemberArgs{\n\t\t\tProject: pulumi.Any(example.Project),\n\t\t\tTopic: pulumi.Any(example.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.pubsub.TopicIAMMember;\nimport com.pulumi.gcp.pubsub.TopicIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TopicIAMMember(\"member\", TopicIAMMemberArgs.builder() \n .project(example.project())\n .topic(example.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:pubsub:TopicIAMMember\n properties:\n project: ${example.project}\n topic: ${example.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* projects/{{project}}/topics/{{name}}\n\n* {{project}}/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Pub/Sub topic IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/topics/{{topic}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy editor \"projects/{{project}}/topics/{{topic}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:sourcerepo/repositoryIamPolicy:RepositoryIamPolicy editor projects/{{project}}/topics/{{topic}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -221686,7 +222208,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "repository": { "type": "string" @@ -221705,7 +222227,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "repository": { @@ -221730,7 +222252,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "repository": { @@ -221901,7 +222423,7 @@ } }, "gcp:spanner/databaseIAMBinding:DatabaseIAMBinding": { - "description": "Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:\n\n* `gcp.spanner.DatabaseIAMPolicy`: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your database using `gcp.spanner.DatabaseIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.DatabaseIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.\n* `gcp.spanner.DatabaseIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.DatabaseIAMBinding` and `gcp.spanner.DatabaseIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMBinding` resources **can be** used in conjunction with `gcp.spanner.DatabaseIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_spanner\\_database\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ),\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.spanner.DatabaseIAMBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.spanner.DatabaseIAMMemberConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Database resource in question. For example:\n\n* `{{project}}/{{instance}}/{{database}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}/{{database}}\n\n to = google_spanner_database_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/databaseIAMBinding:DatabaseIAMBinding default {{project}}/{{instance}}/{{database}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:\n\n* `gcp.spanner.DatabaseIAMPolicy`: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your database using `gcp.spanner.DatabaseIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.DatabaseIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.\n* `gcp.spanner.DatabaseIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.DatabaseIAMBinding` and `gcp.spanner.DatabaseIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMBinding` resources **can be** used in conjunction with `gcp.spanner.DatabaseIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_spanner\\_database\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ),\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.spanner.DatabaseIAMBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.spanner.DatabaseIAMMemberConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ),\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.spanner.DatabaseIAMBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.spanner.DatabaseIAMMemberConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Database resource in question. For example:\n\n* `{{project}}/{{instance}}/{{database}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}/{{database}}\n\n to = google_spanner_database_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/databaseIAMBinding:DatabaseIAMBinding default {{project}}/{{instance}}/{{database}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:spanner/DatabaseIAMBindingCondition:DatabaseIAMBindingCondition", @@ -221917,13 +222439,14 @@ }, "instance": { "type": "string", - "description": "The name of the Spanner instance the database belongs to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name of the Spanner instance the database belongs to.\n" }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -221955,14 +222478,15 @@ }, "instance": { "type": "string", - "description": "The name of the Spanner instance the database belongs to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name of the Spanner instance the database belongs to.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -222000,14 +222524,15 @@ }, "instance": { "type": "string", - "description": "The name of the Spanner instance the database belongs to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name of the Spanner instance the database belongs to.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -222024,7 +222549,7 @@ } }, "gcp:spanner/databaseIAMMember:DatabaseIAMMember": { - "description": "Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:\n\n* `gcp.spanner.DatabaseIAMPolicy`: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your database using `gcp.spanner.DatabaseIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.DatabaseIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.\n* `gcp.spanner.DatabaseIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.DatabaseIAMBinding` and `gcp.spanner.DatabaseIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMBinding` resources **can be** used in conjunction with `gcp.spanner.DatabaseIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_spanner\\_database\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ),\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.spanner.DatabaseIAMBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.spanner.DatabaseIAMMemberConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Database resource in question. For example:\n\n* `{{project}}/{{instance}}/{{database}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}/{{database}}\n\n to = google_spanner_database_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/databaseIAMMember:DatabaseIAMMember default {{project}}/{{instance}}/{{database}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:\n\n* `gcp.spanner.DatabaseIAMPolicy`: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your database using `gcp.spanner.DatabaseIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.DatabaseIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.\n* `gcp.spanner.DatabaseIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.DatabaseIAMBinding` and `gcp.spanner.DatabaseIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMBinding` resources **can be** used in conjunction with `gcp.spanner.DatabaseIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_spanner\\_database\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ),\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.spanner.DatabaseIAMBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.spanner.DatabaseIAMMemberConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ),\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.spanner.DatabaseIAMBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.spanner.DatabaseIAMMemberConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Database resource in question. For example:\n\n* `{{project}}/{{instance}}/{{database}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}/{{database}}\n\n to = google_spanner_database_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/databaseIAMMember:DatabaseIAMMember default {{project}}/{{instance}}/{{database}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:spanner/DatabaseIAMMemberCondition:DatabaseIAMMemberCondition", @@ -222040,10 +222565,11 @@ }, "instance": { "type": "string", - "description": "The name of the Spanner instance the database belongs to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name of the Spanner instance the database belongs to.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -222075,11 +222601,12 @@ }, "instance": { "type": "string", - "description": "The name of the Spanner instance the database belongs to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name of the Spanner instance the database belongs to.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -222118,11 +222645,12 @@ }, "instance": { "type": "string", - "description": "The name of the Spanner instance the database belongs to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name of the Spanner instance the database belongs to.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -222140,7 +222668,7 @@ } }, "gcp:spanner/databaseIAMPolicy:DatabaseIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:\n\n* `gcp.spanner.DatabaseIAMPolicy`: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your database using `gcp.spanner.DatabaseIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.DatabaseIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.\n* `gcp.spanner.DatabaseIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.DatabaseIAMBinding` and `gcp.spanner.DatabaseIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMBinding` resources **can be** used in conjunction with `gcp.spanner.DatabaseIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_spanner\\_database\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ),\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.spanner.DatabaseIAMBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.spanner.DatabaseIAMMemberConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Database resource in question. For example:\n\n* `{{project}}/{{instance}}/{{database}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}/{{database}}\n\n to = google_spanner_database_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/databaseIAMPolicy:DatabaseIAMPolicy default {{project}}/{{instance}}/{{database}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for a Spanner database. Each of these resources serves a different use case:\n\n* `gcp.spanner.DatabaseIAMPolicy`: Authoritative. Sets the IAM policy for the database and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your database using `gcp.spanner.DatabaseIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.DatabaseIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the database are preserved.\n* `gcp.spanner.DatabaseIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the database are preserved.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.DatabaseIAMBinding` and `gcp.spanner.DatabaseIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.DatabaseIAMBinding` resources **can be** used in conjunction with `gcp.spanner.DatabaseIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_spanner\\_database\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ),\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.spanner.DatabaseIAMBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.spanner.DatabaseIAMMemberConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n }],\n});\nconst database = new gcp.spanner.DatabaseIAMPolicy(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ),\n)])\ndatabase = gcp.spanner.DatabaseIAMPolicy(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n },\n },\n });\n\n var database = new Gcp.Spanner.DatabaseIAMPolicy(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"My Role\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Grant permissions on my_role\"),\n\t\t\t\t\t\tExpression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewDatabaseIAMPolicy(ctx, \"database\", \u0026spanner.DatabaseIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicy;\nimport com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build())\n .build());\n\n var database = new DatabaseIAMPolicy(\"database\", DatabaseIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMPolicy\n properties:\n instance: your-instance-name\n database: your-database-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMBinding(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMBinding(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n members=[\"user:jane@example.com\"],\n condition=gcp.spanner.DatabaseIAMBindingConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMBinding(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMBinding(ctx, \"database\", \u0026spanner.DatabaseIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026spanner.DatabaseIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMBinding;\nimport com.pulumi.gcp.spanner.DatabaseIAMBindingArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMBinding(\"database\", DatabaseIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .members(\"user:jane@example.com\")\n .condition(DatabaseIAMBindingConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMBinding\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n members:\n - user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_database\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst database = new gcp.spanner.DatabaseIAMMember(\"database\", {\n instance: \"your-instance-name\",\n database: \"your-database-name\",\n role: \"roles/compute.networkUser\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"My Role\",\n description: \"Grant permissions on my_role\",\n expression: \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ndatabase = gcp.spanner.DatabaseIAMMember(\"database\",\n instance=\"your-instance-name\",\n database=\"your-database-name\",\n role=\"roles/compute.networkUser\",\n member=\"user:jane@example.com\",\n condition=gcp.spanner.DatabaseIAMMemberConditionArgs(\n title=\"My Role\",\n description=\"Grant permissions on my_role\",\n expression=\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var database = new Gcp.Spanner.DatabaseIAMMember(\"database\", new()\n {\n Instance = \"your-instance-name\",\n Database = \"your-database-name\",\n Role = \"roles/compute.networkUser\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs\n {\n Title = \"My Role\",\n Description = \"Grant permissions on my_role\",\n Expression = \"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewDatabaseIAMMember(ctx, \"database\", \u0026spanner.DatabaseIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tDatabase: pulumi.String(\"your-database-name\"),\n\t\t\tRole: pulumi.String(\"roles/compute.networkUser\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026spanner.DatabaseIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"My Role\"),\n\t\t\t\tDescription: pulumi.String(\"Grant permissions on my_role\"),\n\t\t\t\tExpression: pulumi.String(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.DatabaseIAMMember;\nimport com.pulumi.gcp.spanner.DatabaseIAMMemberArgs;\nimport com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var database = new DatabaseIAMMember(\"database\", DatabaseIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .database(\"your-database-name\")\n .role(\"roles/compute.networkUser\")\n .member(\"user:jane@example.com\")\n .condition(DatabaseIAMMemberConditionArgs.builder()\n .title(\"My Role\")\n .description(\"Grant permissions on my_role\")\n .expression(\"(resource.type == \\\"spanner.googleapis.com/DatabaseRole\\\" \u0026\u0026 (resource.name.endsWith(\\\"/myrole\\\")))\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n database:\n type: gcp:spanner:DatabaseIAMMember\n properties:\n instance: your-instance-name\n database: your-database-name\n role: roles/compute.networkUser\n member: user:jane@example.com\n condition:\n title: My Role\n description: Grant permissions on my_role\n expression: (resource.type == \"spanner.googleapis.com/DatabaseRole\" \u0026\u0026 (resource.name.endsWith(\"/myrole\")))\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Database resource in question. For example:\n\n* `{{project}}/{{instance}}/{{database}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}/{{database}}\n\n to = google_spanner_database_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/databaseIAMPolicy:DatabaseIAMPolicy default {{project}}/{{instance}}/{{database}}\n```\n\n", "properties": { "database": { "type": "string", @@ -222152,7 +222680,7 @@ }, "instance": { "type": "string", - "description": "The name of the Spanner instance the database belongs to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name of the Spanner instance the database belongs to.\n" }, "policyData": { "type": "string", @@ -222178,7 +222706,7 @@ }, "instance": { "type": "string", - "description": "The name of the Spanner instance the database belongs to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name of the Spanner instance the database belongs to.\n", "willReplaceOnChanges": true }, "policyData": { @@ -222210,7 +222738,7 @@ }, "instance": { "type": "string", - "description": "The name of the Spanner instance the database belongs to.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name of the Spanner instance the database belongs to.\n", "willReplaceOnChanges": true }, "policyData": { @@ -222418,7 +222946,7 @@ } }, "gcp:spanner/instanceIAMBinding:InstanceIAMBinding": { - "description": "Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:\n\n* `gcp.spanner.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your instance using `gcp.spanner.InstanceIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.spanner.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.InstanceIAMBinding` and `gcp.spanner.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.spanner.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_spanner\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Instances resource . For example:\n\n* `{{project}}/{{instance}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}\n\n to = google_spanner_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/instanceIAMBinding:InstanceIAMBinding default {{project}}/{{instance}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:\n\n* `gcp.spanner.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your instance using `gcp.spanner.InstanceIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.spanner.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.InstanceIAMBinding` and `gcp.spanner.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.spanner.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_spanner\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Instances resource . For example:\n\n* `{{project}}/{{instance}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}\n\n to = google_spanner_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/instanceIAMBinding:InstanceIAMBinding default {{project}}/{{instance}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:spanner/InstanceIAMBindingCondition:InstanceIAMBindingCondition" @@ -222429,13 +222957,14 @@ }, "instance": { "type": "string", - "description": "The name of the instance.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name of the instance.\n" }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -222460,14 +222989,15 @@ }, "instance": { "type": "string", - "description": "The name of the instance.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name of the instance.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -222498,14 +223028,15 @@ }, "instance": { "type": "string", - "description": "The name of the instance.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name of the instance.\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -222522,7 +223053,7 @@ } }, "gcp:spanner/instanceIAMMember:InstanceIAMMember": { - "description": "Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:\n\n* `gcp.spanner.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your instance using `gcp.spanner.InstanceIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.spanner.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.InstanceIAMBinding` and `gcp.spanner.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.spanner.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_spanner\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Instances resource . For example:\n\n* `{{project}}/{{instance}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}\n\n to = google_spanner_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/instanceIAMMember:InstanceIAMMember default {{project}}/{{instance}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:\n\n* `gcp.spanner.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your instance using `gcp.spanner.InstanceIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.spanner.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.InstanceIAMBinding` and `gcp.spanner.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.spanner.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_spanner\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Instances resource . For example:\n\n* `{{project}}/{{instance}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}\n\n to = google_spanner_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/instanceIAMMember:InstanceIAMMember default {{project}}/{{instance}}\n```\n\n", "properties": { "condition": { "$ref": "#/types/gcp:spanner/InstanceIAMMemberCondition:InstanceIAMMemberCondition" @@ -222533,10 +223064,11 @@ }, "instance": { "type": "string", - "description": "The name of the instance.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name of the instance.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" }, "project": { "type": "string", @@ -222561,11 +223093,12 @@ }, "instance": { "type": "string", - "description": "The name of the instance.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name of the instance.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -222597,11 +223130,12 @@ }, "instance": { "type": "string", - "description": "The name of the instance.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name of the instance.\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", "willReplaceOnChanges": true }, "project": { @@ -222619,7 +223153,7 @@ } }, "gcp:spanner/instanceIAMPolicy:InstanceIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:\n\n* `gcp.spanner.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your instance using `gcp.spanner.InstanceIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.spanner.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.InstanceIAMBinding` and `gcp.spanner.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.spanner.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_spanner\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Instances resource . For example:\n\n* `{{project}}/{{instance}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}\n\n to = google_spanner_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/instanceIAMPolicy:InstanceIAMPolicy default {{project}}/{{instance}}\n```\n\n", + "description": "Three different resources help you manage your IAM policy for a Spanner instance. Each of these resources serves a different use case:\n\n* `gcp.spanner.InstanceIAMPolicy`: Authoritative. Sets the IAM policy for the instance and replaces any existing policy already attached.\n\n\u003e **Warning:** It's entirely possibly to lock yourself out of your instance using `gcp.spanner.InstanceIAMPolicy`. Any permissions granted by default will be removed unless you include them in your config.\n\n* `gcp.spanner.InstanceIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the instance are preserved.\n* `gcp.spanner.InstanceIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the instance are preserved.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMPolicy` **cannot** be used in conjunction with `gcp.spanner.InstanceIAMBinding` and `gcp.spanner.InstanceIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.spanner.InstanceIAMBinding` resources **can be** used in conjunction with `gcp.spanner.InstanceIAMMember` resources **only if** they do not grant privilege to the same role.\n\n## google\\_spanner\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/editor\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst instance = new gcp.spanner.InstanceIAMPolicy(\"instance\", {\n instance: \"your-instance-name\",\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/editor\",\n members=[\"user:jane@example.com\"],\n)])\ninstance = gcp.spanner.InstanceIAMPolicy(\"instance\",\n instance=\"your-instance-name\",\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/editor\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var instance = new Gcp.Spanner.InstanceIAMPolicy(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/editor\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = spanner.NewInstanceIAMPolicy(ctx, \"instance\", \u0026spanner.InstanceIAMPolicyArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicy;\nimport com.pulumi.gcp.spanner.InstanceIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/editor\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var instance = new InstanceIAMPolicy(\"instance\", InstanceIAMPolicyArgs.builder() \n .instance(\"your-instance-name\")\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMPolicy\n properties:\n instance: your-instance-name\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/editor\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMBinding(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMBinding(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMBinding(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMBinding(ctx, \"instance\", \u0026spanner.InstanceIAMBindingArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMBinding;\nimport com.pulumi.gcp.spanner.InstanceIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMBinding(\"instance\", InstanceIAMBindingArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMBinding\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_spanner\\_instance\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst instance = new gcp.spanner.InstanceIAMMember(\"instance\", {\n instance: \"your-instance-name\",\n role: \"roles/spanner.databaseAdmin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\ninstance = gcp.spanner.InstanceIAMMember(\"instance\",\n instance=\"your-instance-name\",\n role=\"roles/spanner.databaseAdmin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instance = new Gcp.Spanner.InstanceIAMMember(\"instance\", new()\n {\n Instance = \"your-instance-name\",\n Role = \"roles/spanner.databaseAdmin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := spanner.NewInstanceIAMMember(ctx, \"instance\", \u0026spanner.InstanceIAMMemberArgs{\n\t\t\tInstance: pulumi.String(\"your-instance-name\"),\n\t\t\tRole: pulumi.String(\"roles/spanner.databaseAdmin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.spanner.InstanceIAMMember;\nimport com.pulumi.gcp.spanner.InstanceIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var instance = new InstanceIAMMember(\"instance\", InstanceIAMMemberArgs.builder() \n .instance(\"your-instance-name\")\n .role(\"roles/spanner.databaseAdmin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: gcp:spanner:InstanceIAMMember\n properties:\n instance: your-instance-name\n role: roles/spanner.databaseAdmin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\n### Importing IAM policies\n\nIAM policy imports use the identifier of the Spanner Instances resource . For example:\n\n* `{{project}}/{{instance}}`\n\nAn `import` block (Terraform v1.5.0 and later) can be used to import IAM policies:\n\ntf\n\nimport {\n\n id = {{project}}/{{instance}}\n\n to = google_spanner_instance_iam_policy.default\n\n}\n\nThe `pulumi import` command can also be used:\n\n```sh\n$ pulumi import gcp:spanner/instanceIAMPolicy:InstanceIAMPolicy default {{project}}/{{instance}}\n```\n\n", "properties": { "etag": { "type": "string", @@ -222627,7 +223161,7 @@ }, "instance": { "type": "string", - "description": "The name of the instance.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n" + "description": "The name of the instance.\n" }, "policyData": { "type": "string", @@ -222647,7 +223181,7 @@ "inputProperties": { "instance": { "type": "string", - "description": "The name of the instance.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name of the instance.\n", "willReplaceOnChanges": true }, "policyData": { @@ -222673,7 +223207,7 @@ }, "instance": { "type": "string", - "description": "The name of the instance.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n", + "description": "The name of the instance.\n", "willReplaceOnChanges": true }, "policyData": { @@ -224141,11 +224675,11 @@ } }, "gcp:storage/bucketIAMBinding:BucketIAMBinding": { - "description": "Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_storage\\_bucket\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.storage.BucketIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.storage.BucketIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor \"b/{{bucket}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor \"b/{{bucket}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor b/{{bucket}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_storage\\_bucket\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.storage.BucketIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.storage.BucketIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_storage\\_bucket\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.storage.BucketIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.storage.BucketIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor \"b/{{bucket}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor \"b/{{bucket}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMBinding:BucketIAMBinding editor b/{{bucket}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "condition": { "$ref": "#/types/gcp:storage/BucketIAMBindingCondition:BucketIAMBindingCondition", @@ -224159,7 +224693,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -224175,7 +224710,7 @@ "inputProperties": { "bucket": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "condition": { @@ -224187,7 +224722,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -224205,7 +224741,7 @@ "properties": { "bucket": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "condition": { @@ -224221,7 +224757,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -224233,11 +224770,11 @@ } }, "gcp:storage/bucketIAMMember:BucketIAMMember": { - "description": "Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_storage\\_bucket\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.storage.BucketIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.storage.BucketIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMMember:BucketIAMMember editor \"b/{{bucket}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMMember:BucketIAMMember editor \"b/{{bucket}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMMember:BucketIAMMember editor b/{{bucket}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_storage\\_bucket\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.storage.BucketIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.storage.BucketIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_storage\\_bucket\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.storage.BucketIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.storage.BucketIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMMember:BucketIAMMember editor \"b/{{bucket}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMMember:BucketIAMMember editor \"b/{{bucket}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMMember:BucketIAMMember editor b/{{bucket}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "condition": { "$ref": "#/types/gcp:storage/BucketIAMMemberCondition:BucketIAMMemberCondition", @@ -224248,7 +224785,8 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -224264,7 +224802,7 @@ "inputProperties": { "bucket": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "condition": { @@ -224274,6 +224812,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -224292,7 +224831,7 @@ "properties": { "bucket": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "condition": { @@ -224306,6 +224845,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -224318,11 +224858,11 @@ } }, "gcp:storage/bucketIAMPolicy:BucketIAMPolicy": { - "description": "Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_storage\\_bucket\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.storage.BucketIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.storage.BucketIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMPolicy:BucketIAMPolicy editor \"b/{{bucket}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMPolicy:BucketIAMPolicy editor \"b/{{bucket}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMPolicy:BucketIAMPolicy editor b/{{bucket}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Cloud Storage Bucket. Each of these resources serves a different use case:\n\n* `gcp.storage.BucketIAMPolicy`: Authoritative. Sets the IAM policy for the bucket and replaces any existing policy already attached.\n* `gcp.storage.BucketIAMBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the bucket are preserved.\n* `gcp.storage.BucketIAMMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the bucket are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.storage.BucketIAMPolicy`: Retrieves the IAM policy for the bucket\n\n\u003e **Note:** `gcp.storage.BucketIAMPolicy` **cannot** be used in conjunction with `gcp.storage.BucketIAMBinding` and `gcp.storage.BucketIAMMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.storage.BucketIAMBinding` resources **can be** used in conjunction with `gcp.storage.BucketIAMMember` resources **only if** they do not grant privilege to the same role.\n\n\u003e **Note:** This resource supports IAM Conditions but they have some known limitations which can be found [here](https://cloud.google.com/iam/docs/conditions-overview#limitations). Please review this article if you are having issues with IAM Conditions.\n\n\n\n## google\\_storage\\_bucket\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.storage.BucketIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.storage.BucketIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_storage\\_bucket\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n }],\n});\nconst policy = new gcp.storage.BucketIAMPolicy(\"policy\", {\n bucket: _default.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.organizations.GetIAMPolicyBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ),\n)])\npolicy = gcp.storage.BucketIAMPolicy(\"policy\",\n bucket=default[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n },\n },\n });\n\n var policy = new Gcp.Storage.BucketIAMPolicy(\"policy\", new()\n {\n Bucket = @default.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/storage.admin\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t\tCondition: {\n\t\t\t\t\t\tTitle: \"expires_after_2019_12_31\",\n\t\t\t\t\t\tDescription: pulumi.StringRef(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\t\t\tExpression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = storage.NewBucketIAMPolicy(ctx, \"policy\", \u0026storage.BucketIAMPolicyArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.storage.BucketIAMPolicy;\nimport com.pulumi.gcp.storage.BucketIAMPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(GetIAMPolicyBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build())\n .build());\n\n var policy = new BucketIAMPolicy(\"policy\", BucketIAMPolicyArgs.builder() \n .bucket(default_.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:storage:BucketIAMPolicy\n properties:\n bucket: ${default.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.storage.BucketIAMBinding(\"binding\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n members: [\"user:jane@example.com\"],\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.storage.BucketIAMBinding(\"binding\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n members=[\"user:jane@example.com\"],\n condition=gcp.storage.BucketIAMBindingConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Storage.BucketIAMBinding(\"binding\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMBinding(ctx, \"binding\", \u0026storage.BucketIAMBindingArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t\tCondition: \u0026storage.BucketIAMBindingConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMBinding;\nimport com.pulumi.gcp.storage.BucketIAMBindingArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new BucketIAMBinding(\"binding\", BucketIAMBindingArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .members(\"user:jane@example.com\")\n .condition(BucketIAMBindingConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:storage:BucketIAMBinding\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n members:\n - user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n## google\\_storage\\_bucket\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\nWith IAM Conditions:\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.storage.BucketIAMMember(\"member\", {\n bucket: _default.name,\n role: \"roles/storage.admin\",\n member: \"user:jane@example.com\",\n condition: {\n title: \"expires_after_2019_12_31\",\n description: \"Expiring at midnight of 2019-12-31\",\n expression: \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.storage.BucketIAMMember(\"member\",\n bucket=default[\"name\"],\n role=\"roles/storage.admin\",\n member=\"user:jane@example.com\",\n condition=gcp.storage.BucketIAMMemberConditionArgs(\n title=\"expires_after_2019_12_31\",\n description=\"Expiring at midnight of 2019-12-31\",\n expression=\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n ))\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Storage.BucketIAMMember(\"member\", new()\n {\n Bucket = @default.Name,\n Role = \"roles/storage.admin\",\n Member = \"user:jane@example.com\",\n Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs\n {\n Title = \"expires_after_2019_12_31\",\n Description = \"Expiring at midnight of 2019-12-31\",\n Expression = \"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := storage.NewBucketIAMMember(ctx, \"member\", \u0026storage.BucketIAMMemberArgs{\n\t\t\tBucket: pulumi.Any(_default.Name),\n\t\t\tRole: pulumi.String(\"roles/storage.admin\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t\tCondition: \u0026storage.BucketIAMMemberConditionArgs{\n\t\t\t\tTitle: pulumi.String(\"expires_after_2019_12_31\"),\n\t\t\t\tDescription: pulumi.String(\"Expiring at midnight of 2019-12-31\"),\n\t\t\t\tExpression: pulumi.String(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.storage.BucketIAMMember;\nimport com.pulumi.gcp.storage.BucketIAMMemberArgs;\nimport com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new BucketIAMMember(\"member\", BucketIAMMemberArgs.builder() \n .bucket(default_.name())\n .role(\"roles/storage.admin\")\n .member(\"user:jane@example.com\")\n .condition(BucketIAMMemberConditionArgs.builder()\n .title(\"expires_after_2019_12_31\")\n .description(\"Expiring at midnight of 2019-12-31\")\n .expression(\"request.time \u003c timestamp(\\\"2020-01-01T00:00:00Z\\\")\")\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:storage:BucketIAMMember\n properties:\n bucket: ${default.name}\n role: roles/storage.admin\n member: user:jane@example.com\n condition:\n title: expires_after_2019_12_31\n description: Expiring at midnight of 2019-12-31\n expression: request.time \u003c timestamp(\"2020-01-01T00:00:00Z\")\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* b/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nCloud Storage bucket IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMPolicy:BucketIAMPolicy editor \"b/{{bucket}} roles/storage.objectViewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMPolicy:BucketIAMPolicy editor \"b/{{bucket}} roles/storage.objectViewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:storage/bucketIAMPolicy:BucketIAMPolicy editor b/{{bucket}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "bucket": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" }, "etag": { "type": "string", @@ -224341,7 +224881,7 @@ "inputProperties": { "bucket": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "policyData": { @@ -224358,7 +224898,7 @@ "properties": { "bucket": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "etag": { @@ -225907,7 +226447,7 @@ } }, "gcp:tags/tagKeyIamBinding:TagKeyIamBinding": { - "description": "Three different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_tags\\_tag\\_key\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder() \n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagKeys/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagkey IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamBinding:TagKeyIamBinding editor \"tagKeys/{{tag_key}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamBinding:TagKeyIamBinding editor \"tagKeys/{{tag_key}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamBinding:TagKeyIamBinding editor tagKeys/{{tag_key}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_tags\\_tag\\_key\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder() \n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_tags\\_tag\\_key\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder() \n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagKeys/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagkey IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamBinding:TagKeyIamBinding editor \"tagKeys/{{tag_key}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamBinding:TagKeyIamBinding editor \"tagKeys/{{tag_key}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamBinding:TagKeyIamBinding editor tagKeys/{{tag_key}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:tags/TagKeyIamBindingCondition:TagKeyIamBindingCondition" @@ -225920,7 +226460,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -225928,7 +226469,7 @@ }, "tagKey": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" } }, "required": [ @@ -225946,7 +226487,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -225955,7 +226497,7 @@ }, "tagKey": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -225979,7 +226521,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -225988,7 +226531,7 @@ }, "tagKey": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -225996,7 +226539,7 @@ } }, "gcp:tags/tagKeyIamMember:TagKeyIamMember": { - "description": "Three different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_tags\\_tag\\_key\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder() \n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagKeys/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagkey IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamMember:TagKeyIamMember editor \"tagKeys/{{tag_key}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamMember:TagKeyIamMember editor \"tagKeys/{{tag_key}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamMember:TagKeyIamMember editor tagKeys/{{tag_key}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_tags\\_tag\\_key\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder() \n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_tags\\_tag\\_key\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder() \n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagKeys/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagkey IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamMember:TagKeyIamMember editor \"tagKeys/{{tag_key}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamMember:TagKeyIamMember editor \"tagKeys/{{tag_key}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamMember:TagKeyIamMember editor tagKeys/{{tag_key}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:tags/TagKeyIamMemberCondition:TagKeyIamMemberCondition" @@ -226006,7 +226549,8 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -226014,7 +226558,7 @@ }, "tagKey": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" } }, "required": [ @@ -226030,6 +226574,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -226039,7 +226584,7 @@ }, "tagKey": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -226061,6 +226606,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -226070,7 +226616,7 @@ }, "tagKey": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -226078,7 +226624,7 @@ } }, "gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_tags\\_tag\\_key\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder() \n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagKeys/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagkey IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy editor \"tagKeys/{{tag_key}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy editor \"tagKeys/{{tag_key}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy editor tagKeys/{{tag_key}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Tags TagKey. Each of these resources serves a different use case:\n\n* `gcp.tags.TagKeyIamPolicy`: Authoritative. Sets the IAM policy for the tagkey and replaces any existing policy already attached.\n* `gcp.tags.TagKeyIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagkey are preserved.\n* `gcp.tags.TagKeyIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagkey are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagKeyIamPolicy`: Retrieves the IAM policy for the tagkey\n\n\u003e **Note:** `gcp.tags.TagKeyIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagKeyIamBinding` and `gcp.tags.TagKeyIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagKeyIamBinding` resources **can be** used in conjunction with `gcp.tags.TagKeyIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_tags\\_tag\\_key\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder() \n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_tags\\_tag\\_key\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagKeyIamPolicy(\"policy\", {\n tagKey: key.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagKeyIamPolicy(\"policy\",\n tag_key=key[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagKeyIamPolicy(\"policy\", new()\n {\n TagKey = key.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagKeyIamPolicy(ctx, \"policy\", \u0026tags.TagKeyIamPolicyArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagKeyIamPolicy;\nimport com.pulumi.gcp.tags.TagKeyIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagKeyIamPolicy(\"policy\", TagKeyIamPolicyArgs.builder() \n .tagKey(key.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagKeyIamPolicy\n properties:\n tagKey: ${key.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagKeyIamBinding(\"binding\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagKeyIamBinding(\"binding\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagKeyIamBinding(\"binding\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamBinding(ctx, \"binding\", \u0026tags.TagKeyIamBindingArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamBinding;\nimport com.pulumi.gcp.tags.TagKeyIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagKeyIamBinding(\"binding\", TagKeyIamBindingArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagKeyIamBinding\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_key\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagKeyIamMember(\"member\", {\n tagKey: key.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagKeyIamMember(\"member\",\n tag_key=key[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagKeyIamMember(\"member\", new()\n {\n TagKey = key.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagKeyIamMember(ctx, \"member\", \u0026tags.TagKeyIamMemberArgs{\n\t\t\tTagKey: pulumi.Any(key.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagKeyIamMember;\nimport com.pulumi.gcp.tags.TagKeyIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagKeyIamMember(\"member\", TagKeyIamMemberArgs.builder() \n .tagKey(key.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagKeyIamMember\n properties:\n tagKey: ${key.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagKeys/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagkey IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy editor \"tagKeys/{{tag_key}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy editor \"tagKeys/{{tag_key}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagKeyIamPolicy:TagKeyIamPolicy editor tagKeys/{{tag_key}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -226090,7 +226636,7 @@ }, "tagKey": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" } }, "required": [ @@ -226105,7 +226651,7 @@ }, "tagKey": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -226126,7 +226672,7 @@ }, "tagKey": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -226231,7 +226777,7 @@ } }, "gcp:tags/tagValueIamBinding:TagValueIamBinding": { - "description": "Three different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_tags\\_tag\\_value\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder() \n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagValues/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagvalue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamBinding:TagValueIamBinding editor \"tagValues/{{tag_value}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamBinding:TagValueIamBinding editor \"tagValues/{{tag_value}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamBinding:TagValueIamBinding editor tagValues/{{tag_value}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_tags\\_tag\\_value\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder() \n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_tags\\_tag\\_value\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder() \n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagValues/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagvalue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamBinding:TagValueIamBinding editor \"tagValues/{{tag_value}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamBinding:TagValueIamBinding editor \"tagValues/{{tag_value}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamBinding:TagValueIamBinding editor tagValues/{{tag_value}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:tags/TagValueIamBindingCondition:TagValueIamBindingCondition" @@ -226244,7 +226790,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -226252,7 +226799,7 @@ }, "tagValue": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" } }, "required": [ @@ -226270,7 +226817,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -226279,7 +226827,7 @@ }, "tagValue": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -226303,7 +226851,8 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -226312,7 +226861,7 @@ }, "tagValue": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -226320,7 +226869,7 @@ } }, "gcp:tags/tagValueIamMember:TagValueIamMember": { - "description": "Three different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_tags\\_tag\\_value\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder() \n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagValues/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagvalue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamMember:TagValueIamMember editor \"tagValues/{{tag_value}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamMember:TagValueIamMember editor \"tagValues/{{tag_value}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamMember:TagValueIamMember editor tagValues/{{tag_value}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_tags\\_tag\\_value\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder() \n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_tags\\_tag\\_value\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder() \n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagValues/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagvalue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamMember:TagValueIamMember editor \"tagValues/{{tag_value}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamMember:TagValueIamMember editor \"tagValues/{{tag_value}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamMember:TagValueIamMember editor tagValues/{{tag_value}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "condition": { "$ref": "#/types/gcp:tags/TagValueIamMemberCondition:TagValueIamMemberCondition" @@ -226330,7 +226879,8 @@ "description": "(Computed) The etag of the IAM policy.\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -226338,7 +226888,7 @@ }, "tagValue": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" } }, "required": [ @@ -226354,6 +226904,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -226363,7 +226914,7 @@ }, "tagValue": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -226385,6 +226936,7 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -226394,7 +226946,7 @@ }, "tagValue": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -226402,7 +226954,7 @@ } }, "gcp:tags/tagValueIamPolicy:TagValueIamPolicy": { - "description": "Three different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_tags\\_tag\\_value\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder() \n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagValues/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagvalue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamPolicy:TagValueIamPolicy editor \"tagValues/{{tag_value}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamPolicy:TagValueIamPolicy editor \"tagValues/{{tag_value}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamPolicy:TagValueIamPolicy editor tagValues/{{tag_value}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", + "description": "Three different resources help you manage your IAM policy for Tags TagValue. Each of these resources serves a different use case:\n\n* `gcp.tags.TagValueIamPolicy`: Authoritative. Sets the IAM policy for the tagvalue and replaces any existing policy already attached.\n* `gcp.tags.TagValueIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the tagvalue are preserved.\n* `gcp.tags.TagValueIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the tagvalue are preserved.\n\nA data source can be used to retrieve policy data in advent you do not need creation\n\n* `gcp.tags.TagValueIamPolicy`: Retrieves the IAM policy for the tagvalue\n\n\u003e **Note:** `gcp.tags.TagValueIamPolicy` **cannot** be used in conjunction with `gcp.tags.TagValueIamBinding` and `gcp.tags.TagValueIamMember` or they will fight over what your policy should be.\n\n\u003e **Note:** `gcp.tags.TagValueIamBinding` resources **can be** used in conjunction with `gcp.tags.TagValueIamMember` resources **only if** they do not grant privilege to the same role.\n\n\n\n\n## google\\_tags\\_tag\\_value\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder() \n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n\n## google\\_tags\\_tag\\_value\\_iam\\_policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst admin = gcp.organizations.getIAMPolicy({\n bindings: [{\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n }],\n});\nconst policy = new gcp.tags.TagValueIamPolicy(\"policy\", {\n tagValue: value.name,\n policyData: admin.then(admin =\u003e admin.policyData),\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nadmin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs(\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"],\n)])\npolicy = gcp.tags.TagValueIamPolicy(\"policy\",\n tag_value=value[\"name\"],\n policy_data=admin.policy_data)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new()\n {\n Bindings = new[]\n {\n new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs\n {\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n },\n },\n });\n\n var policy = new Gcp.Tags.TagValueIamPolicy(\"policy\", new()\n {\n TagValue = @value.Name,\n PolicyData = admin.Apply(getIAMPolicyResult =\u003e getIAMPolicyResult.PolicyData),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations\"\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tadmin, err := organizations.LookupIAMPolicy(ctx, \u0026organizations.LookupIAMPolicyArgs{\n\t\t\tBindings: []organizations.GetIAMPolicyBinding{\n\t\t\t\t{\n\t\t\t\t\tRole: \"roles/viewer\",\n\t\t\t\t\tMembers: []string{\n\t\t\t\t\t\t\"user:jane@example.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = tags.NewTagValueIamPolicy(ctx, \"policy\", \u0026tags.TagValueIamPolicyArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tPolicyData: pulumi.String(admin.PolicyData),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.organizations.OrganizationsFunctions;\nimport com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs;\nimport com.pulumi.gcp.tags.TagValueIamPolicy;\nimport com.pulumi.gcp.tags.TagValueIamPolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder()\n .bindings(GetIAMPolicyBindingArgs.builder()\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build())\n .build());\n\n var policy = new TagValueIamPolicy(\"policy\", TagValueIamPolicyArgs.builder() \n .tagValue(value.name())\n .policyData(admin.applyValue(getIAMPolicyResult -\u003e getIAMPolicyResult.policyData()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n policy:\n type: gcp:tags:TagValueIamPolicy\n properties:\n tagValue: ${value.name}\n policyData: ${admin.policyData}\nvariables:\n admin:\n fn::invoke:\n Function: gcp:organizations:getIAMPolicy\n Arguments:\n bindings:\n - role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_binding\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst binding = new gcp.tags.TagValueIamBinding(\"binding\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n members: [\"user:jane@example.com\"],\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nbinding = gcp.tags.TagValueIamBinding(\"binding\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n members=[\"user:jane@example.com\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var binding = new Gcp.Tags.TagValueIamBinding(\"binding\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Members = new[]\n {\n \"user:jane@example.com\",\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamBinding(ctx, \"binding\", \u0026tags.TagValueIamBindingArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMembers: pulumi.StringArray{\n\t\t\t\tpulumi.String(\"user:jane@example.com\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamBinding;\nimport com.pulumi.gcp.tags.TagValueIamBindingArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var binding = new TagValueIamBinding(\"binding\", TagValueIamBindingArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .members(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n binding:\n type: gcp:tags:TagValueIamBinding\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n members:\n - user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## google\\_tags\\_tag\\_value\\_iam\\_member\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as gcp from \"@pulumi/gcp\";\n\nconst member = new gcp.tags.TagValueIamMember(\"member\", {\n tagValue: value.name,\n role: \"roles/viewer\",\n member: \"user:jane@example.com\",\n});\n```\n```python\nimport pulumi\nimport pulumi_gcp as gcp\n\nmember = gcp.tags.TagValueIamMember(\"member\",\n tag_value=value[\"name\"],\n role=\"roles/viewer\",\n member=\"user:jane@example.com\")\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Gcp = Pulumi.Gcp;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var member = new Gcp.Tags.TagValueIamMember(\"member\", new()\n {\n TagValue = @value.Name,\n Role = \"roles/viewer\",\n Member = \"user:jane@example.com\",\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := tags.NewTagValueIamMember(ctx, \"member\", \u0026tags.TagValueIamMemberArgs{\n\t\t\tTagValue: pulumi.Any(value.Name),\n\t\t\tRole: pulumi.String(\"roles/viewer\"),\n\t\t\tMember: pulumi.String(\"user:jane@example.com\"),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.gcp.tags.TagValueIamMember;\nimport com.pulumi.gcp.tags.TagValueIamMemberArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var member = new TagValueIamMember(\"member\", TagValueIamMemberArgs.builder() \n .tagValue(value.name())\n .role(\"roles/viewer\")\n .member(\"user:jane@example.com\")\n .build());\n\n }\n}\n```\n```yaml\nresources:\n member:\n type: gcp:tags:TagValueIamMember\n properties:\n tagValue: ${value.name}\n role: roles/viewer\n member: user:jane@example.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nFor all import syntaxes, the \"resource in question\" can take any of the following forms:\n\n* tagValues/{{name}}\n\n* {{name}}\n\nAny variables not passed in the import command will be taken from the provider configuration.\n\nTags tagvalue IAM resources can be imported using the resource identifiers, role, and member.\n\nIAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamPolicy:TagValueIamPolicy editor \"tagValues/{{tag_value}} roles/viewer user:jane@example.com\"\n```\n\nIAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamPolicy:TagValueIamPolicy editor \"tagValues/{{tag_value}} roles/viewer\"\n```\n\nIAM policy imports use the identifier of the resource in question, e.g.\n\n```sh\n$ pulumi import gcp:tags/tagValueIamPolicy:TagValueIamPolicy editor tagValues/{{tag_value}}\n```\n\n-\u003e **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the\n\n full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.\n\n", "properties": { "etag": { "type": "string", @@ -226414,7 +226966,7 @@ }, "tagValue": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "Used to find the parent resource to bind the IAM policy to\n" } }, "required": [ @@ -226429,7 +226981,7 @@ }, "tagValue": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -226450,7 +227002,7 @@ }, "tagValue": { "type": "string", - "description": "Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true } }, @@ -229162,13 +229714,14 @@ }, "featurestore": { "type": "string", - "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n" }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -229194,14 +229747,15 @@ }, "featurestore": { "type": "string", - "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -229233,14 +229787,15 @@ }, "featurestore": { "type": "string", - "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "members": { "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -229267,10 +229822,11 @@ }, "featurestore": { "type": "string", - "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "role": { "type": "string", @@ -229296,11 +229852,12 @@ }, "featurestore": { "type": "string", - "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -229333,11 +229890,12 @@ }, "featurestore": { "type": "string", - "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "role": { @@ -229362,7 +229920,7 @@ }, "featurestore": { "type": "string", - "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n" }, "policyData": { "type": "string", @@ -229383,7 +229941,7 @@ }, "featurestore": { "type": "string", - "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "policyData": { @@ -229410,7 +229968,7 @@ }, "featurestore": { "type": "string", - "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to\n", "willReplaceOnChanges": true }, "policyData": { @@ -229439,11 +229997,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -229476,11 +230035,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -229519,11 +230079,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -229555,11 +230116,12 @@ "description": "Used to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -229590,11 +230152,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -229631,11 +230194,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -229669,7 +230233,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "region": { "type": "string", @@ -229695,7 +230259,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -229726,7 +230290,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "region": { @@ -233755,11 +234319,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -233795,11 +234360,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -233842,11 +234408,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -233881,11 +234448,12 @@ "description": "The location where the workstation cluster config should reside.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -233919,11 +234487,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -233964,11 +234533,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -234005,7 +234575,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "workstationClusterId": { "type": "string" @@ -234034,7 +234604,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "workstationClusterId": { @@ -234069,7 +234639,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "workstationClusterId": { @@ -234102,11 +234672,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -234146,11 +234717,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -234198,11 +234770,12 @@ "type": "array", "items": { "type": "string" - } + }, + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -234241,11 +234814,12 @@ "description": "The location where the workstation parent resources reside.\nUsed to find the parent resource to bind the IAM policy to\n" }, "member": { - "type": "string" + "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "role": { "type": "string", @@ -234283,11 +234857,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -234333,11 +234908,12 @@ }, "member": { "type": "string", + "description": "Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", "willReplaceOnChanges": true }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "role": { @@ -234378,7 +234954,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n" + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n" }, "workstationClusterId": { "type": "string" @@ -234411,7 +234987,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "workstationClusterId": { @@ -234451,7 +235027,7 @@ }, "project": { "type": "string", - "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n\n* `member/members` - (Required) Identities that will be granted the privilege in `role`.\nEach entry can have one of the following values:\n* **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.\n* **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.\n* **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.\n* **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.\n* **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.\n* **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.\n* **projectOwner:projectid**: Owners of the given project. For example, \"projectOwner:my-example-project\"\n* **projectEditor:projectid**: Editors of the given project. For example, \"projectEditor:my-example-project\"\n* **projectViewer:projectid**: Viewers of the given project. For example, \"projectViewer:my-example-project\"\n", + "description": "The ID of the project in which the resource belongs.\nIf it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.\n", "willReplaceOnChanges": true }, "workstationClusterId": { diff --git a/provider/doc_edits.go b/provider/doc_edits.go index dc50441f1c..27b7d26130 100644 --- a/provider/doc_edits.go +++ b/provider/doc_edits.go @@ -14,6 +14,7 @@ func editRules(defaults []tfbridge.DocsEdit) []tfbridge.DocsEdit { removeSecretsInPlainTextNote, removeBetaFromDescriptionField, substituteRandomSuffix, + rewritemembersField, ) } @@ -88,3 +89,26 @@ var substituteRandomSuffix = (func() tfbridge.DocsEdit { }, } })() + +// Docs discovery gets tripped up on `member/members` fields for IAM-type properties and doesn't align the content +// correctly. +var memberRegexp = regexp.MustCompile("`member/members`") + +var rewritemembersField = tfbridge.DocsEdit{ + Path: "*iam.html.markdown", + Edit: func(path string, content []byte) ([]byte, error) { + membersByte := []byte("`members`") + memberByte := []byte("`member`") + var returnContent []byte + membersContent := memberRegexp.ReplaceAllLiteral(content, membersByte) + memberContent := memberRegexp.ReplaceAllLiteral(content, memberByte) + // Because the IamBinding property matches to a `members` field, while the `IAMMember` property matches to a + //`member` field, we need to create content for both `members` and `member` so the bridge can match each. + //The easiest way to do this is to duplicate the content in its entirety, once for `members` and once for + //`member`, and let the bridge figure it out. + // See https://github.com/pulumi/pulumi-gcp/issues/1920 for context. + returnContent = append(returnContent, membersContent...) + returnContent = append(returnContent, memberContent...) + return returnContent, nil + }, +} diff --git a/provider/doc_edits_test.go b/provider/doc_edits_test.go index bdcdd1dc23..3422f45165 100644 --- a/provider/doc_edits_test.go +++ b/provider/doc_edits_test.go @@ -124,3 +124,23 @@ func TestBetaDescription(t *testing.T) { }) } } + +func TestRewriteMembersField(t *testing.T) { + t.Parallel() + tests := []struct{ text, expected string }{ + { + "`member/members` - Identities that will be granted privileges\n", + "`members` - Identities that will be granted privileges\n" + + "`member` - Identities that will be granted privileges\n", + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.text, func(t *testing.T) { + actual, err := rewritemembersField.Edit("doc.md", []byte(tt.text)) + require.NoError(t, err) + assert.Equal(t, tt.expected, string(actual)) + }) + } +} diff --git a/sdk/dotnet/AccessContextManager/AccessPolicyIamBinding.cs b/sdk/dotnet/AccessContextManager/AccessPolicyIamBinding.cs index d61e87767a..f212588b77 100644 --- a/sdk/dotnet/AccessContextManager/AccessPolicyIamBinding.cs +++ b/sdk/dotnet/AccessContextManager/AccessPolicyIamBinding.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.AccessContextManager /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_access\_context\_manager\_access\_policy\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/accesscontextmanager.policyAdmin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy("policy", new() + /// { + /// Name = access_policy.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_access\_context\_manager\_access\_policy\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding("binding", new() + /// { + /// Name = access_policy.Name, + /// Role = "roles/accesscontextmanager.policyAdmin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_access\_context\_manager\_access\_policy\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.AccessContextManager.AccessPolicyIamMember("member", new() + /// { + /// Name = access_policy.Name, + /// Role = "roles/accesscontextmanager.policyAdmin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,13 +236,8 @@ public partial class AccessPolicyIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -171,6 +249,12 @@ public partial class AccessPolicyIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Output("name")] public Output Name { get; private set; } = null!; @@ -233,16 +317,9 @@ public sealed class AccessPolicyIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -254,6 +331,15 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("name")] public Input? Name { get; set; } @@ -284,16 +370,9 @@ public sealed class AccessPolicyIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -305,6 +384,15 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("name")] public Input? Name { get; set; } diff --git a/sdk/dotnet/AccessContextManager/AccessPolicyIamMember.cs b/sdk/dotnet/AccessContextManager/AccessPolicyIamMember.cs index e78363c9c3..6aab2a4484 100644 --- a/sdk/dotnet/AccessContextManager/AccessPolicyIamMember.cs +++ b/sdk/dotnet/AccessContextManager/AccessPolicyIamMember.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.AccessContextManager /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_access\_context\_manager\_access\_policy\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/accesscontextmanager.policyAdmin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy("policy", new() + /// { + /// Name = access_policy.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_access\_context\_manager\_access\_policy\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding("binding", new() + /// { + /// Name = access_policy.Name, + /// Role = "roles/accesscontextmanager.policyAdmin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_access\_context\_manager\_access\_policy\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.AccessContextManager.AccessPolicyIamMember("member", new() + /// { + /// Name = access_policy.Name, + /// Role = "roles/accesscontextmanager.policyAdmin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,13 +236,8 @@ public partial class AccessPolicyIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -171,6 +249,12 @@ public partial class AccessPolicyIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Output("name")] public Output Name { get; private set; } = null!; @@ -231,13 +315,8 @@ public sealed class AccessPolicyIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -249,6 +328,12 @@ public sealed class AccessPolicyIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("name")] public Input? Name { get; set; } @@ -277,13 +362,8 @@ public sealed class AccessPolicyIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +375,12 @@ public sealed class AccessPolicyIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("name")] public Input? Name { get; set; } diff --git a/sdk/dotnet/AccessContextManager/AccessPolicyIamPolicy.cs b/sdk/dotnet/AccessContextManager/AccessPolicyIamPolicy.cs index be98adf5c2..3df5a7bdaf 100644 --- a/sdk/dotnet/AccessContextManager/AccessPolicyIamPolicy.cs +++ b/sdk/dotnet/AccessContextManager/AccessPolicyIamPolicy.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.AccessContextManager /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_access\_context\_manager\_access\_policy\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/accesscontextmanager.policyAdmin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.AccessContextManager.AccessPolicyIamPolicy("policy", new() + /// { + /// Name = access_policy.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_access\_context\_manager\_access\_policy\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.AccessContextManager.AccessPolicyIamBinding("binding", new() + /// { + /// Name = access_policy.Name, + /// Role = "roles/accesscontextmanager.policyAdmin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_access\_context\_manager\_access\_policy\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.AccessContextManager.AccessPolicyIamMember("member", new() + /// { + /// Name = access_policy.Name, + /// Role = "roles/accesscontextmanager.policyAdmin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,18 +235,6 @@ public partial class AccessPolicyIamPolicy : global::Pulumi.CustomResource /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("name")] public Output Name { get; private set; } = null!; @@ -223,18 +294,6 @@ public sealed class AccessPolicyIamPolicyArgs : global::Pulumi.ResourceArgs { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("name")] public Input? Name { get; set; } @@ -262,18 +321,6 @@ public sealed class AccessPolicyIamPolicyState : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("name")] public Input? Name { get; set; } diff --git a/sdk/dotnet/ApiGateway/ApiConfigIamBinding.cs b/sdk/dotnet/ApiGateway/ApiConfigIamBinding.cs index c38e2a72b7..9d94562789 100644 --- a/sdk/dotnet/ApiGateway/ApiConfigIamBinding.cs +++ b/sdk/dotnet/ApiGateway/ApiConfigIamBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.ApiGateway /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_api\_gateway\_api\_config\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ApiGateway.ApiConfigIamPolicy("policy", new() + /// { + /// Api = apiCfg.Api, + /// ApiConfig = apiCfg.ApiConfigId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_api\_config\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ApiGateway.ApiConfigIamBinding("binding", new() + /// { + /// Api = apiCfg.Api, + /// ApiConfig = apiCfg.ApiConfigId, + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_api\_config\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ApiGateway.ApiConfigIamMember("member", new() + /// { + /// Api = apiCfg.Api, + /// ApiConfig = apiCfg.ApiConfigId, + /// Role = "roles/apigateway.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -170,14 +256,8 @@ public partial class ApiConfigIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -189,6 +269,13 @@ public partial class ApiConfigIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -261,17 +348,9 @@ public sealed class ApiConfigIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -283,6 +362,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -323,17 +412,9 @@ public sealed class ApiConfigIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -345,6 +426,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ApiGateway/ApiConfigIamMember.cs b/sdk/dotnet/ApiGateway/ApiConfigIamMember.cs index b40d993c0f..a0a3a9b991 100644 --- a/sdk/dotnet/ApiGateway/ApiConfigIamMember.cs +++ b/sdk/dotnet/ApiGateway/ApiConfigIamMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.ApiGateway /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_api\_gateway\_api\_config\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ApiGateway.ApiConfigIamPolicy("policy", new() + /// { + /// Api = apiCfg.Api, + /// ApiConfig = apiCfg.ApiConfigId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_api\_config\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ApiGateway.ApiConfigIamBinding("binding", new() + /// { + /// Api = apiCfg.Api, + /// ApiConfig = apiCfg.ApiConfigId, + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_api\_config\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ApiGateway.ApiConfigIamMember("member", new() + /// { + /// Api = apiCfg.Api, + /// ApiConfig = apiCfg.ApiConfigId, + /// Role = "roles/apigateway.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -170,14 +256,8 @@ public partial class ApiConfigIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -189,6 +269,13 @@ public partial class ApiConfigIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -259,14 +346,8 @@ public sealed class ApiConfigIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -278,6 +359,13 @@ public sealed class ApiConfigIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -316,14 +404,8 @@ public sealed class ApiConfigIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -335,6 +417,13 @@ public sealed class ApiConfigIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ApiGateway/ApiConfigIamPolicy.cs b/sdk/dotnet/ApiGateway/ApiConfigIamPolicy.cs index 89bfbf86ad..0c2c7db263 100644 --- a/sdk/dotnet/ApiGateway/ApiConfigIamPolicy.cs +++ b/sdk/dotnet/ApiGateway/ApiConfigIamPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.ApiGateway /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_api\_gateway\_api\_config\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ApiGateway.ApiConfigIamPolicy("policy", new() + /// { + /// Api = apiCfg.Api, + /// ApiConfig = apiCfg.ApiConfigId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_api\_config\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ApiGateway.ApiConfigIamBinding("binding", new() + /// { + /// Api = apiCfg.Api, + /// ApiConfig = apiCfg.ApiConfigId, + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_api\_config\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ApiGateway.ApiConfigIamMember("member", new() + /// { + /// Api = apiCfg.Api, + /// ApiConfig = apiCfg.ApiConfigId, + /// Role = "roles/apigateway.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -177,18 +263,6 @@ public partial class ApiConfigIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -259,18 +333,6 @@ public sealed class ApiConfigIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -309,18 +371,6 @@ public sealed class ApiConfigIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ApiGateway/ApiIamBinding.cs b/sdk/dotnet/ApiGateway/ApiIamBinding.cs index cf5325b9d8..52279c71b0 100644 --- a/sdk/dotnet/ApiGateway/ApiIamBinding.cs +++ b/sdk/dotnet/ApiGateway/ApiIamBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.ApiGateway /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_api\_gateway\_api\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ApiGateway.ApiIamPolicy("policy", new() + /// { + /// Project = api.Project, + /// Api = api.ApiId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_api\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ApiGateway.ApiIamBinding("binding", new() + /// { + /// Project = api.Project, + /// Api = api.ApiId, + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_api\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ApiGateway.ApiIamMember("member", new() + /// { + /// Project = api.Project, + /// Api = api.ApiId, + /// Role = "roles/apigateway.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,14 +247,8 @@ public partial class ApiIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -180,6 +260,13 @@ public partial class ApiIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -245,17 +332,9 @@ public sealed class ApiIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -267,6 +346,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -300,17 +389,9 @@ public sealed class ApiIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -322,6 +403,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ApiGateway/ApiIamMember.cs b/sdk/dotnet/ApiGateway/ApiIamMember.cs index d3f46d8d69..c15fe232df 100644 --- a/sdk/dotnet/ApiGateway/ApiIamMember.cs +++ b/sdk/dotnet/ApiGateway/ApiIamMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.ApiGateway /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_api\_gateway\_api\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ApiGateway.ApiIamPolicy("policy", new() + /// { + /// Project = api.Project, + /// Api = api.ApiId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_api\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ApiGateway.ApiIamBinding("binding", new() + /// { + /// Project = api.Project, + /// Api = api.ApiId, + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_api\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ApiGateway.ApiIamMember("member", new() + /// { + /// Project = api.Project, + /// Api = api.ApiId, + /// Role = "roles/apigateway.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,14 +247,8 @@ public partial class ApiIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -180,6 +260,13 @@ public partial class ApiIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -243,14 +330,8 @@ public sealed class ApiIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -262,6 +343,13 @@ public sealed class ApiIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -293,14 +381,8 @@ public sealed class ApiIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -312,6 +394,13 @@ public sealed class ApiIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ApiGateway/ApiIamPolicy.cs b/sdk/dotnet/ApiGateway/ApiIamPolicy.cs index b8d2054da3..0088c7fa82 100644 --- a/sdk/dotnet/ApiGateway/ApiIamPolicy.cs +++ b/sdk/dotnet/ApiGateway/ApiIamPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.ApiGateway /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_api\_gateway\_api\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ApiGateway.ApiIamPolicy("policy", new() + /// { + /// Project = api.Project, + /// Api = api.ApiId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_api\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ApiGateway.ApiIamBinding("binding", new() + /// { + /// Project = api.Project, + /// Api = api.ApiId, + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_api\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ApiGateway.ApiIamMember("member", new() + /// { + /// Project = api.Project, + /// Api = api.ApiId, + /// Role = "roles/apigateway.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -168,18 +254,6 @@ public partial class ApiIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -243,18 +317,6 @@ public sealed class ApiIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -286,18 +348,6 @@ public sealed class ApiIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ApiGateway/GatewayIamBinding.cs b/sdk/dotnet/ApiGateway/GatewayIamBinding.cs index 8436956ac1..0fcb896864 100644 --- a/sdk/dotnet/ApiGateway/GatewayIamBinding.cs +++ b/sdk/dotnet/ApiGateway/GatewayIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.ApiGateway /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_api\_gateway\_gateway\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ApiGateway.GatewayIamPolicy("policy", new() + /// { + /// Project = apiGw.Project, + /// Region = apiGw.Region, + /// Gateway = apiGw.GatewayId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_gateway\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ApiGateway.GatewayIamBinding("binding", new() + /// { + /// Project = apiGw.Project, + /// Region = apiGw.Region, + /// Gateway = apiGw.GatewayId, + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_gateway\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ApiGateway.GatewayIamMember("member", new() + /// { + /// Project = apiGw.Project, + /// Region = apiGw.Region, + /// Gateway = apiGw.GatewayId, + /// Role = "roles/apigateway.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -166,14 +255,8 @@ public partial class GatewayIamBinding : global::Pulumi.CustomResource [Output("gateway")] public Output Gateway { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -185,6 +268,13 @@ public partial class GatewayIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -259,17 +349,9 @@ public sealed class GatewayIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -281,6 +363,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -323,17 +415,9 @@ public sealed class GatewayIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -345,6 +429,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ApiGateway/GatewayIamMember.cs b/sdk/dotnet/ApiGateway/GatewayIamMember.cs index e73776dbda..2e8d04fde0 100644 --- a/sdk/dotnet/ApiGateway/GatewayIamMember.cs +++ b/sdk/dotnet/ApiGateway/GatewayIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.ApiGateway /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_api\_gateway\_gateway\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ApiGateway.GatewayIamPolicy("policy", new() + /// { + /// Project = apiGw.Project, + /// Region = apiGw.Region, + /// Gateway = apiGw.GatewayId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_gateway\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ApiGateway.GatewayIamBinding("binding", new() + /// { + /// Project = apiGw.Project, + /// Region = apiGw.Region, + /// Gateway = apiGw.GatewayId, + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_gateway\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ApiGateway.GatewayIamMember("member", new() + /// { + /// Project = apiGw.Project, + /// Region = apiGw.Region, + /// Gateway = apiGw.GatewayId, + /// Role = "roles/apigateway.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -166,14 +255,8 @@ public partial class GatewayIamMember : global::Pulumi.CustomResource [Output("gateway")] public Output Gateway { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -185,6 +268,13 @@ public partial class GatewayIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -257,14 +347,8 @@ public sealed class GatewayIamMemberArgs : global::Pulumi.ResourceArgs [Input("gateway", required: true)] public Input Gateway { get; set; } = null!; - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -276,6 +360,13 @@ public sealed class GatewayIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -316,14 +407,8 @@ public sealed class GatewayIamMemberState : global::Pulumi.ResourceArgs [Input("gateway")] public Input? Gateway { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -335,6 +420,13 @@ public sealed class GatewayIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ApiGateway/GatewayIamPolicy.cs b/sdk/dotnet/ApiGateway/GatewayIamPolicy.cs index 0cb87ffa08..daf5d24858 100644 --- a/sdk/dotnet/ApiGateway/GatewayIamPolicy.cs +++ b/sdk/dotnet/ApiGateway/GatewayIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.ApiGateway /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_api\_gateway\_gateway\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ApiGateway.GatewayIamPolicy("policy", new() + /// { + /// Project = apiGw.Project, + /// Region = apiGw.Region, + /// Gateway = apiGw.GatewayId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_gateway\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ApiGateway.GatewayIamBinding("binding", new() + /// { + /// Project = apiGw.Project, + /// Region = apiGw.Region, + /// Gateway = apiGw.GatewayId, + /// Role = "roles/apigateway.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_api\_gateway\_gateway\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ApiGateway.GatewayIamMember("member", new() + /// { + /// Project = apiGw.Project, + /// Region = apiGw.Region, + /// Gateway = apiGw.GatewayId, + /// Role = "roles/apigateway.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -173,18 +262,6 @@ public partial class GatewayIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -257,18 +334,6 @@ public sealed class GatewayIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -309,18 +374,6 @@ public sealed class GatewayIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Apigee/EnvironmentIamBinding.cs b/sdk/dotnet/Apigee/EnvironmentIamBinding.cs index 15a8c91649..a830d47e66 100644 --- a/sdk/dotnet/Apigee/EnvironmentIamBinding.cs +++ b/sdk/dotnet/Apigee/EnvironmentIamBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.Apigee /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_apigee\_environment\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Apigee.EnvironmentIamPolicy("policy", new() + /// { + /// OrgId = apigeeEnvironment.OrgId, + /// EnvId = apigeeEnvironment.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_apigee\_environment\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Apigee.EnvironmentIamBinding("binding", new() + /// { + /// OrgId = apigeeEnvironment.OrgId, + /// EnvId = apigeeEnvironment.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_apigee\_environment\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Apigee.EnvironmentIamMember("member", new() + /// { + /// OrgId = apigeeEnvironment.OrgId, + /// EnvId = apigeeEnvironment.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,8 +238,18 @@ public partial class EnvironmentIamBinding : global::Pulumi.CustomResource /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("envId")] + public Output EnvId { get; private set; } = null!; + + /// + /// (Computed) The etag of the IAM policy. + /// + [Output("etag")] + public Output Etag { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -165,15 +261,6 @@ public partial class EnvironmentIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Output("envId")] - public Output EnvId { get; private set; } = null!; - - /// - /// (Computed) The etag of the IAM policy. - /// - [Output("etag")] - public Output Etag { get; private set; } = null!; - [Output("members")] public Output> Members { get; private set; } = null!; @@ -239,8 +326,15 @@ public sealed class EnvironmentIamBindingArgs : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("envId", required: true)] + public Input EnvId { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -252,11 +346,6 @@ public sealed class EnvironmentIamBindingArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Input("envId", required: true)] - public Input EnvId { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -287,18 +376,6 @@ public sealed class EnvironmentIamBindingState : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("envId")] public Input? EnvId { get; set; } @@ -311,6 +388,20 @@ public sealed class EnvironmentIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Apigee/EnvironmentIamMember.cs b/sdk/dotnet/Apigee/EnvironmentIamMember.cs index b8cc2b0595..cd73d8070d 100644 --- a/sdk/dotnet/Apigee/EnvironmentIamMember.cs +++ b/sdk/dotnet/Apigee/EnvironmentIamMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.Apigee /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_apigee\_environment\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Apigee.EnvironmentIamPolicy("policy", new() + /// { + /// OrgId = apigeeEnvironment.OrgId, + /// EnvId = apigeeEnvironment.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_apigee\_environment\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Apigee.EnvironmentIamBinding("binding", new() + /// { + /// OrgId = apigeeEnvironment.OrgId, + /// EnvId = apigeeEnvironment.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_apigee\_environment\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Apigee.EnvironmentIamMember("member", new() + /// { + /// OrgId = apigeeEnvironment.OrgId, + /// EnvId = apigeeEnvironment.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,8 +238,18 @@ public partial class EnvironmentIamMember : global::Pulumi.CustomResource /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("envId")] + public Output EnvId { get; private set; } = null!; + + /// + /// (Computed) The etag of the IAM policy. + /// + [Output("etag")] + public Output Etag { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -165,15 +261,6 @@ public partial class EnvironmentIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Output("envId")] - public Output EnvId { get; private set; } = null!; - - /// - /// (Computed) The etag of the IAM policy. - /// - [Output("etag")] - public Output Etag { get; private set; } = null!; - [Output("member")] public Output Member { get; private set; } = null!; @@ -239,8 +326,12 @@ public sealed class EnvironmentIamMemberArgs : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("envId", required: true)] + public Input EnvId { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -252,9 +343,6 @@ public sealed class EnvironmentIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Input("envId", required: true)] - public Input EnvId { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -282,8 +370,18 @@ public sealed class EnvironmentIamMemberState : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("envId")] + public Input? EnvId { get; set; } + + /// + /// (Computed) The etag of the IAM policy. + /// + [Input("etag")] + public Input? Etag { get; set; } + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,15 +393,6 @@ public sealed class EnvironmentIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Input("envId")] - public Input? EnvId { get; set; } - - /// - /// (Computed) The etag of the IAM policy. - /// - [Input("etag")] - public Input? Etag { get; set; } - [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Apigee/EnvironmentIamPolicy.cs b/sdk/dotnet/Apigee/EnvironmentIamPolicy.cs index 92273e2e28..773c5b2e6d 100644 --- a/sdk/dotnet/Apigee/EnvironmentIamPolicy.cs +++ b/sdk/dotnet/Apigee/EnvironmentIamPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.Apigee /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_apigee\_environment\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Apigee.EnvironmentIamPolicy("policy", new() + /// { + /// OrgId = apigeeEnvironment.OrgId, + /// EnvId = apigeeEnvironment.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_apigee\_environment\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Apigee.EnvironmentIamBinding("binding", new() + /// { + /// OrgId = apigeeEnvironment.OrgId, + /// EnvId = apigeeEnvironment.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_apigee\_environment\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Apigee.EnvironmentIamMember("member", new() + /// { + /// OrgId = apigeeEnvironment.OrgId, + /// EnvId = apigeeEnvironment.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -149,18 +235,6 @@ public partial class EnvironmentIamPolicy : global::Pulumi.CustomResource { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("envId")] public Output EnvId { get; private set; } = null!; @@ -229,18 +303,6 @@ public sealed class EnvironmentIamPolicyArgs : global::Pulumi.ResourceArgs { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("envId", required: true)] public Input EnvId { get; set; } = null!; @@ -265,18 +327,6 @@ public sealed class EnvironmentIamPolicyState : global::Pulumi.ResourceArgs { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("envId")] public Input? EnvId { get; set; } diff --git a/sdk/dotnet/ArtifactRegistry/RepositoryIamBinding.cs b/sdk/dotnet/ArtifactRegistry/RepositoryIamBinding.cs index 8f64967b3e..324d06060a 100644 --- a/sdk/dotnet/ArtifactRegistry/RepositoryIamBinding.cs +++ b/sdk/dotnet/ArtifactRegistry/RepositoryIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.ArtifactRegistry /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_artifact\_registry\_repository\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/artifactregistry.reader", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy("policy", new() + /// { + /// Project = my_repo.Project, + /// Location = my_repo.Location, + /// Repository = my_repo.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_artifact\_registry\_repository\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding("binding", new() + /// { + /// Project = my_repo.Project, + /// Location = my_repo.Location, + /// Repository = my_repo.Name, + /// Role = "roles/artifactregistry.reader", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_artifact\_registry\_repository\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ArtifactRegistry.RepositoryIamMember("member", new() + /// { + /// Project = my_repo.Project, + /// Location = my_repo.Location, + /// Repository = my_repo.Name, + /// Role = "roles/artifactregistry.reader", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -170,14 +259,8 @@ public partial class RepositoryIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -189,6 +272,13 @@ public partial class RepositoryIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -264,17 +354,9 @@ public sealed class RepositoryIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -286,6 +368,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -329,17 +421,9 @@ public sealed class RepositoryIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -351,6 +435,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ArtifactRegistry/RepositoryIamMember.cs b/sdk/dotnet/ArtifactRegistry/RepositoryIamMember.cs index 3b2342a5d1..ef4b0e0d71 100644 --- a/sdk/dotnet/ArtifactRegistry/RepositoryIamMember.cs +++ b/sdk/dotnet/ArtifactRegistry/RepositoryIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.ArtifactRegistry /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_artifact\_registry\_repository\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/artifactregistry.reader", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy("policy", new() + /// { + /// Project = my_repo.Project, + /// Location = my_repo.Location, + /// Repository = my_repo.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_artifact\_registry\_repository\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding("binding", new() + /// { + /// Project = my_repo.Project, + /// Location = my_repo.Location, + /// Repository = my_repo.Name, + /// Role = "roles/artifactregistry.reader", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_artifact\_registry\_repository\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ArtifactRegistry.RepositoryIamMember("member", new() + /// { + /// Project = my_repo.Project, + /// Location = my_repo.Location, + /// Repository = my_repo.Name, + /// Role = "roles/artifactregistry.reader", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -170,14 +259,8 @@ public partial class RepositoryIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -189,6 +272,13 @@ public partial class RepositoryIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,14 +352,8 @@ public sealed class RepositoryIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -281,6 +365,13 @@ public sealed class RepositoryIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -322,14 +413,8 @@ public sealed class RepositoryIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -341,6 +426,13 @@ public sealed class RepositoryIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ArtifactRegistry/RepositoryIamPolicy.cs b/sdk/dotnet/ArtifactRegistry/RepositoryIamPolicy.cs index c1c6fd5b6c..1257c8a1f2 100644 --- a/sdk/dotnet/ArtifactRegistry/RepositoryIamPolicy.cs +++ b/sdk/dotnet/ArtifactRegistry/RepositoryIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.ArtifactRegistry /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_artifact\_registry\_repository\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/artifactregistry.reader", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ArtifactRegistry.RepositoryIamPolicy("policy", new() + /// { + /// Project = my_repo.Project, + /// Location = my_repo.Location, + /// Repository = my_repo.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_artifact\_registry\_repository\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ArtifactRegistry.RepositoryIamBinding("binding", new() + /// { + /// Project = my_repo.Project, + /// Location = my_repo.Location, + /// Repository = my_repo.Name, + /// Role = "roles/artifactregistry.reader", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_artifact\_registry\_repository\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ArtifactRegistry.RepositoryIamMember("member", new() + /// { + /// Project = my_repo.Project, + /// Location = my_repo.Location, + /// Repository = my_repo.Name, + /// Role = "roles/artifactregistry.reader", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -177,18 +266,6 @@ public partial class RepositoryIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,18 +339,6 @@ public sealed class RepositoryIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -315,18 +380,6 @@ public sealed class RepositoryIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQuery/ConnectionIamBinding.cs b/sdk/dotnet/BigQuery/ConnectionIamBinding.cs index 635d220bb3..e8a09a1d66 100644 --- a/sdk/dotnet/BigQuery/ConnectionIamBinding.cs +++ b/sdk/dotnet/BigQuery/ConnectionIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.BigQuery /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_connection\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQuery.ConnectionIamPolicy("policy", new() + /// { + /// Project = connection.Project, + /// Location = connection.Location, + /// ConnectionId = connection.ConnectionId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_connection\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQuery.ConnectionIamBinding("binding", new() + /// { + /// Project = connection.Project, + /// Location = connection.Location, + /// ConnectionId = connection.ConnectionId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_connection\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQuery.ConnectionIamMember("member", new() + /// { + /// Project = connection.Project, + /// Location = connection.Location, + /// ConnectionId = connection.ConnectionId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,14 +271,8 @@ public partial class ConnectionIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -201,6 +284,13 @@ public partial class ConnectionIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -282,17 +372,9 @@ public sealed class ConnectionIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -304,6 +386,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -353,17 +445,9 @@ public sealed class ConnectionIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -375,6 +459,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQuery/ConnectionIamMember.cs b/sdk/dotnet/BigQuery/ConnectionIamMember.cs index c8f6619230..2fe9d94e33 100644 --- a/sdk/dotnet/BigQuery/ConnectionIamMember.cs +++ b/sdk/dotnet/BigQuery/ConnectionIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.BigQuery /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_connection\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQuery.ConnectionIamPolicy("policy", new() + /// { + /// Project = connection.Project, + /// Location = connection.Location, + /// ConnectionId = connection.ConnectionId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_connection\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQuery.ConnectionIamBinding("binding", new() + /// { + /// Project = connection.Project, + /// Location = connection.Location, + /// ConnectionId = connection.ConnectionId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_connection\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQuery.ConnectionIamMember("member", new() + /// { + /// Project = connection.Project, + /// Location = connection.Location, + /// ConnectionId = connection.ConnectionId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,14 +271,8 @@ public partial class ConnectionIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -201,6 +284,13 @@ public partial class ConnectionIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -280,14 +370,8 @@ public sealed class ConnectionIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -299,6 +383,13 @@ public sealed class ConnectionIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -346,14 +437,8 @@ public sealed class ConnectionIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -365,6 +450,13 @@ public sealed class ConnectionIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQuery/ConnectionIamPolicy.cs b/sdk/dotnet/BigQuery/ConnectionIamPolicy.cs index eea1f76171..993633a26e 100644 --- a/sdk/dotnet/BigQuery/ConnectionIamPolicy.cs +++ b/sdk/dotnet/BigQuery/ConnectionIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.BigQuery /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_connection\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQuery.ConnectionIamPolicy("policy", new() + /// { + /// Project = connection.Project, + /// Location = connection.Location, + /// ConnectionId = connection.ConnectionId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_connection\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQuery.ConnectionIamBinding("binding", new() + /// { + /// Project = connection.Project, + /// Location = connection.Location, + /// ConnectionId = connection.ConnectionId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_connection\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQuery.ConnectionIamMember("member", new() + /// { + /// Project = connection.Project, + /// Location = connection.Location, + /// ConnectionId = connection.ConnectionId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -189,18 +278,6 @@ public partial class ConnectionIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -280,18 +357,6 @@ public sealed class ConnectionIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -339,18 +404,6 @@ public sealed class ConnectionIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQuery/DatasetIamBinding.cs b/sdk/dotnet/BigQuery/DatasetIamBinding.cs index 76d21d2d14..4e52cebe09 100644 --- a/sdk/dotnet/BigQuery/DatasetIamBinding.cs +++ b/sdk/dotnet/BigQuery/DatasetIamBinding.cs @@ -126,6 +126,104 @@ namespace Pulumi.Gcp.BigQuery /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_dataset\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var datasetDataset = new Gcp.BigQuery.Dataset("dataset", new() + /// { + /// DatasetId = "example_dataset", + /// }); + /// + /// var dataset = new Gcp.BigQuery.DatasetIamPolicy("dataset", new() + /// { + /// DatasetId = datasetDataset.DatasetId, + /// PolicyData = owner.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_dataset\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dataset = new Gcp.BigQuery.Dataset("dataset", new() + /// { + /// DatasetId = "example_dataset", + /// }); + /// + /// var reader = new Gcp.BigQuery.DatasetIamBinding("reader", new() + /// { + /// DatasetId = dataset.DatasetId, + /// Role = "roles/bigquery.dataViewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_dataset\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dataset = new Gcp.BigQuery.Dataset("dataset", new() + /// { + /// DatasetId = "example_dataset", + /// }); + /// + /// var editor = new Gcp.BigQuery.DatasetIamMember("editor", new() + /// { + /// DatasetId = dataset.DatasetId, + /// Role = "roles/bigquery.dataEditor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -160,16 +258,6 @@ public partial class DatasetIamBinding : global::Pulumi.CustomResource /// /// The dataset ID. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. /// [Output("datasetId")] public Output DatasetId { get; private set; } = null!; @@ -180,6 +268,17 @@ public partial class DatasetIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -249,8 +348,15 @@ public sealed class DatasetIamBindingArgs : global::Pulumi.ResourceArgs /// /// The dataset ID. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("datasetId", required: true)] + public Input DatasetId { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -260,11 +366,6 @@ public sealed class DatasetIamBindingArgs : global::Pulumi.ResourceArgs /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. /// - [Input("datasetId", required: true)] - public Input DatasetId { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -299,16 +400,6 @@ public sealed class DatasetIamBindingState : global::Pulumi.ResourceArgs /// /// The dataset ID. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. /// [Input("datasetId")] public Input? DatasetId { get; set; } @@ -321,6 +412,18 @@ public sealed class DatasetIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/BigQuery/DatasetIamMember.cs b/sdk/dotnet/BigQuery/DatasetIamMember.cs index 73d212bf98..e7e02b7d56 100644 --- a/sdk/dotnet/BigQuery/DatasetIamMember.cs +++ b/sdk/dotnet/BigQuery/DatasetIamMember.cs @@ -126,6 +126,104 @@ namespace Pulumi.Gcp.BigQuery /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_dataset\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var datasetDataset = new Gcp.BigQuery.Dataset("dataset", new() + /// { + /// DatasetId = "example_dataset", + /// }); + /// + /// var dataset = new Gcp.BigQuery.DatasetIamPolicy("dataset", new() + /// { + /// DatasetId = datasetDataset.DatasetId, + /// PolicyData = owner.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_dataset\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dataset = new Gcp.BigQuery.Dataset("dataset", new() + /// { + /// DatasetId = "example_dataset", + /// }); + /// + /// var reader = new Gcp.BigQuery.DatasetIamBinding("reader", new() + /// { + /// DatasetId = dataset.DatasetId, + /// Role = "roles/bigquery.dataViewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_dataset\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dataset = new Gcp.BigQuery.Dataset("dataset", new() + /// { + /// DatasetId = "example_dataset", + /// }); + /// + /// var editor = new Gcp.BigQuery.DatasetIamMember("editor", new() + /// { + /// DatasetId = dataset.DatasetId, + /// Role = "roles/bigquery.dataEditor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -160,16 +258,6 @@ public partial class DatasetIamMember : global::Pulumi.CustomResource /// /// The dataset ID. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. /// [Output("datasetId")] public Output DatasetId { get; private set; } = null!; @@ -180,6 +268,17 @@ public partial class DatasetIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -249,8 +348,12 @@ public sealed class DatasetIamMemberArgs : global::Pulumi.ResourceArgs /// /// The dataset ID. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("datasetId", required: true)] + public Input DatasetId { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -260,9 +363,6 @@ public sealed class DatasetIamMemberArgs : global::Pulumi.ResourceArgs /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. /// - [Input("datasetId", required: true)] - public Input DatasetId { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -294,16 +394,6 @@ public sealed class DatasetIamMemberState : global::Pulumi.ResourceArgs /// /// The dataset ID. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. /// [Input("datasetId")] public Input? DatasetId { get; set; } @@ -314,6 +404,17 @@ public sealed class DatasetIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/BigQuery/DatasetIamPolicy.cs b/sdk/dotnet/BigQuery/DatasetIamPolicy.cs index f8dd9a18bf..e6461d6f2a 100644 --- a/sdk/dotnet/BigQuery/DatasetIamPolicy.cs +++ b/sdk/dotnet/BigQuery/DatasetIamPolicy.cs @@ -126,6 +126,104 @@ namespace Pulumi.Gcp.BigQuery /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_dataset\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var owner = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var datasetDataset = new Gcp.BigQuery.Dataset("dataset", new() + /// { + /// DatasetId = "example_dataset", + /// }); + /// + /// var dataset = new Gcp.BigQuery.DatasetIamPolicy("dataset", new() + /// { + /// DatasetId = datasetDataset.DatasetId, + /// PolicyData = owner.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_dataset\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dataset = new Gcp.BigQuery.Dataset("dataset", new() + /// { + /// DatasetId = "example_dataset", + /// }); + /// + /// var reader = new Gcp.BigQuery.DatasetIamBinding("reader", new() + /// { + /// DatasetId = dataset.DatasetId, + /// Role = "roles/bigquery.dataViewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_dataset\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dataset = new Gcp.BigQuery.Dataset("dataset", new() + /// { + /// DatasetId = "example_dataset", + /// }); + /// + /// var editor = new Gcp.BigQuery.DatasetIamMember("editor", new() + /// { + /// DatasetId = dataset.DatasetId, + /// Role = "roles/bigquery.dataEditor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -157,16 +255,6 @@ public partial class DatasetIamPolicy : global::Pulumi.CustomResource { /// /// The dataset ID. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. /// [Output("datasetId")] public Output DatasetId { get; private set; } = null!; @@ -239,16 +327,6 @@ public sealed class DatasetIamPolicyArgs : global::Pulumi.ResourceArgs { /// /// The dataset ID. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. /// [Input("datasetId", required: true)] public Input DatasetId { get; set; } = null!; @@ -277,16 +355,6 @@ public sealed class DatasetIamPolicyState : global::Pulumi.ResourceArgs { /// /// The dataset ID. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. /// [Input("datasetId")] public Input? DatasetId { get; set; } diff --git a/sdk/dotnet/BigQuery/IamBinding.cs b/sdk/dotnet/BigQuery/IamBinding.cs index 118acc369d..3c5d28cd77 100644 --- a/sdk/dotnet/BigQuery/IamBinding.cs +++ b/sdk/dotnet/BigQuery/IamBinding.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.BigQuery /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_table\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQuery.IamPolicy("policy", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQuery.IamPolicy("policy", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_bigquery\_table\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQuery.IamBinding("binding", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQuery.IamBinding("binding", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.BigQuery.Inputs.IamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_bigquery\_table\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQuery.IamMember("member", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// Role = "roles/bigquery.dataOwner", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQuery.IamMember("member", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// Role = "roles/bigquery.dataOwner", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.BigQuery.Inputs.IamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -277,14 +471,8 @@ public partial class IamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -296,6 +484,13 @@ public partial class IamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -368,17 +563,9 @@ public sealed class IamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -390,6 +577,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -430,17 +627,9 @@ public sealed class IamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -452,6 +641,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQuery/IamMember.cs b/sdk/dotnet/BigQuery/IamMember.cs index e3c2008dc8..8a6c5e6a44 100644 --- a/sdk/dotnet/BigQuery/IamMember.cs +++ b/sdk/dotnet/BigQuery/IamMember.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.BigQuery /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_table\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQuery.IamPolicy("policy", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQuery.IamPolicy("policy", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_bigquery\_table\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQuery.IamBinding("binding", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQuery.IamBinding("binding", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.BigQuery.Inputs.IamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_bigquery\_table\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQuery.IamMember("member", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// Role = "roles/bigquery.dataOwner", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQuery.IamMember("member", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// Role = "roles/bigquery.dataOwner", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.BigQuery.Inputs.IamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -277,14 +471,8 @@ public partial class IamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -296,6 +484,13 @@ public partial class IamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -366,14 +561,8 @@ public sealed class IamMemberArgs : global::Pulumi.ResourceArgs [Input("datasetId", required: true)] public Input DatasetId { get; set; } = null!; - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -385,6 +574,13 @@ public sealed class IamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -423,14 +619,8 @@ public sealed class IamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -442,6 +632,13 @@ public sealed class IamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQuery/IamPolicy.cs b/sdk/dotnet/BigQuery/IamPolicy.cs index b679b73b60..456f17b4f6 100644 --- a/sdk/dotnet/BigQuery/IamPolicy.cs +++ b/sdk/dotnet/BigQuery/IamPolicy.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.BigQuery /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_table\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQuery.IamPolicy("policy", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQuery.IamPolicy("policy", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_bigquery\_table\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQuery.IamBinding("binding", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQuery.IamBinding("binding", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// Role = "roles/bigquery.dataOwner", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.BigQuery.Inputs.IamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_bigquery\_table\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQuery.IamMember("member", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// Role = "roles/bigquery.dataOwner", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQuery.IamMember("member", new() + /// { + /// Project = test.Project, + /// DatasetId = test.DatasetId, + /// TableId = test.TableId, + /// Role = "roles/bigquery.dataOwner", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.BigQuery.Inputs.IamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -280,18 +474,6 @@ public partial class IamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -358,18 +540,6 @@ public sealed class IamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -404,18 +574,6 @@ public sealed class IamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQueryAnalyticsHub/DataExchangeIamBinding.cs b/sdk/dotnet/BigQueryAnalyticsHub/DataExchangeIamBinding.cs index 551c55abb6..ae15a0f1cf 100644 --- a/sdk/dotnet/BigQueryAnalyticsHub/DataExchangeIamBinding.cs +++ b/sdk/dotnet/BigQueryAnalyticsHub/DataExchangeIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.BigQueryAnalyticsHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy("policy", new() + /// { + /// Project = dataExchange.Project, + /// Location = dataExchange.Location, + /// DataExchangeId = dataExchange.DataExchangeId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding("binding", new() + /// { + /// Project = dataExchange.Project, + /// Location = dataExchange.Location, + /// DataExchangeId = dataExchange.DataExchangeId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember("member", new() + /// { + /// Project = dataExchange.Project, + /// Location = dataExchange.Location, + /// DataExchangeId = dataExchange.DataExchangeId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -176,14 +265,8 @@ public partial class DataExchangeIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -195,6 +278,13 @@ public partial class DataExchangeIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -270,17 +360,9 @@ public sealed class DataExchangeIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -292,6 +374,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -335,17 +427,9 @@ public sealed class DataExchangeIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -357,6 +441,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQueryAnalyticsHub/DataExchangeIamMember.cs b/sdk/dotnet/BigQueryAnalyticsHub/DataExchangeIamMember.cs index d3aea5695b..e3fb1a979e 100644 --- a/sdk/dotnet/BigQueryAnalyticsHub/DataExchangeIamMember.cs +++ b/sdk/dotnet/BigQueryAnalyticsHub/DataExchangeIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.BigQueryAnalyticsHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy("policy", new() + /// { + /// Project = dataExchange.Project, + /// Location = dataExchange.Location, + /// DataExchangeId = dataExchange.DataExchangeId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding("binding", new() + /// { + /// Project = dataExchange.Project, + /// Location = dataExchange.Location, + /// DataExchangeId = dataExchange.DataExchangeId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember("member", new() + /// { + /// Project = dataExchange.Project, + /// Location = dataExchange.Location, + /// DataExchangeId = dataExchange.DataExchangeId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -176,14 +265,8 @@ public partial class DataExchangeIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -195,6 +278,13 @@ public partial class DataExchangeIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -268,14 +358,8 @@ public sealed class DataExchangeIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -287,6 +371,13 @@ public sealed class DataExchangeIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -328,14 +419,8 @@ public sealed class DataExchangeIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -347,6 +432,13 @@ public sealed class DataExchangeIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQueryAnalyticsHub/DataExchangeIamPolicy.cs b/sdk/dotnet/BigQueryAnalyticsHub/DataExchangeIamPolicy.cs index e1b66c13ee..2cd9224dd9 100644 --- a/sdk/dotnet/BigQueryAnalyticsHub/DataExchangeIamPolicy.cs +++ b/sdk/dotnet/BigQueryAnalyticsHub/DataExchangeIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.BigQueryAnalyticsHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQueryAnalyticsHub.DataExchangeIamPolicy("policy", new() + /// { + /// Project = dataExchange.Project, + /// Location = dataExchange.Location, + /// DataExchangeId = dataExchange.DataExchangeId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQueryAnalyticsHub.DataExchangeIamBinding("binding", new() + /// { + /// Project = dataExchange.Project, + /// Location = dataExchange.Location, + /// DataExchangeId = dataExchange.DataExchangeId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQueryAnalyticsHub.DataExchangeIamMember("member", new() + /// { + /// Project = dataExchange.Project, + /// Location = dataExchange.Location, + /// DataExchangeId = dataExchange.DataExchangeId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,18 +272,6 @@ public partial class DataExchangeIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -268,18 +345,6 @@ public sealed class DataExchangeIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -321,18 +386,6 @@ public sealed class DataExchangeIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQueryAnalyticsHub/ListingIamBinding.cs b/sdk/dotnet/BigQueryAnalyticsHub/ListingIamBinding.cs index e86e489208..7e3e470b0b 100644 --- a/sdk/dotnet/BigQueryAnalyticsHub/ListingIamBinding.cs +++ b/sdk/dotnet/BigQueryAnalyticsHub/ListingIamBinding.cs @@ -116,6 +116,98 @@ namespace Pulumi.Gcp.BigQueryAnalyticsHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_analytics\_hub\_listing\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy("policy", new() + /// { + /// Project = listing.Project, + /// Location = listing.Location, + /// DataExchangeId = listing.DataExchangeId, + /// ListingId = listing.ListingId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_analytics\_hub\_listing\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding("binding", new() + /// { + /// Project = listing.Project, + /// Location = listing.Location, + /// DataExchangeId = listing.DataExchangeId, + /// ListingId = listing.ListingId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_analytics\_hub\_listing\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember("member", new() + /// { + /// Project = listing.Project, + /// Location = listing.Location, + /// DataExchangeId = listing.DataExchangeId, + /// ListingId = listing.ListingId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -185,14 +277,8 @@ public partial class ListingIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -204,6 +290,13 @@ public partial class ListingIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -285,17 +378,9 @@ public sealed class ListingIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -307,6 +392,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -356,17 +451,9 @@ public sealed class ListingIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -378,6 +465,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQueryAnalyticsHub/ListingIamMember.cs b/sdk/dotnet/BigQueryAnalyticsHub/ListingIamMember.cs index e92380f9f7..0ce59eed46 100644 --- a/sdk/dotnet/BigQueryAnalyticsHub/ListingIamMember.cs +++ b/sdk/dotnet/BigQueryAnalyticsHub/ListingIamMember.cs @@ -116,6 +116,98 @@ namespace Pulumi.Gcp.BigQueryAnalyticsHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_analytics\_hub\_listing\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy("policy", new() + /// { + /// Project = listing.Project, + /// Location = listing.Location, + /// DataExchangeId = listing.DataExchangeId, + /// ListingId = listing.ListingId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_analytics\_hub\_listing\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding("binding", new() + /// { + /// Project = listing.Project, + /// Location = listing.Location, + /// DataExchangeId = listing.DataExchangeId, + /// ListingId = listing.ListingId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_analytics\_hub\_listing\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember("member", new() + /// { + /// Project = listing.Project, + /// Location = listing.Location, + /// DataExchangeId = listing.DataExchangeId, + /// ListingId = listing.ListingId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -185,14 +277,8 @@ public partial class ListingIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -204,6 +290,13 @@ public partial class ListingIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -283,14 +376,8 @@ public sealed class ListingIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -302,6 +389,13 @@ public sealed class ListingIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -349,14 +443,8 @@ public sealed class ListingIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -368,6 +456,13 @@ public sealed class ListingIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQueryAnalyticsHub/ListingIamPolicy.cs b/sdk/dotnet/BigQueryAnalyticsHub/ListingIamPolicy.cs index 1d1a98faef..0b8771161d 100644 --- a/sdk/dotnet/BigQueryAnalyticsHub/ListingIamPolicy.cs +++ b/sdk/dotnet/BigQueryAnalyticsHub/ListingIamPolicy.cs @@ -116,6 +116,98 @@ namespace Pulumi.Gcp.BigQueryAnalyticsHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_analytics\_hub\_listing\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQueryAnalyticsHub.ListingIamPolicy("policy", new() + /// { + /// Project = listing.Project, + /// Location = listing.Location, + /// DataExchangeId = listing.DataExchangeId, + /// ListingId = listing.ListingId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_analytics\_hub\_listing\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQueryAnalyticsHub.ListingIamBinding("binding", new() + /// { + /// Project = listing.Project, + /// Location = listing.Location, + /// DataExchangeId = listing.DataExchangeId, + /// ListingId = listing.ListingId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_analytics\_hub\_listing\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQueryAnalyticsHub.ListingIamMember("member", new() + /// { + /// Project = listing.Project, + /// Location = listing.Location, + /// DataExchangeId = listing.DataExchangeId, + /// ListingId = listing.ListingId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -192,18 +284,6 @@ public partial class ListingIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -283,18 +363,6 @@ public sealed class ListingIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -342,18 +410,6 @@ public sealed class ListingIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQueryDataPolicy/DataPolicyIamBinding.cs b/sdk/dotnet/BigQueryDataPolicy/DataPolicyIamBinding.cs index 02503e729f..9ea45d9e2a 100644 --- a/sdk/dotnet/BigQueryDataPolicy/DataPolicyIamBinding.cs +++ b/sdk/dotnet/BigQueryDataPolicy/DataPolicyIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.BigQueryDataPolicy /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy("policy", new() + /// { + /// Project = dataPolicy.Project, + /// Location = dataPolicy.Location, + /// DataPolicyId = dataPolicy.DataPolicyId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding("binding", new() + /// { + /// Project = dataPolicy.Project, + /// Location = dataPolicy.Location, + /// DataPolicyId = dataPolicy.DataPolicyId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember("member", new() + /// { + /// Project = dataPolicy.Project, + /// Location = dataPolicy.Location, + /// DataPolicyId = dataPolicy.DataPolicyId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -173,14 +262,8 @@ public partial class DataPolicyIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -192,6 +275,13 @@ public partial class DataPolicyIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -264,17 +354,9 @@ public sealed class DataPolicyIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -286,6 +368,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -326,17 +418,9 @@ public sealed class DataPolicyIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -348,6 +432,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQueryDataPolicy/DataPolicyIamMember.cs b/sdk/dotnet/BigQueryDataPolicy/DataPolicyIamMember.cs index e2cc703db6..e4762d14d3 100644 --- a/sdk/dotnet/BigQueryDataPolicy/DataPolicyIamMember.cs +++ b/sdk/dotnet/BigQueryDataPolicy/DataPolicyIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.BigQueryDataPolicy /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy("policy", new() + /// { + /// Project = dataPolicy.Project, + /// Location = dataPolicy.Location, + /// DataPolicyId = dataPolicy.DataPolicyId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding("binding", new() + /// { + /// Project = dataPolicy.Project, + /// Location = dataPolicy.Location, + /// DataPolicyId = dataPolicy.DataPolicyId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember("member", new() + /// { + /// Project = dataPolicy.Project, + /// Location = dataPolicy.Location, + /// DataPolicyId = dataPolicy.DataPolicyId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -173,14 +262,8 @@ public partial class DataPolicyIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -192,6 +275,13 @@ public partial class DataPolicyIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,14 +352,8 @@ public sealed class DataPolicyIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -281,6 +365,13 @@ public sealed class DataPolicyIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -319,14 +410,8 @@ public sealed class DataPolicyIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -338,6 +423,13 @@ public sealed class DataPolicyIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigQueryDataPolicy/DataPolicyIamPolicy.cs b/sdk/dotnet/BigQueryDataPolicy/DataPolicyIamPolicy.cs index 29e5731004..7624421c65 100644 --- a/sdk/dotnet/BigQueryDataPolicy/DataPolicyIamPolicy.cs +++ b/sdk/dotnet/BigQueryDataPolicy/DataPolicyIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.BigQueryDataPolicy /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BigQueryDataPolicy.DataPolicyIamPolicy("policy", new() + /// { + /// Project = dataPolicy.Project, + /// Location = dataPolicy.Location, + /// DataPolicyId = dataPolicy.DataPolicyId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BigQueryDataPolicy.DataPolicyIamBinding("binding", new() + /// { + /// Project = dataPolicy.Project, + /// Location = dataPolicy.Location, + /// DataPolicyId = dataPolicy.DataPolicyId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BigQueryDataPolicy.DataPolicyIamMember("member", new() + /// { + /// Project = dataPolicy.Project, + /// Location = dataPolicy.Location, + /// DataPolicyId = dataPolicy.DataPolicyId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -180,18 +269,6 @@ public partial class DataPolicyIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,18 +339,6 @@ public sealed class DataPolicyIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -312,18 +377,6 @@ public sealed class DataPolicyIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BigTable/InstanceIamBinding.cs b/sdk/dotnet/BigTable/InstanceIamBinding.cs index 822667177d..f531a81c17 100644 --- a/sdk/dotnet/BigTable/InstanceIamBinding.cs +++ b/sdk/dotnet/BigTable/InstanceIamBinding.cs @@ -104,6 +104,90 @@ namespace Pulumi.Gcp.BigTable /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigtable\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigtable.user", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.BigTable.InstanceIamPolicy("editor", new() + /// { + /// Project = "your-project", + /// Instance = "your-bigtable-instance", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigtable\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.BigTable.InstanceIamBinding("editor", new() + /// { + /// Instance = "your-bigtable-instance", + /// Role = "roles/bigtable.user", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigtable\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.BigTable.InstanceIamMember("editor", new() + /// { + /// Instance = "your-bigtable-instance", + /// Role = "roles/bigtable.user", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -146,8 +230,12 @@ public partial class InstanceIamBinding : global::Pulumi.CustomResource /// The name or relative resource id of the instance to manage IAM policies for. /// /// For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("instance")] + public Output Instance { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,9 +244,6 @@ public partial class InstanceIamBinding : global::Pulumi.CustomResource /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Output("instance")] - public Output Instance { get; private set; } = null!; - [Output("members")] public Output> Members { get; private set; } = null!; @@ -232,8 +317,15 @@ public sealed class InstanceIamBindingArgs : global::Pulumi.ResourceArgs /// The name or relative resource id of the instance to manage IAM policies for. /// /// For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("instance", required: true)] + public Input Instance { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -242,11 +334,6 @@ public sealed class InstanceIamBindingArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("instance", required: true)] - public Input Instance { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -291,8 +378,15 @@ public sealed class InstanceIamBindingState : global::Pulumi.ResourceArgs /// The name or relative resource id of the instance to manage IAM policies for. /// /// For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("instance")] + public Input? Instance { get; set; } + + [Input("members")] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -301,11 +395,6 @@ public sealed class InstanceIamBindingState : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("instance")] - public Input? Instance { get; set; } - - [Input("members")] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/BigTable/InstanceIamMember.cs b/sdk/dotnet/BigTable/InstanceIamMember.cs index a9bee1f917..afb375f43b 100644 --- a/sdk/dotnet/BigTable/InstanceIamMember.cs +++ b/sdk/dotnet/BigTable/InstanceIamMember.cs @@ -104,6 +104,90 @@ namespace Pulumi.Gcp.BigTable /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigtable\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigtable.user", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.BigTable.InstanceIamPolicy("editor", new() + /// { + /// Project = "your-project", + /// Instance = "your-bigtable-instance", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigtable\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.BigTable.InstanceIamBinding("editor", new() + /// { + /// Instance = "your-bigtable-instance", + /// Role = "roles/bigtable.user", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigtable\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.BigTable.InstanceIamMember("editor", new() + /// { + /// Instance = "your-bigtable-instance", + /// Role = "roles/bigtable.user", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -146,8 +230,12 @@ public partial class InstanceIamMember : global::Pulumi.CustomResource /// The name or relative resource id of the instance to manage IAM policies for. /// /// For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("instance")] + public Output Instance { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,9 +244,6 @@ public partial class InstanceIamMember : global::Pulumi.CustomResource /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Output("instance")] - public Output Instance { get; private set; } = null!; - [Output("member")] public Output Member { get; private set; } = null!; @@ -232,8 +317,12 @@ public sealed class InstanceIamMemberArgs : global::Pulumi.ResourceArgs /// The name or relative resource id of the instance to manage IAM policies for. /// /// For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("instance", required: true)] + public Input Instance { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -242,9 +331,6 @@ public sealed class InstanceIamMemberArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("instance", required: true)] - public Input Instance { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -286,8 +372,12 @@ public sealed class InstanceIamMemberState : global::Pulumi.ResourceArgs /// The name or relative resource id of the instance to manage IAM policies for. /// /// For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("instance")] + public Input? Instance { get; set; } + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -296,9 +386,6 @@ public sealed class InstanceIamMemberState : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("instance")] - public Input? Instance { get; set; } - [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/BigTable/InstanceIamPolicy.cs b/sdk/dotnet/BigTable/InstanceIamPolicy.cs index f3b4b74646..42316056d7 100644 --- a/sdk/dotnet/BigTable/InstanceIamPolicy.cs +++ b/sdk/dotnet/BigTable/InstanceIamPolicy.cs @@ -104,6 +104,90 @@ namespace Pulumi.Gcp.BigTable /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigtable\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigtable.user", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.BigTable.InstanceIamPolicy("editor", new() + /// { + /// Project = "your-project", + /// Instance = "your-bigtable-instance", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigtable\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.BigTable.InstanceIamBinding("editor", new() + /// { + /// Instance = "your-bigtable-instance", + /// Role = "roles/bigtable.user", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigtable\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.BigTable.InstanceIamMember("editor", new() + /// { + /// Instance = "your-bigtable-instance", + /// Role = "roles/bigtable.user", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -143,15 +227,6 @@ public partial class InstanceIamPolicy : global::Pulumi.CustomResource /// The name or relative resource id of the instance to manage IAM policies for. /// /// For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("instance")] public Output Instance { get; private set; } = null!; @@ -221,15 +296,6 @@ public sealed class InstanceIamPolicyArgs : global::Pulumi.ResourceArgs /// The name or relative resource id of the instance to manage IAM policies for. /// /// For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("instance", required: true)] public Input Instance { get; set; } = null!; @@ -267,15 +333,6 @@ public sealed class InstanceIamPolicyState : global::Pulumi.ResourceArgs /// The name or relative resource id of the instance to manage IAM policies for. /// /// For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("instance")] public Input? Instance { get; set; } diff --git a/sdk/dotnet/BigTable/TableIamBinding.cs b/sdk/dotnet/BigTable/TableIamBinding.cs index 2424293b91..ab56058ba2 100644 --- a/sdk/dotnet/BigTable/TableIamBinding.cs +++ b/sdk/dotnet/BigTable/TableIamBinding.cs @@ -107,6 +107,93 @@ namespace Pulumi.Gcp.BigTable /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigtable\_table\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigtable.user", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.BigTable.TableIamPolicy("editor", new() + /// { + /// Project = "your-project", + /// Instance = "your-bigtable-instance", + /// Table = "your-bigtable-table", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigtable\_table\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.BigTable.TableIamBinding("editor", new() + /// { + /// Table = "your-bigtable-table", + /// Instance = "your-bigtable-instance", + /// Role = "roles/bigtable.user", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigtable\_table\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.BigTable.TableIamMember("editor", new() + /// { + /// Table = "your-bigtable-table", + /// Instance = "your-bigtable-instance", + /// Role = "roles/bigtable.user", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -151,6 +238,16 @@ public partial class TableIamBinding : global::Pulumi.CustomResource [Output("instance")] public Output Instance { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -175,15 +272,6 @@ public partial class TableIamBinding : global::Pulumi.CustomResource /// The name or relative resource id of the table to manage IAM policies for. /// /// For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("table")] public Output Table { get; private set; } = null!; @@ -245,6 +333,17 @@ public sealed class TableIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -272,15 +371,6 @@ public InputList Members /// The name or relative resource id of the table to manage IAM policies for. /// /// For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("table", required: true)] public Input Table { get; set; } = null!; @@ -310,6 +400,17 @@ public sealed class TableIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -337,15 +438,6 @@ public InputList Members /// The name or relative resource id of the table to manage IAM policies for. /// /// For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("table")] public Input? Table { get; set; } diff --git a/sdk/dotnet/BigTable/TableIamMember.cs b/sdk/dotnet/BigTable/TableIamMember.cs index 47985565e0..bd92833d45 100644 --- a/sdk/dotnet/BigTable/TableIamMember.cs +++ b/sdk/dotnet/BigTable/TableIamMember.cs @@ -107,6 +107,93 @@ namespace Pulumi.Gcp.BigTable /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigtable\_table\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigtable.user", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.BigTable.TableIamPolicy("editor", new() + /// { + /// Project = "your-project", + /// Instance = "your-bigtable-instance", + /// Table = "your-bigtable-table", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigtable\_table\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.BigTable.TableIamBinding("editor", new() + /// { + /// Table = "your-bigtable-table", + /// Instance = "your-bigtable-instance", + /// Role = "roles/bigtable.user", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigtable\_table\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.BigTable.TableIamMember("editor", new() + /// { + /// Table = "your-bigtable-table", + /// Instance = "your-bigtable-instance", + /// Role = "roles/bigtable.user", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -151,6 +238,16 @@ public partial class TableIamMember : global::Pulumi.CustomResource [Output("instance")] public Output Instance { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -175,15 +272,6 @@ public partial class TableIamMember : global::Pulumi.CustomResource /// The name or relative resource id of the table to manage IAM policies for. /// /// For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("table")] public Output Table { get; private set; } = null!; @@ -243,6 +331,16 @@ public sealed class TableIamMemberArgs : global::Pulumi.ResourceArgs [Input("instance", required: true)] public Input Instance { get; set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -267,15 +365,6 @@ public sealed class TableIamMemberArgs : global::Pulumi.ResourceArgs /// The name or relative resource id of the table to manage IAM policies for. /// /// For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("table", required: true)] public Input Table { get; set; } = null!; @@ -303,6 +392,16 @@ public sealed class TableIamMemberState : global::Pulumi.ResourceArgs [Input("instance")] public Input? Instance { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member")] public Input? Member { get; set; } @@ -327,15 +426,6 @@ public sealed class TableIamMemberState : global::Pulumi.ResourceArgs /// The name or relative resource id of the table to manage IAM policies for. /// /// For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("table")] public Input? Table { get; set; } diff --git a/sdk/dotnet/BigTable/TableIamPolicy.cs b/sdk/dotnet/BigTable/TableIamPolicy.cs index a3f8b948ca..671d4aa5b7 100644 --- a/sdk/dotnet/BigTable/TableIamPolicy.cs +++ b/sdk/dotnet/BigTable/TableIamPolicy.cs @@ -107,6 +107,93 @@ namespace Pulumi.Gcp.BigTable /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_bigtable\_table\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/bigtable.user", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.BigTable.TableIamPolicy("editor", new() + /// { + /// Project = "your-project", + /// Instance = "your-bigtable-instance", + /// Table = "your-bigtable-table", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigtable\_table\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.BigTable.TableIamBinding("editor", new() + /// { + /// Table = "your-bigtable-table", + /// Instance = "your-bigtable-instance", + /// Role = "roles/bigtable.user", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_bigtable\_table\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.BigTable.TableIamMember("editor", new() + /// { + /// Table = "your-bigtable-table", + /// Instance = "your-bigtable-instance", + /// Role = "roles/bigtable.user", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -167,15 +254,6 @@ public partial class TableIamPolicy : global::Pulumi.CustomResource /// The name or relative resource id of the table to manage IAM policies for. /// /// For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("table")] public Output Table { get; private set; } = null!; @@ -251,15 +329,6 @@ public sealed class TableIamPolicyArgs : global::Pulumi.ResourceArgs /// The name or relative resource id of the table to manage IAM policies for. /// /// For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("table", required: true)] public Input Table { get; set; } = null!; @@ -303,15 +372,6 @@ public sealed class TableIamPolicyState : global::Pulumi.ResourceArgs /// The name or relative resource id of the table to manage IAM policies for. /// /// For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("table")] public Input? Table { get; set; } diff --git a/sdk/dotnet/Billing/AccountIamBinding.cs b/sdk/dotnet/Billing/AccountIamBinding.cs index 79fa06daca..e719d133e1 100644 --- a/sdk/dotnet/Billing/AccountIamBinding.cs +++ b/sdk/dotnet/Billing/AccountIamBinding.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Billing /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_billing\_account\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/billing.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.Billing.AccountIamPolicy("editor", new() + /// { + /// BillingAccountId = "00AA00-000AAA-00AA0A", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_billing\_account\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Billing.AccountIamBinding("editor", new() + /// { + /// BillingAccountId = "00AA00-000AAA-00AA0A", + /// Role = "roles/billing.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_billing\_account\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Billing.AccountIamMember("editor", new() + /// { + /// BillingAccountId = "00AA00-000AAA-00AA0A", + /// Role = "roles/billing.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -136,13 +219,6 @@ public partial class AccountIamBinding : global::Pulumi.CustomResource /// The billing account id. /// /// For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("billingAccountId")] public Output BillingAccountId { get; private set; } = null!; @@ -156,6 +232,14 @@ public partial class AccountIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -219,13 +303,6 @@ public sealed class AccountIamBindingArgs : global::Pulumi.ResourceArgs /// The billing account id. /// /// For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("billingAccountId", required: true)] public Input BillingAccountId { get; set; } = null!; @@ -235,6 +312,15 @@ public sealed class AccountIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -263,13 +349,6 @@ public sealed class AccountIamBindingState : global::Pulumi.ResourceArgs /// The billing account id. /// /// For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("billingAccountId")] public Input? BillingAccountId { get; set; } @@ -285,6 +364,15 @@ public sealed class AccountIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Billing/AccountIamMember.cs b/sdk/dotnet/Billing/AccountIamMember.cs index a018a64b12..c051b99f47 100644 --- a/sdk/dotnet/Billing/AccountIamMember.cs +++ b/sdk/dotnet/Billing/AccountIamMember.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Billing /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_billing\_account\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/billing.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.Billing.AccountIamPolicy("editor", new() + /// { + /// BillingAccountId = "00AA00-000AAA-00AA0A", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_billing\_account\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Billing.AccountIamBinding("editor", new() + /// { + /// BillingAccountId = "00AA00-000AAA-00AA0A", + /// Role = "roles/billing.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_billing\_account\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Billing.AccountIamMember("editor", new() + /// { + /// BillingAccountId = "00AA00-000AAA-00AA0A", + /// Role = "roles/billing.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -136,13 +219,6 @@ public partial class AccountIamMember : global::Pulumi.CustomResource /// The billing account id. /// /// For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("billingAccountId")] public Output BillingAccountId { get; private set; } = null!; @@ -156,6 +232,14 @@ public partial class AccountIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -219,13 +303,6 @@ public sealed class AccountIamMemberArgs : global::Pulumi.ResourceArgs /// The billing account id. /// /// For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("billingAccountId", required: true)] public Input BillingAccountId { get; set; } = null!; @@ -233,6 +310,14 @@ public sealed class AccountIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -258,13 +343,6 @@ public sealed class AccountIamMemberState : global::Pulumi.ResourceArgs /// The billing account id. /// /// For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("billingAccountId")] public Input? BillingAccountId { get; set; } @@ -278,6 +356,14 @@ public sealed class AccountIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Billing/AccountIamPolicy.cs b/sdk/dotnet/Billing/AccountIamPolicy.cs index 86a6559ad0..b09bc9ebd1 100644 --- a/sdk/dotnet/Billing/AccountIamPolicy.cs +++ b/sdk/dotnet/Billing/AccountIamPolicy.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Billing /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_billing\_account\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/billing.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.Billing.AccountIamPolicy("editor", new() + /// { + /// BillingAccountId = "00AA00-000AAA-00AA0A", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_billing\_account\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Billing.AccountIamBinding("editor", new() + /// { + /// BillingAccountId = "00AA00-000AAA-00AA0A", + /// Role = "roles/billing.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_billing\_account\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Billing.AccountIamMember("editor", new() + /// { + /// BillingAccountId = "00AA00-000AAA-00AA0A", + /// Role = "roles/billing.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -136,13 +219,6 @@ public partial class AccountIamPolicy : global::Pulumi.CustomResource /// The billing account id. /// /// For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("billingAccountId")] public Output BillingAccountId { get; private set; } = null!; @@ -211,13 +287,6 @@ public sealed class AccountIamPolicyArgs : global::Pulumi.ResourceArgs /// The billing account id. /// /// For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("billingAccountId", required: true)] public Input BillingAccountId { get; set; } = null!; @@ -242,13 +311,6 @@ public sealed class AccountIamPolicyState : global::Pulumi.ResourceArgs /// The billing account id. /// /// For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("billingAccountId")] public Input? BillingAccountId { get; set; } diff --git a/sdk/dotnet/BinaryAuthorization/AttestorIamBinding.cs b/sdk/dotnet/BinaryAuthorization/AttestorIamBinding.cs index 33babb9c4f..11615bd2b5 100644 --- a/sdk/dotnet/BinaryAuthorization/AttestorIamBinding.cs +++ b/sdk/dotnet/BinaryAuthorization/AttestorIamBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.BinaryAuthorization /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_binary\_authorization\_attestor\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy("policy", new() + /// { + /// Project = attestor.Project, + /// Attestor = attestor.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_binary\_authorization\_attestor\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BinaryAuthorization.AttestorIamBinding("binding", new() + /// { + /// Project = attestor.Project, + /// Attestor = attestor.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_binary\_authorization\_attestor\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BinaryAuthorization.AttestorIamMember("member", new() + /// { + /// Project = attestor.Project, + /// Attestor = attestor.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -164,14 +250,8 @@ public partial class AttestorIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -183,6 +263,13 @@ public partial class AttestorIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -251,17 +338,9 @@ public sealed class AttestorIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -273,6 +352,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -309,17 +398,9 @@ public sealed class AttestorIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -331,6 +412,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BinaryAuthorization/AttestorIamMember.cs b/sdk/dotnet/BinaryAuthorization/AttestorIamMember.cs index bfd744a9fc..c03c7cc40a 100644 --- a/sdk/dotnet/BinaryAuthorization/AttestorIamMember.cs +++ b/sdk/dotnet/BinaryAuthorization/AttestorIamMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.BinaryAuthorization /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_binary\_authorization\_attestor\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy("policy", new() + /// { + /// Project = attestor.Project, + /// Attestor = attestor.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_binary\_authorization\_attestor\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BinaryAuthorization.AttestorIamBinding("binding", new() + /// { + /// Project = attestor.Project, + /// Attestor = attestor.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_binary\_authorization\_attestor\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BinaryAuthorization.AttestorIamMember("member", new() + /// { + /// Project = attestor.Project, + /// Attestor = attestor.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -164,14 +250,8 @@ public partial class AttestorIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -183,6 +263,13 @@ public partial class AttestorIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -249,14 +336,8 @@ public sealed class AttestorIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -268,6 +349,13 @@ public sealed class AttestorIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -302,14 +390,8 @@ public sealed class AttestorIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -321,6 +403,13 @@ public sealed class AttestorIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/BinaryAuthorization/AttestorIamPolicy.cs b/sdk/dotnet/BinaryAuthorization/AttestorIamPolicy.cs index 3de9fb57d9..18e16c8325 100644 --- a/sdk/dotnet/BinaryAuthorization/AttestorIamPolicy.cs +++ b/sdk/dotnet/BinaryAuthorization/AttestorIamPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.BinaryAuthorization /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_binary\_authorization\_attestor\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy("policy", new() + /// { + /// Project = attestor.Project, + /// Attestor = attestor.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_binary\_authorization\_attestor\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.BinaryAuthorization.AttestorIamBinding("binding", new() + /// { + /// Project = attestor.Project, + /// Attestor = attestor.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_binary\_authorization\_attestor\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.BinaryAuthorization.AttestorIamMember("member", new() + /// { + /// Project = attestor.Project, + /// Attestor = attestor.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,18 +257,6 @@ public partial class AttestorIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -249,18 +323,6 @@ public sealed class AttestorIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -295,18 +357,6 @@ public sealed class AttestorIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CertificateAuthority/CaPoolIamBinding.cs b/sdk/dotnet/CertificateAuthority/CaPoolIamBinding.cs index 0d552342e4..83a5a541d9 100644 --- a/sdk/dotnet/CertificateAuthority/CaPoolIamBinding.cs +++ b/sdk/dotnet/CertificateAuthority/CaPoolIamBinding.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.CertificateAuthority /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_privateca\_ca\_pool\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/privateca.certificateManager", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy("policy", new() + /// { + /// CaPool = @default.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/privateca.certificateManager", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy("policy", new() + /// { + /// CaPool = @default.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_privateca\_ca\_pool\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CertificateAuthority.CaPoolIamBinding("binding", new() + /// { + /// CaPool = @default.Id, + /// Role = "roles/privateca.certificateManager", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CertificateAuthority.CaPoolIamBinding("binding", new() + /// { + /// CaPool = @default.Id, + /// Role = "roles/privateca.certificateManager", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_privateca\_ca\_pool\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CertificateAuthority.CaPoolIamMember("member", new() + /// { + /// CaPool = @default.Id, + /// Role = "roles/privateca.certificateManager", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CertificateAuthority.CaPoolIamMember("member", new() + /// { + /// CaPool = @default.Id, + /// Role = "roles/privateca.certificateManager", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -274,14 +456,8 @@ public partial class CaPoolIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -293,6 +469,13 @@ public partial class CaPoolIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -373,17 +556,9 @@ public sealed class CaPoolIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -395,6 +570,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -443,17 +628,9 @@ public sealed class CaPoolIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -465,6 +642,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CertificateAuthority/CaPoolIamMember.cs b/sdk/dotnet/CertificateAuthority/CaPoolIamMember.cs index 48387681f7..631de64e92 100644 --- a/sdk/dotnet/CertificateAuthority/CaPoolIamMember.cs +++ b/sdk/dotnet/CertificateAuthority/CaPoolIamMember.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.CertificateAuthority /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_privateca\_ca\_pool\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/privateca.certificateManager", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy("policy", new() + /// { + /// CaPool = @default.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/privateca.certificateManager", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy("policy", new() + /// { + /// CaPool = @default.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_privateca\_ca\_pool\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CertificateAuthority.CaPoolIamBinding("binding", new() + /// { + /// CaPool = @default.Id, + /// Role = "roles/privateca.certificateManager", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CertificateAuthority.CaPoolIamBinding("binding", new() + /// { + /// CaPool = @default.Id, + /// Role = "roles/privateca.certificateManager", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_privateca\_ca\_pool\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CertificateAuthority.CaPoolIamMember("member", new() + /// { + /// CaPool = @default.Id, + /// Role = "roles/privateca.certificateManager", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CertificateAuthority.CaPoolIamMember("member", new() + /// { + /// CaPool = @default.Id, + /// Role = "roles/privateca.certificateManager", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -274,14 +456,8 @@ public partial class CaPoolIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -293,6 +469,13 @@ public partial class CaPoolIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -371,14 +554,8 @@ public sealed class CaPoolIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -390,6 +567,13 @@ public sealed class CaPoolIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -436,14 +620,8 @@ public sealed class CaPoolIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -455,6 +633,13 @@ public sealed class CaPoolIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CertificateAuthority/CaPoolIamPolicy.cs b/sdk/dotnet/CertificateAuthority/CaPoolIamPolicy.cs index 54d7955569..559e85282e 100644 --- a/sdk/dotnet/CertificateAuthority/CaPoolIamPolicy.cs +++ b/sdk/dotnet/CertificateAuthority/CaPoolIamPolicy.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.CertificateAuthority /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_privateca\_ca\_pool\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/privateca.certificateManager", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy("policy", new() + /// { + /// CaPool = @default.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/privateca.certificateManager", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CertificateAuthority.CaPoolIamPolicy("policy", new() + /// { + /// CaPool = @default.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_privateca\_ca\_pool\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CertificateAuthority.CaPoolIamBinding("binding", new() + /// { + /// CaPool = @default.Id, + /// Role = "roles/privateca.certificateManager", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CertificateAuthority.CaPoolIamBinding("binding", new() + /// { + /// CaPool = @default.Id, + /// Role = "roles/privateca.certificateManager", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_privateca\_ca\_pool\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CertificateAuthority.CaPoolIamMember("member", new() + /// { + /// CaPool = @default.Id, + /// Role = "roles/privateca.certificateManager", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CertificateAuthority.CaPoolIamMember("member", new() + /// { + /// CaPool = @default.Id, + /// Role = "roles/privateca.certificateManager", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.CertificateAuthority.Inputs.CaPoolIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -277,18 +459,6 @@ public partial class CaPoolIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -363,18 +533,6 @@ public sealed class CaPoolIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -417,18 +575,6 @@ public sealed class CaPoolIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CertificateAuthority/CertificateTemplateIamBinding.cs b/sdk/dotnet/CertificateAuthority/CertificateTemplateIamBinding.cs index 715e116219..eed856d90d 100644 --- a/sdk/dotnet/CertificateAuthority/CertificateTemplateIamBinding.cs +++ b/sdk/dotnet/CertificateAuthority/CertificateTemplateIamBinding.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.CertificateAuthority /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_privateca\_certificate\_template\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/privateca.templateUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy("policy", new() + /// { + /// CertificateTemplate = @default.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/privateca.templateUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy("policy", new() + /// { + /// CertificateTemplate = @default.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_privateca\_certificate\_template\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding("binding", new() + /// { + /// CertificateTemplate = @default.Id, + /// Role = "roles/privateca.templateUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding("binding", new() + /// { + /// CertificateTemplate = @default.Id, + /// Role = "roles/privateca.templateUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_privateca\_certificate\_template\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember("member", new() + /// { + /// CertificateTemplate = @default.Id, + /// Role = "roles/privateca.templateUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember("member", new() + /// { + /// CertificateTemplate = @default.Id, + /// Role = "roles/privateca.templateUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -269,14 +451,8 @@ public partial class CertificateTemplateIamBinding : global::Pulumi.CustomResour [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -288,6 +464,13 @@ public partial class CertificateTemplateIamBinding : global::Pulumi.CustomResour /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -363,17 +546,9 @@ public sealed class CertificateTemplateIamBindingArgs : global::Pulumi.ResourceA [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -385,6 +560,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -428,17 +613,9 @@ public sealed class CertificateTemplateIamBindingState : global::Pulumi.Resource [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -450,6 +627,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CertificateAuthority/CertificateTemplateIamMember.cs b/sdk/dotnet/CertificateAuthority/CertificateTemplateIamMember.cs index caf9f4df9d..e9c35b80d6 100644 --- a/sdk/dotnet/CertificateAuthority/CertificateTemplateIamMember.cs +++ b/sdk/dotnet/CertificateAuthority/CertificateTemplateIamMember.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.CertificateAuthority /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_privateca\_certificate\_template\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/privateca.templateUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy("policy", new() + /// { + /// CertificateTemplate = @default.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/privateca.templateUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy("policy", new() + /// { + /// CertificateTemplate = @default.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_privateca\_certificate\_template\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding("binding", new() + /// { + /// CertificateTemplate = @default.Id, + /// Role = "roles/privateca.templateUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding("binding", new() + /// { + /// CertificateTemplate = @default.Id, + /// Role = "roles/privateca.templateUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_privateca\_certificate\_template\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember("member", new() + /// { + /// CertificateTemplate = @default.Id, + /// Role = "roles/privateca.templateUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember("member", new() + /// { + /// CertificateTemplate = @default.Id, + /// Role = "roles/privateca.templateUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -269,14 +451,8 @@ public partial class CertificateTemplateIamMember : global::Pulumi.CustomResourc [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -288,6 +464,13 @@ public partial class CertificateTemplateIamMember : global::Pulumi.CustomResourc /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -361,14 +544,8 @@ public sealed class CertificateTemplateIamMemberArgs : global::Pulumi.ResourceAr [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -380,6 +557,13 @@ public sealed class CertificateTemplateIamMemberArgs : global::Pulumi.ResourceAr /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -421,14 +605,8 @@ public sealed class CertificateTemplateIamMemberState : global::Pulumi.ResourceA [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -440,6 +618,13 @@ public sealed class CertificateTemplateIamMemberState : global::Pulumi.ResourceA /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CertificateAuthority/CertificateTemplateIamPolicy.cs b/sdk/dotnet/CertificateAuthority/CertificateTemplateIamPolicy.cs index 8767f912c0..3d4a0ecb92 100644 --- a/sdk/dotnet/CertificateAuthority/CertificateTemplateIamPolicy.cs +++ b/sdk/dotnet/CertificateAuthority/CertificateTemplateIamPolicy.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.CertificateAuthority /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_privateca\_certificate\_template\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/privateca.templateUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy("policy", new() + /// { + /// CertificateTemplate = @default.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/privateca.templateUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CertificateAuthority.CertificateTemplateIamPolicy("policy", new() + /// { + /// CertificateTemplate = @default.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_privateca\_certificate\_template\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding("binding", new() + /// { + /// CertificateTemplate = @default.Id, + /// Role = "roles/privateca.templateUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CertificateAuthority.CertificateTemplateIamBinding("binding", new() + /// { + /// CertificateTemplate = @default.Id, + /// Role = "roles/privateca.templateUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_privateca\_certificate\_template\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember("member", new() + /// { + /// CertificateTemplate = @default.Id, + /// Role = "roles/privateca.templateUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CertificateAuthority.CertificateTemplateIamMember("member", new() + /// { + /// CertificateTemplate = @default.Id, + /// Role = "roles/privateca.templateUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.CertificateAuthority.Inputs.CertificateTemplateIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -272,18 +454,6 @@ public partial class CertificateTemplateIamPolicy : global::Pulumi.CustomResourc /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -353,18 +523,6 @@ public sealed class CertificateTemplateIamPolicyArgs : global::Pulumi.ResourceAr /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -402,18 +560,6 @@ public sealed class CertificateTemplateIamPolicyState : global::Pulumi.ResourceA /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudBuildV2/ConnectionIAMBinding.cs b/sdk/dotnet/CloudBuildV2/ConnectionIAMBinding.cs index a4b22e5911..08036dfe00 100644 --- a/sdk/dotnet/CloudBuildV2/ConnectionIAMBinding.cs +++ b/sdk/dotnet/CloudBuildV2/ConnectionIAMBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudBuildV2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloudbuildv2\_connection\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/cloudbuild.connectionViewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy("policy", new() + /// { + /// Project = my_connection.Project, + /// Location = my_connection.Location, + /// Name = my_connection.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudbuildv2\_connection\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding("binding", new() + /// { + /// Project = my_connection.Project, + /// Location = my_connection.Location, + /// Name = my_connection.Name, + /// Role = "roles/cloudbuild.connectionViewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudbuildv2\_connection\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudBuildV2.ConnectionIAMMember("member", new() + /// { + /// Project = my_connection.Project, + /// Location = my_connection.Location, + /// Name = my_connection.Name, + /// Role = "roles/cloudbuild.connectionViewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,6 +258,19 @@ public partial class ConnectionIAMBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -181,18 +283,6 @@ public partial class ConnectionIAMBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,6 +352,20 @@ public sealed class ConnectionIAMBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -277,18 +381,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -326,6 +418,20 @@ public sealed class ConnectionIAMBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -341,18 +447,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudBuildV2/ConnectionIAMMember.cs b/sdk/dotnet/CloudBuildV2/ConnectionIAMMember.cs index 3b9e829783..85e5e534a7 100644 --- a/sdk/dotnet/CloudBuildV2/ConnectionIAMMember.cs +++ b/sdk/dotnet/CloudBuildV2/ConnectionIAMMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudBuildV2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloudbuildv2\_connection\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/cloudbuild.connectionViewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy("policy", new() + /// { + /// Project = my_connection.Project, + /// Location = my_connection.Location, + /// Name = my_connection.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudbuildv2\_connection\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding("binding", new() + /// { + /// Project = my_connection.Project, + /// Location = my_connection.Location, + /// Name = my_connection.Name, + /// Role = "roles/cloudbuild.connectionViewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudbuildv2\_connection\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudBuildV2.ConnectionIAMMember("member", new() + /// { + /// Project = my_connection.Project, + /// Location = my_connection.Location, + /// Name = my_connection.Name, + /// Role = "roles/cloudbuild.connectionViewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,6 +258,19 @@ public partial class ConnectionIAMMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -181,18 +283,6 @@ public partial class ConnectionIAMMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -260,6 +350,19 @@ public sealed class ConnectionIAMMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -272,18 +375,6 @@ public sealed class ConnectionIAMMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -319,6 +410,19 @@ public sealed class ConnectionIAMMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -331,18 +435,6 @@ public sealed class ConnectionIAMMemberState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudBuildV2/ConnectionIAMPolicy.cs b/sdk/dotnet/CloudBuildV2/ConnectionIAMPolicy.cs index 127f8f45dd..d7287bc92a 100644 --- a/sdk/dotnet/CloudBuildV2/ConnectionIAMPolicy.cs +++ b/sdk/dotnet/CloudBuildV2/ConnectionIAMPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudBuildV2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloudbuildv2\_connection\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/cloudbuild.connectionViewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudBuildV2.ConnectionIAMPolicy("policy", new() + /// { + /// Project = my_connection.Project, + /// Location = my_connection.Location, + /// Name = my_connection.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudbuildv2\_connection\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudBuildV2.ConnectionIAMBinding("binding", new() + /// { + /// Project = my_connection.Project, + /// Location = my_connection.Location, + /// Name = my_connection.Name, + /// Role = "roles/cloudbuild.connectionViewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudbuildv2\_connection\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudBuildV2.ConnectionIAMMember("member", new() + /// { + /// Project = my_connection.Project, + /// Location = my_connection.Location, + /// Name = my_connection.Name, + /// Role = "roles/cloudbuild.connectionViewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,18 +271,6 @@ public partial class ConnectionIAMPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -266,18 +343,6 @@ public sealed class ConnectionIAMPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -318,18 +383,6 @@ public sealed class ConnectionIAMPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudFunctions/FunctionIamBinding.cs b/sdk/dotnet/CloudFunctions/FunctionIamBinding.cs index 3b608303f0..197052b4f5 100644 --- a/sdk/dotnet/CloudFunctions/FunctionIamBinding.cs +++ b/sdk/dotnet/CloudFunctions/FunctionIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudFunctions /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloudfunctions\_function\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudFunctions.FunctionIamPolicy("policy", new() + /// { + /// Project = function.Project, + /// Region = function.Region, + /// CloudFunction = function.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudfunctions\_function\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudFunctions.FunctionIamBinding("binding", new() + /// { + /// Project = function.Project, + /// Region = function.Region, + /// CloudFunction = function.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudfunctions\_function\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudFunctions.FunctionIamMember("member", new() + /// { + /// Project = function.Project, + /// Region = function.Region, + /// CloudFunction = function.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,14 +258,8 @@ public partial class FunctionIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -188,6 +271,13 @@ public partial class FunctionIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -264,17 +354,9 @@ public sealed class FunctionIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -286,6 +368,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -330,17 +422,9 @@ public sealed class FunctionIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -352,6 +436,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudFunctions/FunctionIamMember.cs b/sdk/dotnet/CloudFunctions/FunctionIamMember.cs index 77a521f7c1..d07b5fa531 100644 --- a/sdk/dotnet/CloudFunctions/FunctionIamMember.cs +++ b/sdk/dotnet/CloudFunctions/FunctionIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudFunctions /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloudfunctions\_function\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudFunctions.FunctionIamPolicy("policy", new() + /// { + /// Project = function.Project, + /// Region = function.Region, + /// CloudFunction = function.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudfunctions\_function\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudFunctions.FunctionIamBinding("binding", new() + /// { + /// Project = function.Project, + /// Region = function.Region, + /// CloudFunction = function.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudfunctions\_function\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudFunctions.FunctionIamMember("member", new() + /// { + /// Project = function.Project, + /// Region = function.Region, + /// CloudFunction = function.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,14 +258,8 @@ public partial class FunctionIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -188,6 +271,13 @@ public partial class FunctionIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,14 +352,8 @@ public sealed class FunctionIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -281,6 +365,13 @@ public sealed class FunctionIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -323,14 +414,8 @@ public sealed class FunctionIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -342,6 +427,13 @@ public sealed class FunctionIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudFunctions/FunctionIamPolicy.cs b/sdk/dotnet/CloudFunctions/FunctionIamPolicy.cs index f21d51e61f..0b0491f420 100644 --- a/sdk/dotnet/CloudFunctions/FunctionIamPolicy.cs +++ b/sdk/dotnet/CloudFunctions/FunctionIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudFunctions /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloudfunctions\_function\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudFunctions.FunctionIamPolicy("policy", new() + /// { + /// Project = function.Project, + /// Region = function.Region, + /// CloudFunction = function.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudfunctions\_function\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudFunctions.FunctionIamBinding("binding", new() + /// { + /// Project = function.Project, + /// Region = function.Region, + /// CloudFunction = function.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudfunctions\_function\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudFunctions.FunctionIamMember("member", new() + /// { + /// Project = function.Project, + /// Region = function.Region, + /// CloudFunction = function.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -176,18 +265,6 @@ public partial class FunctionIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,18 +339,6 @@ public sealed class FunctionIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -316,18 +381,6 @@ public sealed class FunctionIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudFunctionsV2/FunctionIamBinding.cs b/sdk/dotnet/CloudFunctionsV2/FunctionIamBinding.cs index 39b97d5b9a..329012f774 100644 --- a/sdk/dotnet/CloudFunctionsV2/FunctionIamBinding.cs +++ b/sdk/dotnet/CloudFunctionsV2/FunctionIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudFunctionsV2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloudfunctions2\_function\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy("policy", new() + /// { + /// Project = function.Project, + /// Location = function.Location, + /// CloudFunction = function.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudfunctions2\_function\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding("binding", new() + /// { + /// Project = function.Project, + /// Location = function.Location, + /// CloudFunction = function.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudfunctions2\_function\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudFunctionsV2.FunctionIamMember("member", new() + /// { + /// Project = function.Project, + /// Location = function.Location, + /// CloudFunction = function.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -175,14 +264,8 @@ public partial class FunctionIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -194,6 +277,13 @@ public partial class FunctionIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -268,17 +358,9 @@ public sealed class FunctionIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -290,6 +372,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -332,17 +424,9 @@ public sealed class FunctionIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -354,6 +438,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudFunctionsV2/FunctionIamMember.cs b/sdk/dotnet/CloudFunctionsV2/FunctionIamMember.cs index 7e8020da00..b78dc41631 100644 --- a/sdk/dotnet/CloudFunctionsV2/FunctionIamMember.cs +++ b/sdk/dotnet/CloudFunctionsV2/FunctionIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudFunctionsV2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloudfunctions2\_function\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy("policy", new() + /// { + /// Project = function.Project, + /// Location = function.Location, + /// CloudFunction = function.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudfunctions2\_function\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding("binding", new() + /// { + /// Project = function.Project, + /// Location = function.Location, + /// CloudFunction = function.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudfunctions2\_function\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudFunctionsV2.FunctionIamMember("member", new() + /// { + /// Project = function.Project, + /// Location = function.Location, + /// CloudFunction = function.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -175,14 +264,8 @@ public partial class FunctionIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -194,6 +277,13 @@ public partial class FunctionIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -266,14 +356,8 @@ public sealed class FunctionIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -285,6 +369,13 @@ public sealed class FunctionIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -325,14 +416,8 @@ public sealed class FunctionIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -344,6 +429,13 @@ public sealed class FunctionIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudFunctionsV2/FunctionIamPolicy.cs b/sdk/dotnet/CloudFunctionsV2/FunctionIamPolicy.cs index af047fd509..36c077fa23 100644 --- a/sdk/dotnet/CloudFunctionsV2/FunctionIamPolicy.cs +++ b/sdk/dotnet/CloudFunctionsV2/FunctionIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudFunctionsV2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloudfunctions2\_function\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudFunctionsV2.FunctionIamPolicy("policy", new() + /// { + /// Project = function.Project, + /// Location = function.Location, + /// CloudFunction = function.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudfunctions2\_function\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudFunctionsV2.FunctionIamBinding("binding", new() + /// { + /// Project = function.Project, + /// Location = function.Location, + /// CloudFunction = function.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloudfunctions2\_function\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudFunctionsV2.FunctionIamMember("member", new() + /// { + /// Project = function.Project, + /// Location = function.Location, + /// CloudFunction = function.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,18 +271,6 @@ public partial class FunctionIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -266,18 +343,6 @@ public sealed class FunctionIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -318,18 +383,6 @@ public sealed class FunctionIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudRun/IamBinding.cs b/sdk/dotnet/CloudRun/IamBinding.cs index 44cd2994fc..03ce0b4b2a 100644 --- a/sdk/dotnet/CloudRun/IamBinding.cs +++ b/sdk/dotnet/CloudRun/IamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudRun /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloud\_run\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudRun.IamPolicy("policy", new() + /// { + /// Location = @default.Location, + /// Project = @default.Project, + /// Service = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudRun.IamBinding("binding", new() + /// { + /// Location = @default.Location, + /// Project = @default.Project, + /// Service = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudRun.IamMember("member", new() + /// { + /// Location = @default.Location, + /// Project = @default.Project, + /// Service = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,14 +258,8 @@ public partial class IamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -188,6 +271,13 @@ public partial class IamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,17 +352,9 @@ public sealed class IamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -284,6 +366,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -326,17 +418,9 @@ public sealed class IamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -348,6 +432,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudRun/IamMember.cs b/sdk/dotnet/CloudRun/IamMember.cs index 429c387ea1..0aaa22ab67 100644 --- a/sdk/dotnet/CloudRun/IamMember.cs +++ b/sdk/dotnet/CloudRun/IamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudRun /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloud\_run\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudRun.IamPolicy("policy", new() + /// { + /// Location = @default.Location, + /// Project = @default.Project, + /// Service = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudRun.IamBinding("binding", new() + /// { + /// Location = @default.Location, + /// Project = @default.Project, + /// Service = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudRun.IamMember("member", new() + /// { + /// Location = @default.Location, + /// Project = @default.Project, + /// Service = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,14 +258,8 @@ public partial class IamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -188,6 +271,13 @@ public partial class IamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -260,14 +350,8 @@ public sealed class IamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -279,6 +363,13 @@ public sealed class IamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -319,14 +410,8 @@ public sealed class IamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -338,6 +423,13 @@ public sealed class IamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudRun/IamPolicy.cs b/sdk/dotnet/CloudRun/IamPolicy.cs index 3e564d5132..996b463786 100644 --- a/sdk/dotnet/CloudRun/IamPolicy.cs +++ b/sdk/dotnet/CloudRun/IamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudRun /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloud\_run\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudRun.IamPolicy("policy", new() + /// { + /// Location = @default.Location, + /// Project = @default.Project, + /// Service = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudRun.IamBinding("binding", new() + /// { + /// Location = @default.Location, + /// Project = @default.Project, + /// Service = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudRun.IamMember("member", new() + /// { + /// Location = @default.Location, + /// Project = @default.Project, + /// Service = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -176,18 +265,6 @@ public partial class IamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -260,18 +337,6 @@ public sealed class IamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -312,18 +377,6 @@ public sealed class IamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudRunV2/JobIamBinding.cs b/sdk/dotnet/CloudRunV2/JobIamBinding.cs index c4b5a78164..a6093b1fe1 100644 --- a/sdk/dotnet/CloudRunV2/JobIamBinding.cs +++ b/sdk/dotnet/CloudRunV2/JobIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudRunV2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloud\_run\_v2\_job\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudRunV2.JobIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_v2\_job\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudRunV2.JobIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_v2\_job\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudRunV2.JobIamMember("member", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,6 +258,19 @@ public partial class JobIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -181,18 +283,6 @@ public partial class JobIamBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,6 +352,20 @@ public sealed class JobIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -277,18 +381,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -326,6 +418,20 @@ public sealed class JobIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -341,18 +447,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudRunV2/JobIamMember.cs b/sdk/dotnet/CloudRunV2/JobIamMember.cs index c21140604a..c5074618c1 100644 --- a/sdk/dotnet/CloudRunV2/JobIamMember.cs +++ b/sdk/dotnet/CloudRunV2/JobIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudRunV2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloud\_run\_v2\_job\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudRunV2.JobIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_v2\_job\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudRunV2.JobIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_v2\_job\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudRunV2.JobIamMember("member", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,6 +258,19 @@ public partial class JobIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -181,18 +283,6 @@ public partial class JobIamMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -260,6 +350,19 @@ public sealed class JobIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -272,18 +375,6 @@ public sealed class JobIamMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -319,6 +410,19 @@ public sealed class JobIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -331,18 +435,6 @@ public sealed class JobIamMemberState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudRunV2/JobIamPolicy.cs b/sdk/dotnet/CloudRunV2/JobIamPolicy.cs index 023e9c34d9..a8160de37e 100644 --- a/sdk/dotnet/CloudRunV2/JobIamPolicy.cs +++ b/sdk/dotnet/CloudRunV2/JobIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudRunV2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloud\_run\_v2\_job\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudRunV2.JobIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_v2\_job\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudRunV2.JobIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_v2\_job\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudRunV2.JobIamMember("member", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,18 +271,6 @@ public partial class JobIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -266,18 +343,6 @@ public sealed class JobIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -318,18 +383,6 @@ public sealed class JobIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudRunV2/ServiceIamBinding.cs b/sdk/dotnet/CloudRunV2/ServiceIamBinding.cs index 32e0cd9303..14bebdcd2c 100644 --- a/sdk/dotnet/CloudRunV2/ServiceIamBinding.cs +++ b/sdk/dotnet/CloudRunV2/ServiceIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudRunV2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloud\_run\_v2\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudRunV2.ServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_v2\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudRunV2.ServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_v2\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudRunV2.ServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,6 +258,19 @@ public partial class ServiceIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -181,18 +283,6 @@ public partial class ServiceIamBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,6 +352,20 @@ public sealed class ServiceIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -277,18 +381,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -326,6 +418,20 @@ public sealed class ServiceIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -341,18 +447,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudRunV2/ServiceIamMember.cs b/sdk/dotnet/CloudRunV2/ServiceIamMember.cs index b2fecc894e..7fea29da91 100644 --- a/sdk/dotnet/CloudRunV2/ServiceIamMember.cs +++ b/sdk/dotnet/CloudRunV2/ServiceIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudRunV2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloud\_run\_v2\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudRunV2.ServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_v2\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudRunV2.ServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_v2\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudRunV2.ServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,6 +258,19 @@ public partial class ServiceIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -181,18 +283,6 @@ public partial class ServiceIamMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -260,6 +350,19 @@ public sealed class ServiceIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -272,18 +375,6 @@ public sealed class ServiceIamMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -319,6 +410,19 @@ public sealed class ServiceIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -331,18 +435,6 @@ public sealed class ServiceIamMemberState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudRunV2/ServiceIamPolicy.cs b/sdk/dotnet/CloudRunV2/ServiceIamPolicy.cs index a74b8167f0..a70f9598ac 100644 --- a/sdk/dotnet/CloudRunV2/ServiceIamPolicy.cs +++ b/sdk/dotnet/CloudRunV2/ServiceIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudRunV2 /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloud\_run\_v2\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudRunV2.ServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_v2\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudRunV2.ServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_run\_v2\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudRunV2.ServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,18 +271,6 @@ public partial class ServiceIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -266,18 +343,6 @@ public sealed class ServiceIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -318,18 +383,6 @@ public sealed class ServiceIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudTasks/QueueIamBinding.cs b/sdk/dotnet/CloudTasks/QueueIamBinding.cs index 7d28805c72..b6b0ce5c03 100644 --- a/sdk/dotnet/CloudTasks/QueueIamBinding.cs +++ b/sdk/dotnet/CloudTasks/QueueIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudTasks /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloud\_tasks\_queue\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudTasks.QueueIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_tasks\_queue\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudTasks.QueueIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_tasks\_queue\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudTasks.QueueIamMember("member", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,6 +258,19 @@ public partial class QueueIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -181,18 +283,6 @@ public partial class QueueIamBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,6 +352,20 @@ public sealed class QueueIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -277,18 +381,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -326,6 +418,20 @@ public sealed class QueueIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -341,18 +447,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudTasks/QueueIamMember.cs b/sdk/dotnet/CloudTasks/QueueIamMember.cs index 59f78c2f0d..c952a7ef46 100644 --- a/sdk/dotnet/CloudTasks/QueueIamMember.cs +++ b/sdk/dotnet/CloudTasks/QueueIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudTasks /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloud\_tasks\_queue\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudTasks.QueueIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_tasks\_queue\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudTasks.QueueIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_tasks\_queue\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudTasks.QueueIamMember("member", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,6 +258,19 @@ public partial class QueueIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -181,18 +283,6 @@ public partial class QueueIamMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -260,6 +350,19 @@ public sealed class QueueIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -272,18 +375,6 @@ public sealed class QueueIamMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -319,6 +410,19 @@ public sealed class QueueIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -331,18 +435,6 @@ public sealed class QueueIamMemberState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/CloudTasks/QueueIamPolicy.cs b/sdk/dotnet/CloudTasks/QueueIamPolicy.cs index 491b960cc5..b5351077ea 100644 --- a/sdk/dotnet/CloudTasks/QueueIamPolicy.cs +++ b/sdk/dotnet/CloudTasks/QueueIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.CloudTasks /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_cloud\_tasks\_queue\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.CloudTasks.QueueIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_tasks\_queue\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.CloudTasks.QueueIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_cloud\_tasks\_queue\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.CloudTasks.QueueIamMember("member", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,18 +271,6 @@ public partial class QueueIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -266,18 +343,6 @@ public sealed class QueueIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -318,18 +383,6 @@ public sealed class QueueIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/BackendBucketIamBinding.cs b/sdk/dotnet/Compute/BackendBucketIamBinding.cs index 91ed37bbd5..4c497db2f4 100644 --- a/sdk/dotnet/Compute/BackendBucketIamBinding.cs +++ b/sdk/dotnet/Compute/BackendBucketIamBinding.cs @@ -58,6 +58,19 @@ public partial class BackendBucketIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -70,18 +83,6 @@ public partial class BackendBucketIamBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -145,6 +146,20 @@ public sealed class BackendBucketIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -160,18 +175,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -203,6 +206,20 @@ public sealed class BackendBucketIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -218,18 +235,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/BackendBucketIamMember.cs b/sdk/dotnet/Compute/BackendBucketIamMember.cs index 281964f917..08df202ed7 100644 --- a/sdk/dotnet/Compute/BackendBucketIamMember.cs +++ b/sdk/dotnet/Compute/BackendBucketIamMember.cs @@ -58,6 +58,19 @@ public partial class BackendBucketIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -70,18 +83,6 @@ public partial class BackendBucketIamMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -143,6 +144,19 @@ public sealed class BackendBucketIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -155,18 +169,6 @@ public sealed class BackendBucketIamMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -196,6 +198,19 @@ public sealed class BackendBucketIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -208,18 +223,6 @@ public sealed class BackendBucketIamMemberState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/BackendBucketIamPolicy.cs b/sdk/dotnet/Compute/BackendBucketIamPolicy.cs index bd1ce55163..e3443c7653 100644 --- a/sdk/dotnet/Compute/BackendBucketIamPolicy.cs +++ b/sdk/dotnet/Compute/BackendBucketIamPolicy.cs @@ -71,18 +71,6 @@ public partial class BackendBucketIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -149,18 +137,6 @@ public sealed class BackendBucketIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -195,18 +171,6 @@ public sealed class BackendBucketIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/BackendServiceIamBinding.cs b/sdk/dotnet/Compute/BackendServiceIamBinding.cs index e9d7b5b5ea..0646d08689 100644 --- a/sdk/dotnet/Compute/BackendServiceIamBinding.cs +++ b/sdk/dotnet/Compute/BackendServiceIamBinding.cs @@ -62,6 +62,19 @@ public partial class BackendServiceIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -74,18 +87,6 @@ public partial class BackendServiceIamBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -153,6 +154,20 @@ public sealed class BackendServiceIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -168,18 +183,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -215,6 +218,20 @@ public sealed class BackendServiceIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -230,18 +247,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/BackendServiceIamMember.cs b/sdk/dotnet/Compute/BackendServiceIamMember.cs index fec90dfaf3..001b70b71b 100644 --- a/sdk/dotnet/Compute/BackendServiceIamMember.cs +++ b/sdk/dotnet/Compute/BackendServiceIamMember.cs @@ -62,6 +62,19 @@ public partial class BackendServiceIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -74,18 +87,6 @@ public partial class BackendServiceIamMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -151,6 +152,19 @@ public sealed class BackendServiceIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -163,18 +177,6 @@ public sealed class BackendServiceIamMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -208,6 +210,19 @@ public sealed class BackendServiceIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -220,18 +235,6 @@ public sealed class BackendServiceIamMemberState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/BackendServiceIamPolicy.cs b/sdk/dotnet/Compute/BackendServiceIamPolicy.cs index c19bedb0cd..0e575175e7 100644 --- a/sdk/dotnet/Compute/BackendServiceIamPolicy.cs +++ b/sdk/dotnet/Compute/BackendServiceIamPolicy.cs @@ -71,18 +71,6 @@ public partial class BackendServiceIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -149,18 +137,6 @@ public sealed class BackendServiceIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -195,18 +171,6 @@ public sealed class BackendServiceIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/DiskIamBinding.cs b/sdk/dotnet/Compute/DiskIamBinding.cs index 3f5da8c93c..f2db62255f 100644 --- a/sdk/dotnet/Compute/DiskIamBinding.cs +++ b/sdk/dotnet/Compute/DiskIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_disk\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.DiskIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_disk\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.DiskIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_disk\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.DiskIamMember("member", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -163,6 +252,19 @@ public partial class DiskIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -175,18 +277,6 @@ public partial class DiskIamBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -258,6 +348,20 @@ public sealed class DiskIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -273,18 +377,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -324,6 +416,20 @@ public sealed class DiskIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -339,18 +445,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/DiskIamMember.cs b/sdk/dotnet/Compute/DiskIamMember.cs index 2e951d89b9..17f49251a7 100644 --- a/sdk/dotnet/Compute/DiskIamMember.cs +++ b/sdk/dotnet/Compute/DiskIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_disk\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.DiskIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_disk\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.DiskIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_disk\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.DiskIamMember("member", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -163,6 +252,19 @@ public partial class DiskIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -175,18 +277,6 @@ public partial class DiskIamMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -256,6 +346,19 @@ public sealed class DiskIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -268,18 +371,6 @@ public sealed class DiskIamMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -317,6 +408,19 @@ public sealed class DiskIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -329,18 +433,6 @@ public sealed class DiskIamMemberState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/DiskIamPolicy.cs b/sdk/dotnet/Compute/DiskIamPolicy.cs index 16f4f68c87..801c5e471b 100644 --- a/sdk/dotnet/Compute/DiskIamPolicy.cs +++ b/sdk/dotnet/Compute/DiskIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_disk\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.DiskIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_disk\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.DiskIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_disk\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.DiskIamMember("member", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -176,18 +265,6 @@ public partial class DiskIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,18 +339,6 @@ public sealed class DiskIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -316,18 +381,6 @@ public sealed class DiskIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/ImageIamBinding.cs b/sdk/dotnet/Compute/ImageIamBinding.cs index 18dbbd45dc..2338e5dcd8 100644 --- a/sdk/dotnet/Compute/ImageIamBinding.cs +++ b/sdk/dotnet/Compute/ImageIamBinding.cs @@ -214,6 +214,194 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_image\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.imageUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.ImageIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.imageUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.ImageIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_image\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.ImageIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// Role = "roles/compute.imageUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.ImageIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// Role = "roles/compute.imageUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_image\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.ImageIamMember("member", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// Role = "roles/compute.imageUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.ImageIamMember("member", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// Role = "roles/compute.imageUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -272,14 +460,8 @@ public partial class ImageIamBinding : global::Pulumi.CustomResource [Output("image")] public Output Image { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -291,6 +473,13 @@ public partial class ImageIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -363,17 +552,9 @@ public sealed class ImageIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -385,6 +566,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -425,17 +616,9 @@ public sealed class ImageIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -447,6 +630,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/ImageIamMember.cs b/sdk/dotnet/Compute/ImageIamMember.cs index bef68c6507..0ffc7c0694 100644 --- a/sdk/dotnet/Compute/ImageIamMember.cs +++ b/sdk/dotnet/Compute/ImageIamMember.cs @@ -214,6 +214,194 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_image\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.imageUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.ImageIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.imageUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.ImageIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_image\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.ImageIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// Role = "roles/compute.imageUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.ImageIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// Role = "roles/compute.imageUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_image\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.ImageIamMember("member", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// Role = "roles/compute.imageUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.ImageIamMember("member", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// Role = "roles/compute.imageUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -272,14 +460,8 @@ public partial class ImageIamMember : global::Pulumi.CustomResource [Output("image")] public Output Image { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -291,6 +473,13 @@ public partial class ImageIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -361,14 +550,8 @@ public sealed class ImageIamMemberArgs : global::Pulumi.ResourceArgs [Input("image", required: true)] public Input Image { get; set; } = null!; - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -380,6 +563,13 @@ public sealed class ImageIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -418,14 +608,8 @@ public sealed class ImageIamMemberState : global::Pulumi.ResourceArgs [Input("image")] public Input? Image { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -437,6 +621,13 @@ public sealed class ImageIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/ImageIamPolicy.cs b/sdk/dotnet/Compute/ImageIamPolicy.cs index 8ffa8921c2..f843f5b47c 100644 --- a/sdk/dotnet/Compute/ImageIamPolicy.cs +++ b/sdk/dotnet/Compute/ImageIamPolicy.cs @@ -214,6 +214,194 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_image\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.imageUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.ImageIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.imageUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.ImageIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_image\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.ImageIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// Role = "roles/compute.imageUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.ImageIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// Role = "roles/compute.imageUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Compute.Inputs.ImageIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_image\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.ImageIamMember("member", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// Role = "roles/compute.imageUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.ImageIamMember("member", new() + /// { + /// Project = example.Project, + /// Image = example.Name, + /// Role = "roles/compute.imageUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Compute.Inputs.ImageIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -275,18 +463,6 @@ public partial class ImageIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -353,18 +529,6 @@ public sealed class ImageIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -399,18 +563,6 @@ public sealed class ImageIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/InstanceIAMBinding.cs b/sdk/dotnet/Compute/InstanceIAMBinding.cs index 34bb474c40..9a53bf9642 100644 --- a/sdk/dotnet/Compute/InstanceIAMBinding.cs +++ b/sdk/dotnet/Compute/InstanceIAMBinding.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.osLogin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.InstanceIAMPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.osLogin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.InstanceIAMPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.InstanceIAMBinding("binding", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// Role = "roles/compute.osLogin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.InstanceIAMBinding("binding", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// Role = "roles/compute.osLogin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.InstanceIAMMember("member", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// Role = "roles/compute.osLogin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.InstanceIAMMember("member", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// Role = "roles/compute.osLogin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -280,14 +474,8 @@ public partial class InstanceIAMBinding : global::Pulumi.CustomResource [Output("instanceName")] public Output InstanceName { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -299,6 +487,13 @@ public partial class InstanceIAMBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -379,17 +574,9 @@ public sealed class InstanceIAMBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -401,6 +588,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -449,17 +646,9 @@ public sealed class InstanceIAMBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -471,6 +660,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/InstanceIAMMember.cs b/sdk/dotnet/Compute/InstanceIAMMember.cs index 0a96def43a..ecbfb63504 100644 --- a/sdk/dotnet/Compute/InstanceIAMMember.cs +++ b/sdk/dotnet/Compute/InstanceIAMMember.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.osLogin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.InstanceIAMPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.osLogin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.InstanceIAMPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.InstanceIAMBinding("binding", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// Role = "roles/compute.osLogin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.InstanceIAMBinding("binding", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// Role = "roles/compute.osLogin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.InstanceIAMMember("member", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// Role = "roles/compute.osLogin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.InstanceIAMMember("member", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// Role = "roles/compute.osLogin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -280,14 +474,8 @@ public partial class InstanceIAMMember : global::Pulumi.CustomResource [Output("instanceName")] public Output InstanceName { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -299,6 +487,13 @@ public partial class InstanceIAMMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -377,14 +572,8 @@ public sealed class InstanceIAMMemberArgs : global::Pulumi.ResourceArgs [Input("instanceName", required: true)] public Input InstanceName { get; set; } = null!; - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -396,6 +585,13 @@ public sealed class InstanceIAMMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -442,14 +638,8 @@ public sealed class InstanceIAMMemberState : global::Pulumi.ResourceArgs [Input("instanceName")] public Input? InstanceName { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -461,6 +651,13 @@ public sealed class InstanceIAMMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/InstanceIAMPolicy.cs b/sdk/dotnet/Compute/InstanceIAMPolicy.cs index 7208c74e90..c380f36836 100644 --- a/sdk/dotnet/Compute/InstanceIAMPolicy.cs +++ b/sdk/dotnet/Compute/InstanceIAMPolicy.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.osLogin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.InstanceIAMPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.osLogin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.InstanceIAMPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.InstanceIAMBinding("binding", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// Role = "roles/compute.osLogin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.InstanceIAMBinding("binding", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// Role = "roles/compute.osLogin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Compute.Inputs.InstanceIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.InstanceIAMMember("member", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// Role = "roles/compute.osLogin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.InstanceIAMMember("member", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// InstanceName = @default.Name, + /// Role = "roles/compute.osLogin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Compute.Inputs.InstanceIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -283,18 +477,6 @@ public partial class InstanceIAMPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -369,18 +551,6 @@ public sealed class InstanceIAMPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -423,18 +593,6 @@ public sealed class InstanceIAMPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/MachineImageIamBinding.cs b/sdk/dotnet/Compute/MachineImageIamBinding.cs index 098d74e1d8..0d05a74dc3 100644 --- a/sdk/dotnet/Compute/MachineImageIamBinding.cs +++ b/sdk/dotnet/Compute/MachineImageIamBinding.cs @@ -213,6 +213,194 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_machine\_image\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.MachineImageIamPolicy("policy", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.MachineImageIamPolicy("policy", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_machine\_image\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.MachineImageIamBinding("binding", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.MachineImageIamBinding("binding", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_machine\_image\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.MachineImageIamMember("member", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// Role = "roles/compute.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.MachineImageIamMember("member", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// Role = "roles/compute.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -271,14 +459,8 @@ public partial class MachineImageIamBinding : global::Pulumi.CustomResource [Output("machineImage")] public Output MachineImage { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -290,6 +472,13 @@ public partial class MachineImageIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -362,17 +551,9 @@ public sealed class MachineImageIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -384,6 +565,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -424,17 +615,9 @@ public sealed class MachineImageIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -446,6 +629,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/MachineImageIamMember.cs b/sdk/dotnet/Compute/MachineImageIamMember.cs index 0cefe4d5ba..5bd66f8a77 100644 --- a/sdk/dotnet/Compute/MachineImageIamMember.cs +++ b/sdk/dotnet/Compute/MachineImageIamMember.cs @@ -213,6 +213,194 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_machine\_image\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.MachineImageIamPolicy("policy", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.MachineImageIamPolicy("policy", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_machine\_image\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.MachineImageIamBinding("binding", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.MachineImageIamBinding("binding", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_machine\_image\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.MachineImageIamMember("member", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// Role = "roles/compute.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.MachineImageIamMember("member", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// Role = "roles/compute.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -271,14 +459,8 @@ public partial class MachineImageIamMember : global::Pulumi.CustomResource [Output("machineImage")] public Output MachineImage { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -290,6 +472,13 @@ public partial class MachineImageIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -360,14 +549,8 @@ public sealed class MachineImageIamMemberArgs : global::Pulumi.ResourceArgs [Input("machineImage", required: true)] public Input MachineImage { get; set; } = null!; - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -379,6 +562,13 @@ public sealed class MachineImageIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -417,14 +607,8 @@ public sealed class MachineImageIamMemberState : global::Pulumi.ResourceArgs [Input("machineImage")] public Input? MachineImage { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -436,6 +620,13 @@ public sealed class MachineImageIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/MachineImageIamPolicy.cs b/sdk/dotnet/Compute/MachineImageIamPolicy.cs index c34d28ef33..f37d13b0b3 100644 --- a/sdk/dotnet/Compute/MachineImageIamPolicy.cs +++ b/sdk/dotnet/Compute/MachineImageIamPolicy.cs @@ -213,6 +213,194 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_machine\_image\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.MachineImageIamPolicy("policy", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.MachineImageIamPolicy("policy", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_machine\_image\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.MachineImageIamBinding("binding", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.MachineImageIamBinding("binding", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Compute.Inputs.MachineImageIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_machine\_image\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.MachineImageIamMember("member", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// Role = "roles/compute.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.MachineImageIamMember("member", new() + /// { + /// Project = image.Project, + /// MachineImage = image.Name, + /// Role = "roles/compute.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Compute.Inputs.MachineImageIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -274,18 +462,6 @@ public partial class MachineImageIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -352,18 +528,6 @@ public sealed class MachineImageIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -398,18 +562,6 @@ public sealed class MachineImageIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/RegionBackendServiceIamBinding.cs b/sdk/dotnet/Compute/RegionBackendServiceIamBinding.cs index 9a6f6ac0c5..d527d4b275 100644 --- a/sdk/dotnet/Compute/RegionBackendServiceIamBinding.cs +++ b/sdk/dotnet/Compute/RegionBackendServiceIamBinding.cs @@ -64,6 +64,19 @@ public partial class RegionBackendServiceIamBinding : global::Pulumi.CustomResou [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -76,18 +89,6 @@ public partial class RegionBackendServiceIamBinding : global::Pulumi.CustomResou /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -165,6 +166,20 @@ public sealed class RegionBackendServiceIamBindingArgs : global::Pulumi.Resource [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -180,18 +195,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -237,6 +240,20 @@ public sealed class RegionBackendServiceIamBindingState : global::Pulumi.Resourc [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -252,18 +269,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/RegionBackendServiceIamMember.cs b/sdk/dotnet/Compute/RegionBackendServiceIamMember.cs index 0c5724d4b7..e4f5d55694 100644 --- a/sdk/dotnet/Compute/RegionBackendServiceIamMember.cs +++ b/sdk/dotnet/Compute/RegionBackendServiceIamMember.cs @@ -64,6 +64,19 @@ public partial class RegionBackendServiceIamMember : global::Pulumi.CustomResour [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -76,18 +89,6 @@ public partial class RegionBackendServiceIamMember : global::Pulumi.CustomResour /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -163,6 +164,19 @@ public sealed class RegionBackendServiceIamMemberArgs : global::Pulumi.ResourceA [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -175,18 +189,6 @@ public sealed class RegionBackendServiceIamMemberArgs : global::Pulumi.ResourceA /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -230,6 +232,19 @@ public sealed class RegionBackendServiceIamMemberState : global::Pulumi.Resource [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -242,18 +257,6 @@ public sealed class RegionBackendServiceIamMemberState : global::Pulumi.Resource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/RegionBackendServiceIamPolicy.cs b/sdk/dotnet/Compute/RegionBackendServiceIamPolicy.cs index b791f86fda..4dc94a15bf 100644 --- a/sdk/dotnet/Compute/RegionBackendServiceIamPolicy.cs +++ b/sdk/dotnet/Compute/RegionBackendServiceIamPolicy.cs @@ -73,18 +73,6 @@ public partial class RegionBackendServiceIamPolicy : global::Pulumi.CustomResour /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -161,18 +149,6 @@ public sealed class RegionBackendServiceIamPolicyArgs : global::Pulumi.ResourceA /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -217,18 +193,6 @@ public sealed class RegionBackendServiceIamPolicyState : global::Pulumi.Resource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/RegionDiskIamBinding.cs b/sdk/dotnet/Compute/RegionDiskIamBinding.cs index 80b56088a0..8334768473 100644 --- a/sdk/dotnet/Compute/RegionDiskIamBinding.cs +++ b/sdk/dotnet/Compute/RegionDiskIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_disk\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.DiskIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_disk\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.DiskIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_disk\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.DiskIamMember("member", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -163,6 +252,19 @@ public partial class RegionDiskIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -175,18 +277,6 @@ public partial class RegionDiskIamBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -253,6 +343,20 @@ public sealed class RegionDiskIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -268,18 +372,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -314,6 +406,20 @@ public sealed class RegionDiskIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -329,18 +435,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/RegionDiskIamMember.cs b/sdk/dotnet/Compute/RegionDiskIamMember.cs index 659d49693e..ac9c24c365 100644 --- a/sdk/dotnet/Compute/RegionDiskIamMember.cs +++ b/sdk/dotnet/Compute/RegionDiskIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_disk\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.DiskIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_disk\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.DiskIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_disk\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.DiskIamMember("member", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -163,6 +252,19 @@ public partial class RegionDiskIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -175,18 +277,6 @@ public partial class RegionDiskIamMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -251,6 +341,19 @@ public sealed class RegionDiskIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -263,18 +366,6 @@ public sealed class RegionDiskIamMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -307,6 +398,19 @@ public sealed class RegionDiskIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -319,18 +423,6 @@ public sealed class RegionDiskIamMemberState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/RegionDiskIamPolicy.cs b/sdk/dotnet/Compute/RegionDiskIamPolicy.cs index 9d34d69432..65c187e623 100644 --- a/sdk/dotnet/Compute/RegionDiskIamPolicy.cs +++ b/sdk/dotnet/Compute/RegionDiskIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_disk\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.DiskIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_disk\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.DiskIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_disk\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.DiskIamMember("member", new() + /// { + /// Project = @default.Project, + /// Zone = @default.Zone, + /// Name = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -176,18 +265,6 @@ public partial class RegionDiskIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -257,18 +334,6 @@ public sealed class RegionDiskIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -306,18 +371,6 @@ public sealed class RegionDiskIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/SnapshotIamBinding.cs b/sdk/dotnet/Compute/SnapshotIamBinding.cs index 03b6bbcf7a..2b69f8757a 100644 --- a/sdk/dotnet/Compute/SnapshotIamBinding.cs +++ b/sdk/dotnet/Compute/SnapshotIamBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_snapshot\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.SnapshotIamPolicy("policy", new() + /// { + /// Project = snapshot.Project, + /// Name = snapshot.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_snapshot\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.SnapshotIamBinding("binding", new() + /// { + /// Project = snapshot.Project, + /// Name = snapshot.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_snapshot\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.SnapshotIamMember("member", new() + /// { + /// Project = snapshot.Project, + /// Name = snapshot.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,6 +244,19 @@ public partial class SnapshotIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -170,18 +269,6 @@ public partial class SnapshotIamBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -245,6 +332,20 @@ public sealed class SnapshotIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -260,18 +361,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -303,6 +392,20 @@ public sealed class SnapshotIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -318,18 +421,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/SnapshotIamMember.cs b/sdk/dotnet/Compute/SnapshotIamMember.cs index 571f2d7fcb..fce0baaf6f 100644 --- a/sdk/dotnet/Compute/SnapshotIamMember.cs +++ b/sdk/dotnet/Compute/SnapshotIamMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_snapshot\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.SnapshotIamPolicy("policy", new() + /// { + /// Project = snapshot.Project, + /// Name = snapshot.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_snapshot\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.SnapshotIamBinding("binding", new() + /// { + /// Project = snapshot.Project, + /// Name = snapshot.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_snapshot\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.SnapshotIamMember("member", new() + /// { + /// Project = snapshot.Project, + /// Name = snapshot.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,6 +244,19 @@ public partial class SnapshotIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -170,18 +269,6 @@ public partial class SnapshotIamMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -243,6 +330,19 @@ public sealed class SnapshotIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -255,18 +355,6 @@ public sealed class SnapshotIamMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -296,6 +384,19 @@ public sealed class SnapshotIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -308,18 +409,6 @@ public sealed class SnapshotIamMemberState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/SnapshotIamPolicy.cs b/sdk/dotnet/Compute/SnapshotIamPolicy.cs index 44e9139652..8f70429938 100644 --- a/sdk/dotnet/Compute/SnapshotIamPolicy.cs +++ b/sdk/dotnet/Compute/SnapshotIamPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_snapshot\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.SnapshotIamPolicy("policy", new() + /// { + /// Project = snapshot.Project, + /// Name = snapshot.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_snapshot\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.SnapshotIamBinding("binding", new() + /// { + /// Project = snapshot.Project, + /// Name = snapshot.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_compute\_snapshot\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.SnapshotIamMember("member", new() + /// { + /// Project = snapshot.Project, + /// Name = snapshot.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,18 +257,6 @@ public partial class SnapshotIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -249,18 +323,6 @@ public sealed class SnapshotIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -295,18 +357,6 @@ public sealed class SnapshotIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/SubnetworkIAMBinding.cs b/sdk/dotnet/Compute/SubnetworkIAMBinding.cs index 009a666bc3..da6cfae4dc 100644 --- a/sdk/dotnet/Compute/SubnetworkIAMBinding.cs +++ b/sdk/dotnet/Compute/SubnetworkIAMBinding.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_subnetwork\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.SubnetworkIAMPolicy("policy", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.SubnetworkIAMPolicy("policy", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_subnetwork\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.SubnetworkIAMBinding("binding", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.SubnetworkIAMBinding("binding", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_subnetwork\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.SubnetworkIAMMember("member", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// Role = "roles/compute.networkUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.SubnetworkIAMMember("member", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// Role = "roles/compute.networkUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -274,14 +468,8 @@ public partial class SubnetworkIAMBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -293,6 +481,13 @@ public partial class SubnetworkIAMBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -374,17 +569,9 @@ public sealed class SubnetworkIAMBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -396,6 +583,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -445,17 +642,9 @@ public sealed class SubnetworkIAMBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -467,6 +656,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/SubnetworkIAMMember.cs b/sdk/dotnet/Compute/SubnetworkIAMMember.cs index d772243d46..b985894e3c 100644 --- a/sdk/dotnet/Compute/SubnetworkIAMMember.cs +++ b/sdk/dotnet/Compute/SubnetworkIAMMember.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_subnetwork\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.SubnetworkIAMPolicy("policy", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.SubnetworkIAMPolicy("policy", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_subnetwork\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.SubnetworkIAMBinding("binding", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.SubnetworkIAMBinding("binding", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_subnetwork\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.SubnetworkIAMMember("member", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// Role = "roles/compute.networkUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.SubnetworkIAMMember("member", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// Role = "roles/compute.networkUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -274,14 +468,8 @@ public partial class SubnetworkIAMMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -293,6 +481,13 @@ public partial class SubnetworkIAMMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -372,14 +567,8 @@ public sealed class SubnetworkIAMMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -391,6 +580,13 @@ public sealed class SubnetworkIAMMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -438,14 +634,8 @@ public sealed class SubnetworkIAMMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -457,6 +647,13 @@ public sealed class SubnetworkIAMMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Compute/SubnetworkIAMPolicy.cs b/sdk/dotnet/Compute/SubnetworkIAMPolicy.cs index aec43aabb2..31225189b3 100644 --- a/sdk/dotnet/Compute/SubnetworkIAMPolicy.cs +++ b/sdk/dotnet/Compute/SubnetworkIAMPolicy.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Compute /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_compute\_subnetwork\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.SubnetworkIAMPolicy("policy", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Compute.SubnetworkIAMPolicy("policy", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_subnetwork\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.SubnetworkIAMBinding("binding", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Compute.SubnetworkIAMBinding("binding", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Compute.Inputs.SubnetworkIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_compute\_subnetwork\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.SubnetworkIAMMember("member", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// Role = "roles/compute.networkUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Compute.SubnetworkIAMMember("member", new() + /// { + /// Project = network_with_private_secondary_ip_ranges.Project, + /// Region = network_with_private_secondary_ip_ranges.Region, + /// Subnetwork = network_with_private_secondary_ip_ranges.Name, + /// Role = "roles/compute.networkUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Compute.Inputs.SubnetworkIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -277,18 +471,6 @@ public partial class SubnetworkIAMPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -364,18 +546,6 @@ public sealed class SubnetworkIAMPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -419,18 +589,6 @@ public sealed class SubnetworkIAMPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ContainerAnalysis/NoteIamBinding.cs b/sdk/dotnet/ContainerAnalysis/NoteIamBinding.cs index 15d0b9368a..c2def8b4a6 100644 --- a/sdk/dotnet/ContainerAnalysis/NoteIamBinding.cs +++ b/sdk/dotnet/ContainerAnalysis/NoteIamBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.ContainerAnalysis /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_container\_analysis\_note\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/containeranalysis.notes.occurrences.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ContainerAnalysis.NoteIamPolicy("policy", new() + /// { + /// Project = note.Project, + /// Note = note.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_container\_analysis\_note\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ContainerAnalysis.NoteIamBinding("binding", new() + /// { + /// Project = note.Project, + /// Note = note.Name, + /// Role = "roles/containeranalysis.notes.occurrences.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_container\_analysis\_note\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ContainerAnalysis.NoteIamMember("member", new() + /// { + /// Project = note.Project, + /// Note = note.Name, + /// Role = "roles/containeranalysis.notes.occurrences.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,6 +244,19 @@ public partial class NoteIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -170,18 +269,6 @@ public partial class NoteIamBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -245,6 +332,20 @@ public sealed class NoteIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -260,18 +361,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -303,6 +392,20 @@ public sealed class NoteIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -318,18 +421,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ContainerAnalysis/NoteIamMember.cs b/sdk/dotnet/ContainerAnalysis/NoteIamMember.cs index 9fe33b65ff..6b0cfddbee 100644 --- a/sdk/dotnet/ContainerAnalysis/NoteIamMember.cs +++ b/sdk/dotnet/ContainerAnalysis/NoteIamMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.ContainerAnalysis /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_container\_analysis\_note\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/containeranalysis.notes.occurrences.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ContainerAnalysis.NoteIamPolicy("policy", new() + /// { + /// Project = note.Project, + /// Note = note.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_container\_analysis\_note\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ContainerAnalysis.NoteIamBinding("binding", new() + /// { + /// Project = note.Project, + /// Note = note.Name, + /// Role = "roles/containeranalysis.notes.occurrences.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_container\_analysis\_note\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ContainerAnalysis.NoteIamMember("member", new() + /// { + /// Project = note.Project, + /// Note = note.Name, + /// Role = "roles/containeranalysis.notes.occurrences.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,6 +244,19 @@ public partial class NoteIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -170,18 +269,6 @@ public partial class NoteIamMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -243,6 +330,19 @@ public sealed class NoteIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -255,18 +355,6 @@ public sealed class NoteIamMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -296,6 +384,19 @@ public sealed class NoteIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -308,18 +409,6 @@ public sealed class NoteIamMemberState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ContainerAnalysis/NoteIamPolicy.cs b/sdk/dotnet/ContainerAnalysis/NoteIamPolicy.cs index b686d0a999..e00060472d 100644 --- a/sdk/dotnet/ContainerAnalysis/NoteIamPolicy.cs +++ b/sdk/dotnet/ContainerAnalysis/NoteIamPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.ContainerAnalysis /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_container\_analysis\_note\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/containeranalysis.notes.occurrences.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ContainerAnalysis.NoteIamPolicy("policy", new() + /// { + /// Project = note.Project, + /// Note = note.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_container\_analysis\_note\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ContainerAnalysis.NoteIamBinding("binding", new() + /// { + /// Project = note.Project, + /// Note = note.Name, + /// Role = "roles/containeranalysis.notes.occurrences.viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_container\_analysis\_note\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ContainerAnalysis.NoteIamMember("member", new() + /// { + /// Project = note.Project, + /// Note = note.Name, + /// Role = "roles/containeranalysis.notes.occurrences.viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,18 +257,6 @@ public partial class NoteIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -249,18 +323,6 @@ public sealed class NoteIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -295,18 +357,6 @@ public sealed class NoteIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataCatalog/EntryGroupIamBinding.cs b/sdk/dotnet/DataCatalog/EntryGroupIamBinding.cs index 861c1ac506..48a258efd1 100644 --- a/sdk/dotnet/DataCatalog/EntryGroupIamBinding.cs +++ b/sdk/dotnet/DataCatalog/EntryGroupIamBinding.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.DataCatalog /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_data\_catalog\_entry\_group\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataCatalog.EntryGroupIamPolicy("policy", new() + /// { + /// EntryGroup = basicEntryGroup.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_entry\_group\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataCatalog.EntryGroupIamBinding("binding", new() + /// { + /// EntryGroup = basicEntryGroup.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_entry\_group\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataCatalog.EntryGroupIamMember("member", new() + /// { + /// EntryGroup = basicEntryGroup.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -163,14 +246,8 @@ public partial class EntryGroupIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -182,6 +259,13 @@ public partial class EntryGroupIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -253,17 +337,9 @@ public sealed class EntryGroupIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -275,6 +351,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -314,17 +400,9 @@ public sealed class EntryGroupIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -336,6 +414,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataCatalog/EntryGroupIamMember.cs b/sdk/dotnet/DataCatalog/EntryGroupIamMember.cs index 84ddd6875a..86da326fe0 100644 --- a/sdk/dotnet/DataCatalog/EntryGroupIamMember.cs +++ b/sdk/dotnet/DataCatalog/EntryGroupIamMember.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.DataCatalog /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_data\_catalog\_entry\_group\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataCatalog.EntryGroupIamPolicy("policy", new() + /// { + /// EntryGroup = basicEntryGroup.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_entry\_group\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataCatalog.EntryGroupIamBinding("binding", new() + /// { + /// EntryGroup = basicEntryGroup.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_entry\_group\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataCatalog.EntryGroupIamMember("member", new() + /// { + /// EntryGroup = basicEntryGroup.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -163,14 +246,8 @@ public partial class EntryGroupIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -182,6 +259,13 @@ public partial class EntryGroupIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -251,14 +335,8 @@ public sealed class EntryGroupIamMemberArgs : global::Pulumi.ResourceArgs [Input("entryGroup", required: true)] public Input EntryGroup { get; set; } = null!; - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -270,6 +348,13 @@ public sealed class EntryGroupIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -307,14 +392,8 @@ public sealed class EntryGroupIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -326,6 +405,13 @@ public sealed class EntryGroupIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataCatalog/EntryGroupIamPolicy.cs b/sdk/dotnet/DataCatalog/EntryGroupIamPolicy.cs index 761f358fcb..d367d25bbc 100644 --- a/sdk/dotnet/DataCatalog/EntryGroupIamPolicy.cs +++ b/sdk/dotnet/DataCatalog/EntryGroupIamPolicy.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.DataCatalog /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_data\_catalog\_entry\_group\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataCatalog.EntryGroupIamPolicy("policy", new() + /// { + /// EntryGroup = basicEntryGroup.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_entry\_group\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataCatalog.EntryGroupIamBinding("binding", new() + /// { + /// EntryGroup = basicEntryGroup.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_entry\_group\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataCatalog.EntryGroupIamMember("member", new() + /// { + /// EntryGroup = basicEntryGroup.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -170,18 +253,6 @@ public partial class EntryGroupIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -251,18 +322,6 @@ public sealed class EntryGroupIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -300,18 +359,6 @@ public sealed class EntryGroupIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataCatalog/PolicyTagIamBinding.cs b/sdk/dotnet/DataCatalog/PolicyTagIamBinding.cs index 4d0d40edff..fa63b1efc8 100644 --- a/sdk/dotnet/DataCatalog/PolicyTagIamBinding.cs +++ b/sdk/dotnet/DataCatalog/PolicyTagIamBinding.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.DataCatalog /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_data\_catalog\_policy\_tag\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataCatalog.PolicyTagIamPolicy("policy", new() + /// { + /// PolicyTag = basicPolicyTag.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_policy\_tag\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataCatalog.PolicyTagIamBinding("binding", new() + /// { + /// PolicyTag = basicPolicyTag.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_policy\_tag\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataCatalog.PolicyTagIamMember("member", new() + /// { + /// PolicyTag = basicPolicyTag.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -151,13 +234,8 @@ public partial class PolicyTagIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +247,12 @@ public partial class PolicyTagIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Output("policyTag")] public Output PolicyTag { get; private set; } = null!; @@ -231,16 +315,9 @@ public sealed class PolicyTagIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -252,6 +329,15 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("policyTag", required: true)] public Input PolicyTag { get; set; } = null!; @@ -282,16 +368,9 @@ public sealed class PolicyTagIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -303,6 +382,15 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("policyTag")] public Input? PolicyTag { get; set; } diff --git a/sdk/dotnet/DataCatalog/PolicyTagIamMember.cs b/sdk/dotnet/DataCatalog/PolicyTagIamMember.cs index 4a3c93ac04..0effeba3fa 100644 --- a/sdk/dotnet/DataCatalog/PolicyTagIamMember.cs +++ b/sdk/dotnet/DataCatalog/PolicyTagIamMember.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.DataCatalog /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_data\_catalog\_policy\_tag\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataCatalog.PolicyTagIamPolicy("policy", new() + /// { + /// PolicyTag = basicPolicyTag.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_policy\_tag\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataCatalog.PolicyTagIamBinding("binding", new() + /// { + /// PolicyTag = basicPolicyTag.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_policy\_tag\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataCatalog.PolicyTagIamMember("member", new() + /// { + /// PolicyTag = basicPolicyTag.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -151,13 +234,8 @@ public partial class PolicyTagIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +247,12 @@ public partial class PolicyTagIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Output("policyTag")] public Output PolicyTag { get; private set; } = null!; @@ -229,13 +313,8 @@ public sealed class PolicyTagIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -247,6 +326,12 @@ public sealed class PolicyTagIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("policyTag", required: true)] public Input PolicyTag { get; set; } = null!; @@ -275,13 +360,8 @@ public sealed class PolicyTagIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -293,6 +373,12 @@ public sealed class PolicyTagIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("policyTag")] public Input? PolicyTag { get; set; } diff --git a/sdk/dotnet/DataCatalog/PolicyTagIamPolicy.cs b/sdk/dotnet/DataCatalog/PolicyTagIamPolicy.cs index a7d7d8ee4c..15b556dba1 100644 --- a/sdk/dotnet/DataCatalog/PolicyTagIamPolicy.cs +++ b/sdk/dotnet/DataCatalog/PolicyTagIamPolicy.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.DataCatalog /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_data\_catalog\_policy\_tag\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataCatalog.PolicyTagIamPolicy("policy", new() + /// { + /// PolicyTag = basicPolicyTag.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_policy\_tag\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataCatalog.PolicyTagIamBinding("binding", new() + /// { + /// PolicyTag = basicPolicyTag.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_policy\_tag\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataCatalog.PolicyTagIamMember("member", new() + /// { + /// PolicyTag = basicPolicyTag.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,18 +240,6 @@ public partial class PolicyTagIamPolicy : global::Pulumi.CustomResource /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("policyTag")] public Output PolicyTag { get; private set; } = null!; @@ -228,18 +299,6 @@ public sealed class PolicyTagIamPolicyArgs : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("policyTag", required: true)] public Input PolicyTag { get; set; } = null!; @@ -267,18 +326,6 @@ public sealed class PolicyTagIamPolicyState : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("policyTag")] public Input? PolicyTag { get; set; } diff --git a/sdk/dotnet/DataCatalog/TagTemplateIamBinding.cs b/sdk/dotnet/DataCatalog/TagTemplateIamBinding.cs index 55ddc7f0d2..a05ff152a6 100644 --- a/sdk/dotnet/DataCatalog/TagTemplateIamBinding.cs +++ b/sdk/dotnet/DataCatalog/TagTemplateIamBinding.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.DataCatalog /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_data\_catalog\_tag\_template\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataCatalog.TagTemplateIamPolicy("policy", new() + /// { + /// TagTemplate = basicTagTemplate.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_tag\_template\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataCatalog.TagTemplateIamBinding("binding", new() + /// { + /// TagTemplate = basicTagTemplate.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_tag\_template\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataCatalog.TagTemplateIamMember("member", new() + /// { + /// TagTemplate = basicTagTemplate.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,14 +240,8 @@ public partial class TagTemplateIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -176,6 +253,13 @@ public partial class TagTemplateIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -247,17 +331,9 @@ public sealed class TagTemplateIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -269,6 +345,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -308,17 +394,9 @@ public sealed class TagTemplateIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -330,6 +408,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataCatalog/TagTemplateIamMember.cs b/sdk/dotnet/DataCatalog/TagTemplateIamMember.cs index 89ac45e323..54802f6459 100644 --- a/sdk/dotnet/DataCatalog/TagTemplateIamMember.cs +++ b/sdk/dotnet/DataCatalog/TagTemplateIamMember.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.DataCatalog /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_data\_catalog\_tag\_template\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataCatalog.TagTemplateIamPolicy("policy", new() + /// { + /// TagTemplate = basicTagTemplate.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_tag\_template\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataCatalog.TagTemplateIamBinding("binding", new() + /// { + /// TagTemplate = basicTagTemplate.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_tag\_template\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataCatalog.TagTemplateIamMember("member", new() + /// { + /// TagTemplate = basicTagTemplate.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,14 +240,8 @@ public partial class TagTemplateIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -176,6 +253,13 @@ public partial class TagTemplateIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -245,14 +329,8 @@ public sealed class TagTemplateIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -264,6 +342,13 @@ public sealed class TagTemplateIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -301,14 +386,8 @@ public sealed class TagTemplateIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -320,6 +399,13 @@ public sealed class TagTemplateIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataCatalog/TagTemplateIamPolicy.cs b/sdk/dotnet/DataCatalog/TagTemplateIamPolicy.cs index 6bb740c0be..8f0b0e9497 100644 --- a/sdk/dotnet/DataCatalog/TagTemplateIamPolicy.cs +++ b/sdk/dotnet/DataCatalog/TagTemplateIamPolicy.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.DataCatalog /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_data\_catalog\_tag\_template\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataCatalog.TagTemplateIamPolicy("policy", new() + /// { + /// TagTemplate = basicTagTemplate.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_tag\_template\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataCatalog.TagTemplateIamBinding("binding", new() + /// { + /// TagTemplate = basicTagTemplate.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_tag\_template\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataCatalog.TagTemplateIamMember("member", new() + /// { + /// TagTemplate = basicTagTemplate.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -164,18 +247,6 @@ public partial class TagTemplateIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -245,18 +316,6 @@ public sealed class TagTemplateIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -294,18 +353,6 @@ public sealed class TagTemplateIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataCatalog/TaxonomyIamBinding.cs b/sdk/dotnet/DataCatalog/TaxonomyIamBinding.cs index 9313ad3973..bf5dcffe3f 100644 --- a/sdk/dotnet/DataCatalog/TaxonomyIamBinding.cs +++ b/sdk/dotnet/DataCatalog/TaxonomyIamBinding.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.DataCatalog /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_data\_catalog\_taxonomy\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataCatalog.TaxonomyIamPolicy("policy", new() + /// { + /// Taxonomy = basicTaxonomy.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_taxonomy\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataCatalog.TaxonomyIamBinding("binding", new() + /// { + /// Taxonomy = basicTaxonomy.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_taxonomy\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataCatalog.TaxonomyIamMember("member", new() + /// { + /// Taxonomy = basicTaxonomy.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,14 +240,8 @@ public partial class TaxonomyIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -176,6 +253,13 @@ public partial class TaxonomyIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -247,17 +331,9 @@ public sealed class TaxonomyIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -269,6 +345,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -308,17 +394,9 @@ public sealed class TaxonomyIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -330,6 +408,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataCatalog/TaxonomyIamMember.cs b/sdk/dotnet/DataCatalog/TaxonomyIamMember.cs index cb79c0b86d..c2b5f9c39d 100644 --- a/sdk/dotnet/DataCatalog/TaxonomyIamMember.cs +++ b/sdk/dotnet/DataCatalog/TaxonomyIamMember.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.DataCatalog /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_data\_catalog\_taxonomy\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataCatalog.TaxonomyIamPolicy("policy", new() + /// { + /// Taxonomy = basicTaxonomy.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_taxonomy\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataCatalog.TaxonomyIamBinding("binding", new() + /// { + /// Taxonomy = basicTaxonomy.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_taxonomy\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataCatalog.TaxonomyIamMember("member", new() + /// { + /// Taxonomy = basicTaxonomy.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,14 +240,8 @@ public partial class TaxonomyIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -176,6 +253,13 @@ public partial class TaxonomyIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -245,14 +329,8 @@ public sealed class TaxonomyIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -264,6 +342,13 @@ public sealed class TaxonomyIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -301,14 +386,8 @@ public sealed class TaxonomyIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -320,6 +399,13 @@ public sealed class TaxonomyIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataCatalog/TaxonomyIamPolicy.cs b/sdk/dotnet/DataCatalog/TaxonomyIamPolicy.cs index 669cc735ac..f14de27e30 100644 --- a/sdk/dotnet/DataCatalog/TaxonomyIamPolicy.cs +++ b/sdk/dotnet/DataCatalog/TaxonomyIamPolicy.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.DataCatalog /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_data\_catalog\_taxonomy\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataCatalog.TaxonomyIamPolicy("policy", new() + /// { + /// Taxonomy = basicTaxonomy.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_taxonomy\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataCatalog.TaxonomyIamBinding("binding", new() + /// { + /// Taxonomy = basicTaxonomy.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_data\_catalog\_taxonomy\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataCatalog.TaxonomyIamMember("member", new() + /// { + /// Taxonomy = basicTaxonomy.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -164,18 +247,6 @@ public partial class TaxonomyIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -245,18 +316,6 @@ public sealed class TaxonomyIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -294,18 +353,6 @@ public sealed class TaxonomyIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/AssetIamBinding.cs b/sdk/dotnet/DataPlex/AssetIamBinding.cs index 954c429b8f..9073a0f44a 100644 --- a/sdk/dotnet/DataPlex/AssetIamBinding.cs +++ b/sdk/dotnet/DataPlex/AssetIamBinding.cs @@ -119,6 +119,101 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_asset\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.AssetIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.DataplexZone, + /// Asset = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_asset\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.AssetIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.DataplexZone, + /// Asset = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_asset\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.AssetIamMember("member", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.DataplexZone, + /// Asset = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -184,14 +279,8 @@ public partial class AssetIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -203,6 +292,13 @@ public partial class AssetIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -280,17 +376,9 @@ public sealed class AssetIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -302,6 +390,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -347,17 +445,9 @@ public sealed class AssetIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -369,6 +459,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/AssetIamMember.cs b/sdk/dotnet/DataPlex/AssetIamMember.cs index 801905ba5b..6acbdf3668 100644 --- a/sdk/dotnet/DataPlex/AssetIamMember.cs +++ b/sdk/dotnet/DataPlex/AssetIamMember.cs @@ -119,6 +119,101 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_asset\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.AssetIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.DataplexZone, + /// Asset = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_asset\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.AssetIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.DataplexZone, + /// Asset = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_asset\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.AssetIamMember("member", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.DataplexZone, + /// Asset = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -184,14 +279,8 @@ public partial class AssetIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -203,6 +292,13 @@ public partial class AssetIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -278,14 +374,8 @@ public sealed class AssetIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -297,6 +387,13 @@ public sealed class AssetIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -340,14 +437,8 @@ public sealed class AssetIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -359,6 +450,13 @@ public sealed class AssetIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/AssetIamPolicy.cs b/sdk/dotnet/DataPlex/AssetIamPolicy.cs index f67ce8f4e5..14e81adfe4 100644 --- a/sdk/dotnet/DataPlex/AssetIamPolicy.cs +++ b/sdk/dotnet/DataPlex/AssetIamPolicy.cs @@ -119,6 +119,101 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_asset\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.AssetIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.DataplexZone, + /// Asset = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_asset\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.AssetIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.DataplexZone, + /// Asset = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_asset\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.AssetIamMember("member", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.DataplexZone, + /// Asset = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -191,18 +286,6 @@ public partial class AssetIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -278,18 +361,6 @@ public sealed class AssetIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -333,18 +404,6 @@ public sealed class AssetIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/DatascanIamBinding.cs b/sdk/dotnet/DataPlex/DatascanIamBinding.cs index 832e88185a..c34212610f 100644 --- a/sdk/dotnet/DataPlex/DatascanIamBinding.cs +++ b/sdk/dotnet/DataPlex/DatascanIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_datascan\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.DatascanIamPolicy("policy", new() + /// { + /// Project = basicProfile.Project, + /// Location = basicProfile.Location, + /// DataScanId = basicProfile.DataScanId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_datascan\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.DatascanIamBinding("binding", new() + /// { + /// Project = basicProfile.Project, + /// Location = basicProfile.Location, + /// DataScanId = basicProfile.DataScanId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_datascan\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.DatascanIamMember("member", new() + /// { + /// Project = basicProfile.Project, + /// Location = basicProfile.Location, + /// DataScanId = basicProfile.DataScanId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -173,14 +262,8 @@ public partial class DatascanIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -192,6 +275,13 @@ public partial class DatascanIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -264,17 +354,9 @@ public sealed class DatascanIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -286,6 +368,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -326,17 +418,9 @@ public sealed class DatascanIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -348,6 +432,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/DatascanIamMember.cs b/sdk/dotnet/DataPlex/DatascanIamMember.cs index ca76857572..5a5d986c9d 100644 --- a/sdk/dotnet/DataPlex/DatascanIamMember.cs +++ b/sdk/dotnet/DataPlex/DatascanIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_datascan\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.DatascanIamPolicy("policy", new() + /// { + /// Project = basicProfile.Project, + /// Location = basicProfile.Location, + /// DataScanId = basicProfile.DataScanId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_datascan\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.DatascanIamBinding("binding", new() + /// { + /// Project = basicProfile.Project, + /// Location = basicProfile.Location, + /// DataScanId = basicProfile.DataScanId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_datascan\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.DatascanIamMember("member", new() + /// { + /// Project = basicProfile.Project, + /// Location = basicProfile.Location, + /// DataScanId = basicProfile.DataScanId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -173,14 +262,8 @@ public partial class DatascanIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -192,6 +275,13 @@ public partial class DatascanIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,14 +352,8 @@ public sealed class DatascanIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -281,6 +365,13 @@ public sealed class DatascanIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -319,14 +410,8 @@ public sealed class DatascanIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -338,6 +423,13 @@ public sealed class DatascanIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/DatascanIamPolicy.cs b/sdk/dotnet/DataPlex/DatascanIamPolicy.cs index ef97224ebe..c7562fb9ac 100644 --- a/sdk/dotnet/DataPlex/DatascanIamPolicy.cs +++ b/sdk/dotnet/DataPlex/DatascanIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_datascan\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.DatascanIamPolicy("policy", new() + /// { + /// Project = basicProfile.Project, + /// Location = basicProfile.Location, + /// DataScanId = basicProfile.DataScanId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_datascan\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.DatascanIamBinding("binding", new() + /// { + /// Project = basicProfile.Project, + /// Location = basicProfile.Location, + /// DataScanId = basicProfile.DataScanId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_datascan\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.DatascanIamMember("member", new() + /// { + /// Project = basicProfile.Project, + /// Location = basicProfile.Location, + /// DataScanId = basicProfile.DataScanId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -180,18 +269,6 @@ public partial class DatascanIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,18 +339,6 @@ public sealed class DatascanIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -312,18 +377,6 @@ public sealed class DatascanIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/LakeIamBinding.cs b/sdk/dotnet/DataPlex/LakeIamBinding.cs index 3150a59647..feddb7c308 100644 --- a/sdk/dotnet/DataPlex/LakeIamBinding.cs +++ b/sdk/dotnet/DataPlex/LakeIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_lake\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.LakeIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_lake\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.LakeIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_lake\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.LakeIamMember("member", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -172,14 +261,8 @@ public partial class LakeIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -191,6 +274,13 @@ public partial class LakeIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,17 +352,9 @@ public sealed class LakeIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -284,6 +366,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -323,17 +415,9 @@ public sealed class LakeIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -345,6 +429,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/LakeIamMember.cs b/sdk/dotnet/DataPlex/LakeIamMember.cs index 1ef647cbee..149bf73f75 100644 --- a/sdk/dotnet/DataPlex/LakeIamMember.cs +++ b/sdk/dotnet/DataPlex/LakeIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_lake\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.LakeIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_lake\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.LakeIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_lake\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.LakeIamMember("member", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -172,14 +261,8 @@ public partial class LakeIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -191,6 +274,13 @@ public partial class LakeIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -260,14 +350,8 @@ public sealed class LakeIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -279,6 +363,13 @@ public sealed class LakeIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -316,14 +407,8 @@ public sealed class LakeIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -335,6 +420,13 @@ public sealed class LakeIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/LakeIamPolicy.cs b/sdk/dotnet/DataPlex/LakeIamPolicy.cs index ee54c12f61..ef4980af5f 100644 --- a/sdk/dotnet/DataPlex/LakeIamPolicy.cs +++ b/sdk/dotnet/DataPlex/LakeIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_lake\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.LakeIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_lake\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.LakeIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_lake\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.LakeIamMember("member", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -179,18 +268,6 @@ public partial class LakeIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -260,18 +337,6 @@ public sealed class LakeIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -309,18 +374,6 @@ public sealed class LakeIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/TaskIamBinding.cs b/sdk/dotnet/DataPlex/TaskIamBinding.cs index 1be034b7d1..0cb0457b69 100644 --- a/sdk/dotnet/DataPlex/TaskIamBinding.cs +++ b/sdk/dotnet/DataPlex/TaskIamBinding.cs @@ -116,6 +116,98 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_task\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.TaskIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// TaskId = example.TaskId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_task\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.TaskIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// TaskId = example.TaskId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_task\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.TaskIamMember("member", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// TaskId = example.TaskId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -180,14 +272,8 @@ public partial class TaskIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -199,6 +285,13 @@ public partial class TaskIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -278,17 +371,9 @@ public sealed class TaskIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -300,6 +385,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -347,17 +442,9 @@ public sealed class TaskIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -369,6 +456,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/TaskIamMember.cs b/sdk/dotnet/DataPlex/TaskIamMember.cs index 808dd35ba3..c69f3fbbcb 100644 --- a/sdk/dotnet/DataPlex/TaskIamMember.cs +++ b/sdk/dotnet/DataPlex/TaskIamMember.cs @@ -116,6 +116,98 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_task\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.TaskIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// TaskId = example.TaskId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_task\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.TaskIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// TaskId = example.TaskId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_task\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.TaskIamMember("member", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// TaskId = example.TaskId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -180,14 +272,8 @@ public partial class TaskIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -199,6 +285,13 @@ public partial class TaskIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -276,14 +369,8 @@ public sealed class TaskIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +382,13 @@ public sealed class TaskIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -340,14 +434,8 @@ public sealed class TaskIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -359,6 +447,13 @@ public sealed class TaskIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/TaskIamPolicy.cs b/sdk/dotnet/DataPlex/TaskIamPolicy.cs index 3b58b0a4c7..7e52ea2e99 100644 --- a/sdk/dotnet/DataPlex/TaskIamPolicy.cs +++ b/sdk/dotnet/DataPlex/TaskIamPolicy.cs @@ -116,6 +116,98 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_task\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.TaskIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// TaskId = example.TaskId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_task\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.TaskIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// TaskId = example.TaskId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_task\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.TaskIamMember("member", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// TaskId = example.TaskId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -187,18 +279,6 @@ public partial class TaskIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -276,18 +356,6 @@ public sealed class TaskIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -333,18 +401,6 @@ public sealed class TaskIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/ZoneIamBinding.cs b/sdk/dotnet/DataPlex/ZoneIamBinding.cs index fe10cb3fac..1dba5f8740 100644 --- a/sdk/dotnet/DataPlex/ZoneIamBinding.cs +++ b/sdk/dotnet/DataPlex/ZoneIamBinding.cs @@ -116,6 +116,98 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_zone\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.ZoneIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_zone\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.ZoneIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_zone\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.ZoneIamMember("member", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -178,14 +270,8 @@ public partial class ZoneIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -197,6 +283,13 @@ public partial class ZoneIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -271,17 +364,9 @@ public sealed class ZoneIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -293,6 +378,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -335,17 +430,9 @@ public sealed class ZoneIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -357,6 +444,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/ZoneIamMember.cs b/sdk/dotnet/DataPlex/ZoneIamMember.cs index d1a0243278..00b4368177 100644 --- a/sdk/dotnet/DataPlex/ZoneIamMember.cs +++ b/sdk/dotnet/DataPlex/ZoneIamMember.cs @@ -116,6 +116,98 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_zone\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.ZoneIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_zone\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.ZoneIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_zone\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.ZoneIamMember("member", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -178,14 +270,8 @@ public partial class ZoneIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -197,6 +283,13 @@ public partial class ZoneIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -269,14 +362,8 @@ public sealed class ZoneIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -288,6 +375,13 @@ public sealed class ZoneIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -328,14 +422,8 @@ public sealed class ZoneIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -347,6 +435,13 @@ public sealed class ZoneIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/DataPlex/ZoneIamPolicy.cs b/sdk/dotnet/DataPlex/ZoneIamPolicy.cs index a3bc1c61a0..f495d66520 100644 --- a/sdk/dotnet/DataPlex/ZoneIamPolicy.cs +++ b/sdk/dotnet/DataPlex/ZoneIamPolicy.cs @@ -116,6 +116,98 @@ namespace Pulumi.Gcp.DataPlex /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataplex\_zone\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.DataPlex.ZoneIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_zone\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.DataPlex.ZoneIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataplex\_zone\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.DataPlex.ZoneIamMember("member", new() + /// { + /// Project = example.Project, + /// Location = example.Location, + /// Lake = example.Lake, + /// DataplexZone = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -185,18 +277,6 @@ public partial class ZoneIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -269,18 +349,6 @@ public sealed class ZoneIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -321,18 +389,6 @@ public sealed class ZoneIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Dataproc/AutoscalingPolicyIamBinding.cs b/sdk/dotnet/Dataproc/AutoscalingPolicyIamBinding.cs index 9340b83794..9cc3432709 100644 --- a/sdk/dotnet/Dataproc/AutoscalingPolicyIamBinding.cs +++ b/sdk/dotnet/Dataproc/AutoscalingPolicyIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Dataproc /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataproc\_autoscaling\_policy\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy("policy", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// PolicyId = basic.PolicyId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_autoscaling\_policy\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding("binding", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// PolicyId = basic.PolicyId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_autoscaling\_policy\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Dataproc.AutoscalingPolicyIamMember("member", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// PolicyId = basic.PolicyId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,6 +260,19 @@ public partial class AutoscalingPolicyIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -186,18 +288,6 @@ public partial class AutoscalingPolicyIamBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -269,6 +359,20 @@ public sealed class AutoscalingPolicyIamBindingArgs : global::Pulumi.ResourceArg [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -287,18 +391,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -338,6 +430,20 @@ public sealed class AutoscalingPolicyIamBindingState : global::Pulumi.ResourceAr [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -356,18 +462,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Dataproc/AutoscalingPolicyIamMember.cs b/sdk/dotnet/Dataproc/AutoscalingPolicyIamMember.cs index 6b97a00385..ff7ac7a448 100644 --- a/sdk/dotnet/Dataproc/AutoscalingPolicyIamMember.cs +++ b/sdk/dotnet/Dataproc/AutoscalingPolicyIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Dataproc /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataproc\_autoscaling\_policy\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy("policy", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// PolicyId = basic.PolicyId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_autoscaling\_policy\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding("binding", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// PolicyId = basic.PolicyId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_autoscaling\_policy\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Dataproc.AutoscalingPolicyIamMember("member", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// PolicyId = basic.PolicyId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,6 +260,19 @@ public partial class AutoscalingPolicyIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -186,18 +288,6 @@ public partial class AutoscalingPolicyIamMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -267,6 +357,19 @@ public sealed class AutoscalingPolicyIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -282,18 +385,6 @@ public sealed class AutoscalingPolicyIamMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -331,6 +422,19 @@ public sealed class AutoscalingPolicyIamMemberState : global::Pulumi.ResourceArg [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -346,18 +450,6 @@ public sealed class AutoscalingPolicyIamMemberState : global::Pulumi.ResourceArg /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Dataproc/AutoscalingPolicyIamPolicy.cs b/sdk/dotnet/Dataproc/AutoscalingPolicyIamPolicy.cs index 3ffd336cf9..f5f9b8646b 100644 --- a/sdk/dotnet/Dataproc/AutoscalingPolicyIamPolicy.cs +++ b/sdk/dotnet/Dataproc/AutoscalingPolicyIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Dataproc /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataproc\_autoscaling\_policy\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Dataproc.AutoscalingPolicyIamPolicy("policy", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// PolicyId = basic.PolicyId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_autoscaling\_policy\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Dataproc.AutoscalingPolicyIamBinding("binding", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// PolicyId = basic.PolicyId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_autoscaling\_policy\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Dataproc.AutoscalingPolicyIamMember("member", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// PolicyId = basic.PolicyId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -187,18 +276,6 @@ public partial class AutoscalingPolicyIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -276,18 +353,6 @@ public sealed class AutoscalingPolicyIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -333,18 +398,6 @@ public sealed class AutoscalingPolicyIamPolicyState : global::Pulumi.ResourceArg /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Dataproc/ClusterIAMBinding.cs b/sdk/dotnet/Dataproc/ClusterIAMBinding.cs index bee3fe5693..be16f2ef6a 100644 --- a/sdk/dotnet/Dataproc/ClusterIAMBinding.cs +++ b/sdk/dotnet/Dataproc/ClusterIAMBinding.cs @@ -105,6 +105,91 @@ namespace Pulumi.Gcp.Dataproc /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataproc\_cluster\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.Dataproc.ClusterIAMPolicy("editor", new() + /// { + /// Project = "your-project", + /// Region = "your-region", + /// Cluster = "your-dataproc-cluster", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_cluster\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Dataproc.ClusterIAMBinding("editor", new() + /// { + /// Cluster = "your-dataproc-cluster", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_cluster\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Dataproc.ClusterIAMMember("editor", new() + /// { + /// Cluster = "your-dataproc-cluster", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -138,15 +223,6 @@ public partial class ClusterIAMBinding : global::Pulumi.CustomResource /// The name or relative resource id of the cluster to manage IAM policies for. /// /// For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("cluster")] public Output Cluster { get; private set; } = null!; @@ -160,6 +236,16 @@ public partial class ClusterIAMBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -237,15 +323,6 @@ public sealed class ClusterIAMBindingArgs : global::Pulumi.ResourceArgs /// The name or relative resource id of the cluster to manage IAM policies for. /// /// For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("cluster", required: true)] public Input Cluster { get; set; } = null!; @@ -255,6 +332,17 @@ public sealed class ClusterIAMBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -297,15 +385,6 @@ public sealed class ClusterIAMBindingState : global::Pulumi.ResourceArgs /// The name or relative resource id of the cluster to manage IAM policies for. /// /// For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("cluster")] public Input? Cluster { get; set; } @@ -321,6 +400,17 @@ public sealed class ClusterIAMBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Dataproc/ClusterIAMMember.cs b/sdk/dotnet/Dataproc/ClusterIAMMember.cs index 618633d254..cf839154b1 100644 --- a/sdk/dotnet/Dataproc/ClusterIAMMember.cs +++ b/sdk/dotnet/Dataproc/ClusterIAMMember.cs @@ -105,6 +105,91 @@ namespace Pulumi.Gcp.Dataproc /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataproc\_cluster\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.Dataproc.ClusterIAMPolicy("editor", new() + /// { + /// Project = "your-project", + /// Region = "your-region", + /// Cluster = "your-dataproc-cluster", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_cluster\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Dataproc.ClusterIAMBinding("editor", new() + /// { + /// Cluster = "your-dataproc-cluster", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_cluster\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Dataproc.ClusterIAMMember("editor", new() + /// { + /// Cluster = "your-dataproc-cluster", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -138,15 +223,6 @@ public partial class ClusterIAMMember : global::Pulumi.CustomResource /// The name or relative resource id of the cluster to manage IAM policies for. /// /// For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("cluster")] public Output Cluster { get; private set; } = null!; @@ -160,6 +236,16 @@ public partial class ClusterIAMMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -237,8 +323,15 @@ public sealed class ClusterIAMMemberArgs : global::Pulumi.ResourceArgs /// The name or relative resource id of the cluster to manage IAM policies for. /// /// For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("cluster", required: true)] + public Input Cluster { get; set; } = null!; + + [Input("condition")] + public Input? Condition { get; set; } + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -247,12 +340,6 @@ public sealed class ClusterIAMMemberArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("cluster", required: true)] - public Input Cluster { get; set; } = null!; - - [Input("condition")] - public Input? Condition { get; set; } - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -292,15 +379,6 @@ public sealed class ClusterIAMMemberState : global::Pulumi.ResourceArgs /// The name or relative resource id of the cluster to manage IAM policies for. /// /// For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("cluster")] public Input? Cluster { get; set; } @@ -314,6 +392,16 @@ public sealed class ClusterIAMMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Dataproc/ClusterIAMPolicy.cs b/sdk/dotnet/Dataproc/ClusterIAMPolicy.cs index 0b1c9c02ab..4c46030559 100644 --- a/sdk/dotnet/Dataproc/ClusterIAMPolicy.cs +++ b/sdk/dotnet/Dataproc/ClusterIAMPolicy.cs @@ -105,6 +105,91 @@ namespace Pulumi.Gcp.Dataproc /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataproc\_cluster\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.Dataproc.ClusterIAMPolicy("editor", new() + /// { + /// Project = "your-project", + /// Region = "your-region", + /// Cluster = "your-dataproc-cluster", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_cluster\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Dataproc.ClusterIAMBinding("editor", new() + /// { + /// Cluster = "your-dataproc-cluster", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_cluster\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Dataproc.ClusterIAMMember("editor", new() + /// { + /// Cluster = "your-dataproc-cluster", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -138,15 +223,6 @@ public partial class ClusterIAMPolicy : global::Pulumi.CustomResource /// The name or relative resource id of the cluster to manage IAM policies for. /// /// For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("cluster")] public Output Cluster { get; private set; } = null!; @@ -229,15 +305,6 @@ public sealed class ClusterIAMPolicyArgs : global::Pulumi.ResourceArgs /// The name or relative resource id of the cluster to manage IAM policies for. /// /// For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("cluster", required: true)] public Input Cluster { get; set; } = null!; @@ -276,15 +343,6 @@ public sealed class ClusterIAMPolicyState : global::Pulumi.ResourceArgs /// The name or relative resource id of the cluster to manage IAM policies for. /// /// For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("cluster")] public Input? Cluster { get; set; } diff --git a/sdk/dotnet/Dataproc/JobIAMBinding.cs b/sdk/dotnet/Dataproc/JobIAMBinding.cs index a629671a34..cd4846858d 100644 --- a/sdk/dotnet/Dataproc/JobIAMBinding.cs +++ b/sdk/dotnet/Dataproc/JobIAMBinding.cs @@ -105,6 +105,91 @@ namespace Pulumi.Gcp.Dataproc /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataproc\_job\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.Dataproc.JobIAMPolicy("editor", new() + /// { + /// Project = "your-project", + /// Region = "your-region", + /// JobId = "your-dataproc-job", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_job\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Dataproc.JobIAMBinding("editor", new() + /// { + /// JobId = "your-dataproc-job", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_job\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Dataproc.JobIAMMember("editor", new() + /// { + /// JobId = "your-dataproc-job", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -146,6 +231,16 @@ public partial class JobIAMBinding : global::Pulumi.CustomResource [Output("jobId")] public Output JobId { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -227,6 +322,17 @@ public sealed class JobIAMBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -279,6 +385,17 @@ public sealed class JobIAMBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Dataproc/JobIAMMember.cs b/sdk/dotnet/Dataproc/JobIAMMember.cs index f73c76c8a1..ace578cfe2 100644 --- a/sdk/dotnet/Dataproc/JobIAMMember.cs +++ b/sdk/dotnet/Dataproc/JobIAMMember.cs @@ -105,6 +105,91 @@ namespace Pulumi.Gcp.Dataproc /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataproc\_job\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.Dataproc.JobIAMPolicy("editor", new() + /// { + /// Project = "your-project", + /// Region = "your-region", + /// JobId = "your-dataproc-job", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_job\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Dataproc.JobIAMBinding("editor", new() + /// { + /// JobId = "your-dataproc-job", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_job\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Dataproc.JobIAMMember("editor", new() + /// { + /// JobId = "your-dataproc-job", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -146,6 +231,16 @@ public partial class JobIAMMember : global::Pulumi.CustomResource [Output("jobId")] public Output JobId { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -225,6 +320,16 @@ public sealed class JobIAMMemberArgs : global::Pulumi.ResourceArgs [Input("jobId", required: true)] public Input JobId { get; set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -272,6 +377,16 @@ public sealed class JobIAMMemberState : global::Pulumi.ResourceArgs [Input("jobId")] public Input? JobId { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Dataproc/JobIAMPolicy.cs b/sdk/dotnet/Dataproc/JobIAMPolicy.cs index c8e2d19334..7b589e2055 100644 --- a/sdk/dotnet/Dataproc/JobIAMPolicy.cs +++ b/sdk/dotnet/Dataproc/JobIAMPolicy.cs @@ -105,6 +105,91 @@ namespace Pulumi.Gcp.Dataproc /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataproc\_job\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.Dataproc.JobIAMPolicy("editor", new() + /// { + /// Project = "your-project", + /// Region = "your-region", + /// JobId = "your-dataproc-job", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_job\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Dataproc.JobIAMBinding("editor", new() + /// { + /// JobId = "your-dataproc-job", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_job\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.Dataproc.JobIAMMember("editor", new() + /// { + /// JobId = "your-dataproc-job", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies diff --git a/sdk/dotnet/Dataproc/MetastoreFederationIamBinding.cs b/sdk/dotnet/Dataproc/MetastoreFederationIamBinding.cs index 6ddd83b92c..a1635aab92 100644 --- a/sdk/dotnet/Dataproc/MetastoreFederationIamBinding.cs +++ b/sdk/dotnet/Dataproc/MetastoreFederationIamBinding.cs @@ -70,14 +70,8 @@ public partial class MetastoreFederationIamBinding : global::Pulumi.CustomResour [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -89,6 +83,13 @@ public partial class MetastoreFederationIamBinding : global::Pulumi.CustomResour /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -161,17 +162,9 @@ public sealed class MetastoreFederationIamBindingArgs : global::Pulumi.ResourceA [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -183,6 +176,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -223,17 +226,9 @@ public sealed class MetastoreFederationIamBindingState : global::Pulumi.Resource [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -245,6 +240,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Dataproc/MetastoreFederationIamMember.cs b/sdk/dotnet/Dataproc/MetastoreFederationIamMember.cs index 3f2fc7615e..0bb905e86d 100644 --- a/sdk/dotnet/Dataproc/MetastoreFederationIamMember.cs +++ b/sdk/dotnet/Dataproc/MetastoreFederationIamMember.cs @@ -70,14 +70,8 @@ public partial class MetastoreFederationIamMember : global::Pulumi.CustomResourc [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -89,6 +83,13 @@ public partial class MetastoreFederationIamMember : global::Pulumi.CustomResourc /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -159,14 +160,8 @@ public sealed class MetastoreFederationIamMemberArgs : global::Pulumi.ResourceAr [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -178,6 +173,13 @@ public sealed class MetastoreFederationIamMemberArgs : global::Pulumi.ResourceAr /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -216,14 +218,8 @@ public sealed class MetastoreFederationIamMemberState : global::Pulumi.ResourceA [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -235,6 +231,13 @@ public sealed class MetastoreFederationIamMemberState : global::Pulumi.ResourceA /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Dataproc/MetastoreFederationIamPolicy.cs b/sdk/dotnet/Dataproc/MetastoreFederationIamPolicy.cs index 2ffe6c63c2..3ce9aa36eb 100644 --- a/sdk/dotnet/Dataproc/MetastoreFederationIamPolicy.cs +++ b/sdk/dotnet/Dataproc/MetastoreFederationIamPolicy.cs @@ -77,18 +77,6 @@ public partial class MetastoreFederationIamPolicy : global::Pulumi.CustomResourc /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -159,18 +147,6 @@ public sealed class MetastoreFederationIamPolicyArgs : global::Pulumi.ResourceAr /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -209,18 +185,6 @@ public sealed class MetastoreFederationIamPolicyState : global::Pulumi.ResourceA /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Dataproc/MetastoreServiceIamBinding.cs b/sdk/dotnet/Dataproc/MetastoreServiceIamBinding.cs index e30c0678e0..6a562e5e2c 100644 --- a/sdk/dotnet/Dataproc/MetastoreServiceIamBinding.cs +++ b/sdk/dotnet/Dataproc/MetastoreServiceIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Dataproc /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataproc\_metastore\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// ServiceId = @default.ServiceId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_metastore\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Dataproc.MetastoreServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// ServiceId = @default.ServiceId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_metastore\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Dataproc.MetastoreServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// ServiceId = @default.ServiceId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,14 +260,8 @@ public partial class MetastoreServiceIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -190,6 +273,13 @@ public partial class MetastoreServiceIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -263,17 +353,9 @@ public sealed class MetastoreServiceIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -285,6 +367,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -326,17 +418,9 @@ public sealed class MetastoreServiceIamBindingState : global::Pulumi.ResourceArg [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -348,6 +432,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Dataproc/MetastoreServiceIamMember.cs b/sdk/dotnet/Dataproc/MetastoreServiceIamMember.cs index df109ce892..e25112311b 100644 --- a/sdk/dotnet/Dataproc/MetastoreServiceIamMember.cs +++ b/sdk/dotnet/Dataproc/MetastoreServiceIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Dataproc /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataproc\_metastore\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// ServiceId = @default.ServiceId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_metastore\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Dataproc.MetastoreServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// ServiceId = @default.ServiceId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_metastore\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Dataproc.MetastoreServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// ServiceId = @default.ServiceId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,14 +260,8 @@ public partial class MetastoreServiceIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -190,6 +273,13 @@ public partial class MetastoreServiceIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -261,14 +351,8 @@ public sealed class MetastoreServiceIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -280,6 +364,13 @@ public sealed class MetastoreServiceIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -319,14 +410,8 @@ public sealed class MetastoreServiceIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -338,6 +423,13 @@ public sealed class MetastoreServiceIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Dataproc/MetastoreServiceIamPolicy.cs b/sdk/dotnet/Dataproc/MetastoreServiceIamPolicy.cs index 6ad7a8cc63..034b7b2e8f 100644 --- a/sdk/dotnet/Dataproc/MetastoreServiceIamPolicy.cs +++ b/sdk/dotnet/Dataproc/MetastoreServiceIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Dataproc /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dataproc\_metastore\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Dataproc.MetastoreServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// ServiceId = @default.ServiceId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_metastore\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Dataproc.MetastoreServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// ServiceId = @default.ServiceId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dataproc\_metastore\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Dataproc.MetastoreServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// Location = @default.Location, + /// ServiceId = @default.ServiceId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -178,18 +267,6 @@ public partial class MetastoreServiceIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -261,18 +338,6 @@ public sealed class MetastoreServiceIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -312,18 +377,6 @@ public sealed class MetastoreServiceIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Dns/DnsManagedZoneIamBinding.cs b/sdk/dotnet/Dns/DnsManagedZoneIamBinding.cs index e11f3ea55f..9224ae123a 100644 --- a/sdk/dotnet/Dns/DnsManagedZoneIamBinding.cs +++ b/sdk/dotnet/Dns/DnsManagedZoneIamBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.Dns /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dns\_managed\_zone\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Dns.DnsManagedZoneIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// ManagedZone = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dns\_managed\_zone\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Dns.DnsManagedZoneIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// ManagedZone = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dns\_managed\_zone\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Dns.DnsManagedZoneIamMember("member", new() + /// { + /// Project = @default.Project, + /// ManagedZone = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -164,14 +250,8 @@ public partial class DnsManagedZoneIamBinding : global::Pulumi.CustomResource [Output("managedZone")] public Output ManagedZone { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -183,6 +263,13 @@ public partial class DnsManagedZoneIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -251,17 +338,9 @@ public sealed class DnsManagedZoneIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -273,6 +352,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -309,17 +398,9 @@ public sealed class DnsManagedZoneIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -331,6 +412,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Dns/DnsManagedZoneIamMember.cs b/sdk/dotnet/Dns/DnsManagedZoneIamMember.cs index f016b07f36..6c4db340c2 100644 --- a/sdk/dotnet/Dns/DnsManagedZoneIamMember.cs +++ b/sdk/dotnet/Dns/DnsManagedZoneIamMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.Dns /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dns\_managed\_zone\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Dns.DnsManagedZoneIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// ManagedZone = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dns\_managed\_zone\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Dns.DnsManagedZoneIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// ManagedZone = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dns\_managed\_zone\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Dns.DnsManagedZoneIamMember("member", new() + /// { + /// Project = @default.Project, + /// ManagedZone = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -164,14 +250,8 @@ public partial class DnsManagedZoneIamMember : global::Pulumi.CustomResource [Output("managedZone")] public Output ManagedZone { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -183,6 +263,13 @@ public partial class DnsManagedZoneIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -249,14 +336,8 @@ public sealed class DnsManagedZoneIamMemberArgs : global::Pulumi.ResourceArgs [Input("managedZone", required: true)] public Input ManagedZone { get; set; } = null!; - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -268,6 +349,13 @@ public sealed class DnsManagedZoneIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -302,14 +390,8 @@ public sealed class DnsManagedZoneIamMemberState : global::Pulumi.ResourceArgs [Input("managedZone")] public Input? ManagedZone { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -321,6 +403,13 @@ public sealed class DnsManagedZoneIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Dns/DnsManagedZoneIamPolicy.cs b/sdk/dotnet/Dns/DnsManagedZoneIamPolicy.cs index 0c8b30878c..6fb7057f1f 100644 --- a/sdk/dotnet/Dns/DnsManagedZoneIamPolicy.cs +++ b/sdk/dotnet/Dns/DnsManagedZoneIamPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.Dns /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_dns\_managed\_zone\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Dns.DnsManagedZoneIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// ManagedZone = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dns\_managed\_zone\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Dns.DnsManagedZoneIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// ManagedZone = @default.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_dns\_managed\_zone\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Dns.DnsManagedZoneIamMember("member", new() + /// { + /// Project = @default.Project, + /// ManagedZone = @default.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,18 +257,6 @@ public partial class DnsManagedZoneIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -249,18 +323,6 @@ public sealed class DnsManagedZoneIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -295,18 +357,6 @@ public sealed class DnsManagedZoneIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Endpoints/ConsumersIamBinding.cs b/sdk/dotnet/Endpoints/ConsumersIamBinding.cs index 9470d4da31..66781efeeb 100644 --- a/sdk/dotnet/Endpoints/ConsumersIamBinding.cs +++ b/sdk/dotnet/Endpoints/ConsumersIamBinding.cs @@ -75,6 +75,19 @@ public partial class ConsumersIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -143,6 +156,20 @@ public sealed class ConsumersIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -182,6 +209,20 @@ public sealed class ConsumersIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Endpoints/ConsumersIamMember.cs b/sdk/dotnet/Endpoints/ConsumersIamMember.cs index 4e17ac3ee2..d38bb6b3c8 100644 --- a/sdk/dotnet/Endpoints/ConsumersIamMember.cs +++ b/sdk/dotnet/Endpoints/ConsumersIamMember.cs @@ -75,6 +75,19 @@ public partial class ConsumersIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -141,6 +154,19 @@ public sealed class ConsumersIamMemberArgs : global::Pulumi.ResourceArgs [Input("consumerProject", required: true)] public Input ConsumerProject { get; set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -175,6 +201,19 @@ public sealed class ConsumersIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Endpoints/ServiceIamBinding.cs b/sdk/dotnet/Endpoints/ServiceIamBinding.cs index cbb933e098..2a3090b747 100644 --- a/sdk/dotnet/Endpoints/ServiceIamBinding.cs +++ b/sdk/dotnet/Endpoints/ServiceIamBinding.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.Endpoints /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_endpoints\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Endpoints.ServiceIamPolicy("policy", new() + /// { + /// ServiceName = endpointsService.ServiceName, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_endpoints\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Endpoints.ServiceIamBinding("binding", new() + /// { + /// ServiceName = endpointsService.ServiceName, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_endpoints\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Endpoints.ServiceIamMember("member", new() + /// { + /// ServiceName = endpointsService.ServiceName, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,6 +236,19 @@ public partial class ServiceIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -218,6 +314,20 @@ public sealed class ServiceIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -254,6 +364,20 @@ public sealed class ServiceIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Endpoints/ServiceIamMember.cs b/sdk/dotnet/Endpoints/ServiceIamMember.cs index fd1cef95d9..c317aec7bd 100644 --- a/sdk/dotnet/Endpoints/ServiceIamMember.cs +++ b/sdk/dotnet/Endpoints/ServiceIamMember.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.Endpoints /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_endpoints\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Endpoints.ServiceIamPolicy("policy", new() + /// { + /// ServiceName = endpointsService.ServiceName, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_endpoints\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Endpoints.ServiceIamBinding("binding", new() + /// { + /// ServiceName = endpointsService.ServiceName, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_endpoints\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Endpoints.ServiceIamMember("member", new() + /// { + /// ServiceName = endpointsService.ServiceName, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,6 +236,19 @@ public partial class ServiceIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -216,6 +312,19 @@ public sealed class ServiceIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -247,6 +356,19 @@ public sealed class ServiceIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Endpoints/ServiceIamPolicy.cs b/sdk/dotnet/Endpoints/ServiceIamPolicy.cs index 64b35747ee..a1c9a28c60 100644 --- a/sdk/dotnet/Endpoints/ServiceIamPolicy.cs +++ b/sdk/dotnet/Endpoints/ServiceIamPolicy.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.Endpoints /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_endpoints\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Endpoints.ServiceIamPolicy("policy", new() + /// { + /// ServiceName = endpointsService.ServiceName, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_endpoints\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Endpoints.ServiceIamBinding("binding", new() + /// { + /// ServiceName = endpointsService.ServiceName, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_endpoints\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Endpoints.ServiceIamMember("member", new() + /// { + /// ServiceName = endpointsService.ServiceName, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/dotnet/Folder/IAMMember.cs b/sdk/dotnet/Folder/IAMMember.cs index d174828c0f..025ff276f2 100644 --- a/sdk/dotnet/Folder/IAMMember.cs +++ b/sdk/dotnet/Folder/IAMMember.cs @@ -252,6 +252,234 @@ namespace Pulumi.Gcp.Folder /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_folder\_iam\_policy + /// + /// !> **Be careful!** You can accidentally lock yourself out of your folder + /// using this resource. Deleting a `gcp.folder.IAMPolicy` removes access + /// from anyone without permissions on its parent folder/organization. Proceed with caution. + /// It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder + /// to avoid locking yourself out, and it should generally only be used with folders + /// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + /// applying the change. + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var folder = new Gcp.Folder.IAMPolicy("folder", new() + /// { + /// Folder = "folders/1234567", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var folder = new Gcp.Folder.IAMPolicy("folder", new() + /// { + /// Folder = "folders/1234567", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_folder\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IAMBinding("folder", new() + /// { + /// Folder = "folders/1234567", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IAMBinding("folder", new() + /// { + /// Folder = "folders/1234567", + /// Role = "roles/container.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_folder\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IAMMember("folder", new() + /// { + /// Folder = "folders/1234567", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IAMMember("folder", new() + /// { + /// Folder = "folders/1234567", + /// Role = "roles/firebase.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_folder\_iam\_audit\_config + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IamAuditConfig("folder", new() + /// { + /// Folder = "folders/1234567", + /// Service = "allServices", + /// AuditLogConfigs = new[] + /// { + /// new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs + /// { + /// LogType = "ADMIN_READ", + /// }, + /// new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs + /// { + /// LogType = "DATA_READ", + /// ExemptedMembers = new[] + /// { + /// "user:joebloggs@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing Audit Configs @@ -300,6 +528,14 @@ public partial class IAMMember : global::Pulumi.CustomResource [Output("folder")] public Output Folder { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -370,6 +606,14 @@ public sealed class IAMMemberArgs : global::Pulumi.ResourceArgs [Input("folder", required: true)] public Input Folder { get; set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -408,6 +652,14 @@ public sealed class IAMMemberState : global::Pulumi.ResourceArgs [Input("folder")] public Input? Folder { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Folder/IAMPolicy.cs b/sdk/dotnet/Folder/IAMPolicy.cs index 75d1083b6a..7b39e7ee8a 100644 --- a/sdk/dotnet/Folder/IAMPolicy.cs +++ b/sdk/dotnet/Folder/IAMPolicy.cs @@ -252,6 +252,234 @@ namespace Pulumi.Gcp.Folder /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_folder\_iam\_policy + /// + /// !> **Be careful!** You can accidentally lock yourself out of your folder + /// using this resource. Deleting a `gcp.folder.IAMPolicy` removes access + /// from anyone without permissions on its parent folder/organization. Proceed with caution. + /// It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder + /// to avoid locking yourself out, and it should generally only be used with folders + /// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + /// applying the change. + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var folder = new Gcp.Folder.IAMPolicy("folder", new() + /// { + /// Folder = "folders/1234567", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var folder = new Gcp.Folder.IAMPolicy("folder", new() + /// { + /// Folder = "folders/1234567", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_folder\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IAMBinding("folder", new() + /// { + /// Folder = "folders/1234567", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IAMBinding("folder", new() + /// { + /// Folder = "folders/1234567", + /// Role = "roles/container.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_folder\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IAMMember("folder", new() + /// { + /// Folder = "folders/1234567", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IAMMember("folder", new() + /// { + /// Folder = "folders/1234567", + /// Role = "roles/firebase.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_folder\_iam\_audit\_config + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IamAuditConfig("folder", new() + /// { + /// Folder = "folders/1234567", + /// Service = "allServices", + /// AuditLogConfigs = new[] + /// { + /// new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs + /// { + /// LogType = "ADMIN_READ", + /// }, + /// new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs + /// { + /// LogType = "DATA_READ", + /// ExemptedMembers = new[] + /// { + /// "user:joebloggs@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing Audit Configs diff --git a/sdk/dotnet/Folder/IamAuditConfig.cs b/sdk/dotnet/Folder/IamAuditConfig.cs index 67925b8616..9db5793a15 100644 --- a/sdk/dotnet/Folder/IamAuditConfig.cs +++ b/sdk/dotnet/Folder/IamAuditConfig.cs @@ -252,6 +252,234 @@ namespace Pulumi.Gcp.Folder /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_folder\_iam\_policy + /// + /// !> **Be careful!** You can accidentally lock yourself out of your folder + /// using this resource. Deleting a `gcp.folder.IAMPolicy` removes access + /// from anyone without permissions on its parent folder/organization. Proceed with caution. + /// It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder + /// to avoid locking yourself out, and it should generally only be used with folders + /// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + /// applying the change. + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var folder = new Gcp.Folder.IAMPolicy("folder", new() + /// { + /// Folder = "folders/1234567", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var folder = new Gcp.Folder.IAMPolicy("folder", new() + /// { + /// Folder = "folders/1234567", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_folder\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IAMBinding("folder", new() + /// { + /// Folder = "folders/1234567", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IAMBinding("folder", new() + /// { + /// Folder = "folders/1234567", + /// Role = "roles/container.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Folder.Inputs.IAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_folder\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IAMMember("folder", new() + /// { + /// Folder = "folders/1234567", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IAMMember("folder", new() + /// { + /// Folder = "folders/1234567", + /// Role = "roles/firebase.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Folder.Inputs.IAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_folder\_iam\_audit\_config + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var folder = new Gcp.Folder.IamAuditConfig("folder", new() + /// { + /// Folder = "folders/1234567", + /// Service = "allServices", + /// AuditLogConfigs = new[] + /// { + /// new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs + /// { + /// LogType = "ADMIN_READ", + /// }, + /// new Gcp.Folder.Inputs.IamAuditConfigAuditLogConfigArgs + /// { + /// LogType = "DATA_READ", + /// ExemptedMembers = new[] + /// { + /// "user:joebloggs@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing Audit Configs diff --git a/sdk/dotnet/GkeBackup/BackupPlanIamBinding.cs b/sdk/dotnet/GkeBackup/BackupPlanIamBinding.cs index 36f182fc36..eb92e8f40b 100644 --- a/sdk/dotnet/GkeBackup/BackupPlanIamBinding.cs +++ b/sdk/dotnet/GkeBackup/BackupPlanIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.GkeBackup /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_gke\_backup\_backup\_plan\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.GkeBackup.BackupPlanIamPolicy("policy", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// Name = basic.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_backup\_backup\_plan\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.GkeBackup.BackupPlanIamBinding("binding", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// Name = basic.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_backup\_backup\_plan\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.GkeBackup.BackupPlanIamMember("member", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// Name = basic.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -170,6 +259,19 @@ public partial class BackupPlanIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -182,18 +284,6 @@ public partial class BackupPlanIamBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -264,6 +354,20 @@ public sealed class BackupPlanIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -279,18 +383,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -329,6 +421,20 @@ public sealed class BackupPlanIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -344,18 +450,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/GkeBackup/BackupPlanIamMember.cs b/sdk/dotnet/GkeBackup/BackupPlanIamMember.cs index 7ec89d6f00..9716a96556 100644 --- a/sdk/dotnet/GkeBackup/BackupPlanIamMember.cs +++ b/sdk/dotnet/GkeBackup/BackupPlanIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.GkeBackup /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_gke\_backup\_backup\_plan\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.GkeBackup.BackupPlanIamPolicy("policy", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// Name = basic.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_backup\_backup\_plan\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.GkeBackup.BackupPlanIamBinding("binding", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// Name = basic.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_backup\_backup\_plan\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.GkeBackup.BackupPlanIamMember("member", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// Name = basic.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -170,6 +259,19 @@ public partial class BackupPlanIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -182,18 +284,6 @@ public partial class BackupPlanIamMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,6 +352,19 @@ public sealed class BackupPlanIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -274,18 +377,6 @@ public sealed class BackupPlanIamMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -322,6 +413,19 @@ public sealed class BackupPlanIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -334,18 +438,6 @@ public sealed class BackupPlanIamMemberState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/GkeBackup/BackupPlanIamPolicy.cs b/sdk/dotnet/GkeBackup/BackupPlanIamPolicy.cs index 79a31dc2f6..e0a855d919 100644 --- a/sdk/dotnet/GkeBackup/BackupPlanIamPolicy.cs +++ b/sdk/dotnet/GkeBackup/BackupPlanIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.GkeBackup /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_gke\_backup\_backup\_plan\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.GkeBackup.BackupPlanIamPolicy("policy", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// Name = basic.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_backup\_backup\_plan\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.GkeBackup.BackupPlanIamBinding("binding", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// Name = basic.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_backup\_backup\_plan\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.GkeBackup.BackupPlanIamMember("member", new() + /// { + /// Project = basic.Project, + /// Location = basic.Location, + /// Name = basic.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,18 +272,6 @@ public partial class BackupPlanIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -268,18 +345,6 @@ public sealed class BackupPlanIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -321,18 +386,6 @@ public sealed class BackupPlanIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/GkeHub/FeatureIamBinding.cs b/sdk/dotnet/GkeHub/FeatureIamBinding.cs index 6885cad051..79116253a8 100644 --- a/sdk/dotnet/GkeHub/FeatureIamBinding.cs +++ b/sdk/dotnet/GkeHub/FeatureIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.GkeHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_gke\_hub\_feature\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.GkeHub.FeatureIamPolicy("policy", new() + /// { + /// Project = feature.Project, + /// Location = feature.Location, + /// Name = feature.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_feature\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.GkeHub.FeatureIamBinding("binding", new() + /// { + /// Project = feature.Project, + /// Location = feature.Location, + /// Name = feature.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_feature\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.GkeHub.FeatureIamMember("member", new() + /// { + /// Project = feature.Project, + /// Location = feature.Location, + /// Name = feature.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,6 +258,19 @@ public partial class FeatureIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -181,18 +283,6 @@ public partial class FeatureIamBinding : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,6 +352,20 @@ public sealed class FeatureIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -277,18 +381,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -326,6 +418,20 @@ public sealed class FeatureIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -341,18 +447,6 @@ public InputList Members /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/GkeHub/FeatureIamMember.cs b/sdk/dotnet/GkeHub/FeatureIamMember.cs index fc0b78892d..1fd078e0b0 100644 --- a/sdk/dotnet/GkeHub/FeatureIamMember.cs +++ b/sdk/dotnet/GkeHub/FeatureIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.GkeHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_gke\_hub\_feature\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.GkeHub.FeatureIamPolicy("policy", new() + /// { + /// Project = feature.Project, + /// Location = feature.Location, + /// Name = feature.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_feature\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.GkeHub.FeatureIamBinding("binding", new() + /// { + /// Project = feature.Project, + /// Location = feature.Location, + /// Name = feature.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_feature\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.GkeHub.FeatureIamMember("member", new() + /// { + /// Project = feature.Project, + /// Location = feature.Location, + /// Name = feature.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,6 +258,19 @@ public partial class FeatureIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -181,18 +283,6 @@ public partial class FeatureIamMember : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -260,6 +350,19 @@ public sealed class FeatureIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -272,18 +375,6 @@ public sealed class FeatureIamMemberArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -319,6 +410,19 @@ public sealed class FeatureIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -331,18 +435,6 @@ public sealed class FeatureIamMemberState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/GkeHub/FeatureIamPolicy.cs b/sdk/dotnet/GkeHub/FeatureIamPolicy.cs index 06a299f847..1293af1ee7 100644 --- a/sdk/dotnet/GkeHub/FeatureIamPolicy.cs +++ b/sdk/dotnet/GkeHub/FeatureIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.GkeHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_gke\_hub\_feature\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.GkeHub.FeatureIamPolicy("policy", new() + /// { + /// Project = feature.Project, + /// Location = feature.Location, + /// Name = feature.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_feature\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.GkeHub.FeatureIamBinding("binding", new() + /// { + /// Project = feature.Project, + /// Location = feature.Location, + /// Name = feature.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_feature\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.GkeHub.FeatureIamMember("member", new() + /// { + /// Project = feature.Project, + /// Location = feature.Location, + /// Name = feature.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,18 +271,6 @@ public partial class FeatureIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -266,18 +343,6 @@ public sealed class FeatureIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -318,18 +383,6 @@ public sealed class FeatureIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/GkeHub/MembershipIamBinding.cs b/sdk/dotnet/GkeHub/MembershipIamBinding.cs index adf3ba3d5d..5905c9f5e4 100644 --- a/sdk/dotnet/GkeHub/MembershipIamBinding.cs +++ b/sdk/dotnet/GkeHub/MembershipIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.GkeHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_gke\_hub\_membership\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.GkeHub.MembershipIamPolicy("policy", new() + /// { + /// Project = membership.Project, + /// Location = membership.Location, + /// MembershipId = membership.MembershipId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_membership\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.GkeHub.MembershipIamBinding("binding", new() + /// { + /// Project = membership.Project, + /// Location = membership.Location, + /// MembershipId = membership.MembershipId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_membership\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.GkeHub.MembershipIamMember("member", new() + /// { + /// Project = membership.Project, + /// Location = membership.Location, + /// MembershipId = membership.MembershipId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,17 +260,8 @@ public partial class MembershipIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - - [Output("membershipId")] - public Output MembershipId { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -193,6 +273,16 @@ public partial class MembershipIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + [Output("membershipId")] + public Output MembershipId { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -263,20 +353,9 @@ public sealed class MembershipIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } - - [Input("membershipId", required: true)] - public Input MembershipId { get; set; } = null!; /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -288,6 +367,19 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + [Input("membershipId", required: true)] + public Input MembershipId { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -326,20 +418,9 @@ public sealed class MembershipIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } - - [Input("membershipId")] - public Input? MembershipId { get; set; } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -351,6 +432,19 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + [Input("membershipId")] + public Input? MembershipId { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/GkeHub/MembershipIamMember.cs b/sdk/dotnet/GkeHub/MembershipIamMember.cs index c98c40ff29..d51ad4ff53 100644 --- a/sdk/dotnet/GkeHub/MembershipIamMember.cs +++ b/sdk/dotnet/GkeHub/MembershipIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.GkeHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_gke\_hub\_membership\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.GkeHub.MembershipIamPolicy("policy", new() + /// { + /// Project = membership.Project, + /// Location = membership.Location, + /// MembershipId = membership.MembershipId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_membership\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.GkeHub.MembershipIamBinding("binding", new() + /// { + /// Project = membership.Project, + /// Location = membership.Location, + /// MembershipId = membership.MembershipId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_membership\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.GkeHub.MembershipIamMember("member", new() + /// { + /// Project = membership.Project, + /// Location = membership.Location, + /// MembershipId = membership.MembershipId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,17 +260,8 @@ public partial class MembershipIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - - [Output("membershipId")] - public Output MembershipId { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -193,6 +273,16 @@ public partial class MembershipIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + [Output("membershipId")] + public Output MembershipId { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -261,17 +351,8 @@ public sealed class MembershipIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - - [Input("membershipId", required: true)] - public Input MembershipId { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -283,6 +364,16 @@ public sealed class MembershipIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + [Input("membershipId", required: true)] + public Input MembershipId { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -319,17 +410,8 @@ public sealed class MembershipIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - - [Input("membershipId")] - public Input? MembershipId { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -341,6 +423,16 @@ public sealed class MembershipIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + [Input("membershipId")] + public Input? MembershipId { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/GkeHub/MembershipIamPolicy.cs b/sdk/dotnet/GkeHub/MembershipIamPolicy.cs index fe9d264072..3550ec8f93 100644 --- a/sdk/dotnet/GkeHub/MembershipIamPolicy.cs +++ b/sdk/dotnet/GkeHub/MembershipIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.GkeHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_gke\_hub\_membership\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.GkeHub.MembershipIamPolicy("policy", new() + /// { + /// Project = membership.Project, + /// Location = membership.Location, + /// MembershipId = membership.MembershipId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_membership\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.GkeHub.MembershipIamBinding("binding", new() + /// { + /// Project = membership.Project, + /// Location = membership.Location, + /// MembershipId = membership.MembershipId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_membership\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.GkeHub.MembershipIamMember("member", new() + /// { + /// Project = membership.Project, + /// Location = membership.Location, + /// MembershipId = membership.MembershipId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,18 +270,6 @@ public partial class MembershipIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -264,18 +341,6 @@ public sealed class MembershipIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -315,18 +380,6 @@ public sealed class MembershipIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/GkeHub/ScopeIamBinding.cs b/sdk/dotnet/GkeHub/ScopeIamBinding.cs index f7c502b32d..6d6c725eee 100644 --- a/sdk/dotnet/GkeHub/ScopeIamBinding.cs +++ b/sdk/dotnet/GkeHub/ScopeIamBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.GkeHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_gke\_hub\_scope\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.GkeHub.ScopeIamPolicy("policy", new() + /// { + /// Project = scope.Project, + /// ScopeId = scope.ScopeId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_scope\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.GkeHub.ScopeIamBinding("binding", new() + /// { + /// Project = scope.Project, + /// ScopeId = scope.ScopeId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_scope\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.GkeHub.ScopeIamMember("member", new() + /// { + /// Project = scope.Project, + /// ScopeId = scope.ScopeId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,14 +244,8 @@ public partial class ScopeIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +257,13 @@ public partial class ScopeIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -242,17 +329,9 @@ public sealed class ScopeIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -264,6 +343,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -297,17 +386,9 @@ public sealed class ScopeIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -319,6 +400,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/GkeHub/ScopeIamMember.cs b/sdk/dotnet/GkeHub/ScopeIamMember.cs index f01942c376..41c6b17d5a 100644 --- a/sdk/dotnet/GkeHub/ScopeIamMember.cs +++ b/sdk/dotnet/GkeHub/ScopeIamMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.GkeHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_gke\_hub\_scope\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.GkeHub.ScopeIamPolicy("policy", new() + /// { + /// Project = scope.Project, + /// ScopeId = scope.ScopeId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_scope\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.GkeHub.ScopeIamBinding("binding", new() + /// { + /// Project = scope.Project, + /// ScopeId = scope.ScopeId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_scope\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.GkeHub.ScopeIamMember("member", new() + /// { + /// Project = scope.Project, + /// ScopeId = scope.ScopeId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,14 +244,8 @@ public partial class ScopeIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +257,13 @@ public partial class ScopeIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -240,14 +327,8 @@ public sealed class ScopeIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -259,6 +340,13 @@ public sealed class ScopeIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -290,14 +378,8 @@ public sealed class ScopeIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -309,6 +391,13 @@ public sealed class ScopeIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/GkeHub/ScopeIamPolicy.cs b/sdk/dotnet/GkeHub/ScopeIamPolicy.cs index f69d9ce127..522bd6427a 100644 --- a/sdk/dotnet/GkeHub/ScopeIamPolicy.cs +++ b/sdk/dotnet/GkeHub/ScopeIamPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.GkeHub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_gke\_hub\_scope\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.GkeHub.ScopeIamPolicy("policy", new() + /// { + /// Project = scope.Project, + /// ScopeId = scope.ScopeId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_scope\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.GkeHub.ScopeIamBinding("binding", new() + /// { + /// Project = scope.Project, + /// ScopeId = scope.ScopeId, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_gke\_hub\_scope\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.GkeHub.ScopeIamMember("member", new() + /// { + /// Project = scope.Project, + /// ScopeId = scope.ScopeId, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -165,18 +251,6 @@ public partial class ScopeIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -240,18 +314,6 @@ public sealed class ScopeIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -283,18 +345,6 @@ public sealed class ScopeIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Healthcare/ConsentStoreIamBinding.cs b/sdk/dotnet/Healthcare/ConsentStoreIamBinding.cs index 03669500d1..c65c508ce1 100644 --- a/sdk/dotnet/Healthcare/ConsentStoreIamBinding.cs +++ b/sdk/dotnet/Healthcare/ConsentStoreIamBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_consent\_store\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Healthcare.ConsentStoreIamPolicy("policy", new() + /// { + /// Dataset = my_consent.Dataset, + /// ConsentStoreId = my_consent.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_consent\_store\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Healthcare.ConsentStoreIamBinding("binding", new() + /// { + /// Dataset = my_consent.Dataset, + /// ConsentStoreId = my_consent.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_consent\_store\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Healthcare.ConsentStoreIamMember("member", new() + /// { + /// Dataset = my_consent.Dataset, + /// ConsentStoreId = my_consent.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -160,8 +246,18 @@ public partial class ConsentStoreIamBinding : global::Pulumi.CustomResource /// Identifies the dataset addressed by this request. Must be in the format /// 'projects/{project}/locations/{location}/datasets/{dataset}' /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("dataset")] + public Output Dataset { get; private set; } = null!; + + /// + /// (Computed) The etag of the IAM policy. + /// + [Output("etag")] + public Output Etag { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,15 +269,6 @@ public partial class ConsentStoreIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Output("dataset")] - public Output Dataset { get; private set; } = null!; - - /// - /// (Computed) The etag of the IAM policy. - /// - [Output("etag")] - public Output Etag { get; private set; } = null!; - [Output("members")] public Output> Members { get; private set; } = null!; @@ -252,8 +339,15 @@ public sealed class ConsentStoreIamBindingArgs : global::Pulumi.ResourceArgs /// Identifies the dataset addressed by this request. Must be in the format /// 'projects/{project}/locations/{location}/datasets/{dataset}' /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("dataset", required: true)] + public Input Dataset { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -265,11 +359,6 @@ public sealed class ConsentStoreIamBindingArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Input("dataset", required: true)] - public Input Dataset { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -305,18 +394,6 @@ public sealed class ConsentStoreIamBindingState : global::Pulumi.ResourceArgs /// Identifies the dataset addressed by this request. Must be in the format /// 'projects/{project}/locations/{location}/datasets/{dataset}' /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("dataset")] public Input? Dataset { get; set; } @@ -329,6 +406,20 @@ public sealed class ConsentStoreIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Healthcare/ConsentStoreIamMember.cs b/sdk/dotnet/Healthcare/ConsentStoreIamMember.cs index 52219514f4..d7a7cbd804 100644 --- a/sdk/dotnet/Healthcare/ConsentStoreIamMember.cs +++ b/sdk/dotnet/Healthcare/ConsentStoreIamMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_consent\_store\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Healthcare.ConsentStoreIamPolicy("policy", new() + /// { + /// Dataset = my_consent.Dataset, + /// ConsentStoreId = my_consent.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_consent\_store\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Healthcare.ConsentStoreIamBinding("binding", new() + /// { + /// Dataset = my_consent.Dataset, + /// ConsentStoreId = my_consent.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_consent\_store\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Healthcare.ConsentStoreIamMember("member", new() + /// { + /// Dataset = my_consent.Dataset, + /// ConsentStoreId = my_consent.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -160,8 +246,18 @@ public partial class ConsentStoreIamMember : global::Pulumi.CustomResource /// Identifies the dataset addressed by this request. Must be in the format /// 'projects/{project}/locations/{location}/datasets/{dataset}' /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("dataset")] + public Output Dataset { get; private set; } = null!; + + /// + /// (Computed) The etag of the IAM policy. + /// + [Output("etag")] + public Output Etag { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,15 +269,6 @@ public partial class ConsentStoreIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Output("dataset")] - public Output Dataset { get; private set; } = null!; - - /// - /// (Computed) The etag of the IAM policy. - /// - [Output("etag")] - public Output Etag { get; private set; } = null!; - [Output("member")] public Output Member { get; private set; } = null!; @@ -252,8 +339,12 @@ public sealed class ConsentStoreIamMemberArgs : global::Pulumi.ResourceArgs /// Identifies the dataset addressed by this request. Must be in the format /// 'projects/{project}/locations/{location}/datasets/{dataset}' /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("dataset", required: true)] + public Input Dataset { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -265,9 +356,6 @@ public sealed class ConsentStoreIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Input("dataset", required: true)] - public Input Dataset { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -300,8 +388,18 @@ public sealed class ConsentStoreIamMemberState : global::Pulumi.ResourceArgs /// Identifies the dataset addressed by this request. Must be in the format /// 'projects/{project}/locations/{location}/datasets/{dataset}' /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("dataset")] + public Input? Dataset { get; set; } + + /// + /// (Computed) The etag of the IAM policy. + /// + [Input("etag")] + public Input? Etag { get; set; } + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -313,15 +411,6 @@ public sealed class ConsentStoreIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Input("dataset")] - public Input? Dataset { get; set; } - - /// - /// (Computed) The etag of the IAM policy. - /// - [Input("etag")] - public Input? Etag { get; set; } - [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Healthcare/ConsentStoreIamPolicy.cs b/sdk/dotnet/Healthcare/ConsentStoreIamPolicy.cs index f1bc7a4073..3aa49176c1 100644 --- a/sdk/dotnet/Healthcare/ConsentStoreIamPolicy.cs +++ b/sdk/dotnet/Healthcare/ConsentStoreIamPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_consent\_store\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Healthcare.ConsentStoreIamPolicy("policy", new() + /// { + /// Dataset = my_consent.Dataset, + /// ConsentStoreId = my_consent.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_consent\_store\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Healthcare.ConsentStoreIamBinding("binding", new() + /// { + /// Dataset = my_consent.Dataset, + /// ConsentStoreId = my_consent.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_consent\_store\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Healthcare.ConsentStoreIamMember("member", new() + /// { + /// Dataset = my_consent.Dataset, + /// ConsentStoreId = my_consent.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,18 +243,6 @@ public partial class ConsentStoreIamPolicy : global::Pulumi.CustomResource /// Identifies the dataset addressed by this request. Must be in the format /// 'projects/{project}/locations/{location}/datasets/{dataset}' /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("dataset")] public Output Dataset { get; private set; } = null!; @@ -242,18 +316,6 @@ public sealed class ConsentStoreIamPolicyArgs : global::Pulumi.ResourceArgs /// Identifies the dataset addressed by this request. Must be in the format /// 'projects/{project}/locations/{location}/datasets/{dataset}' /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("dataset", required: true)] public Input Dataset { get; set; } = null!; @@ -283,18 +345,6 @@ public sealed class ConsentStoreIamPolicyState : global::Pulumi.ResourceArgs /// Identifies the dataset addressed by this request. Must be in the format /// 'projects/{project}/locations/{location}/datasets/{dataset}' /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("dataset")] public Input? Dataset { get; set; } diff --git a/sdk/dotnet/Healthcare/DatasetIamBinding.cs b/sdk/dotnet/Healthcare/DatasetIamBinding.cs index b6228f9cad..3941919857 100644 --- a/sdk/dotnet/Healthcare/DatasetIamBinding.cs +++ b/sdk/dotnet/Healthcare/DatasetIamBinding.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_dataset\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var dataset = new Gcp.Healthcare.DatasetIamPolicy("dataset", new() + /// { + /// DatasetId = "your-dataset-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_dataset\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dataset = new Gcp.Healthcare.DatasetIamBinding("dataset", new() + /// { + /// DatasetId = "your-dataset-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_dataset\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dataset = new Gcp.Healthcare.DatasetIamMember("dataset", new() + /// { + /// DatasetId = "your-dataset-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -140,15 +223,6 @@ public partial class DatasetIamBinding : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{dataset_name}` or /// `{location_name}/{dataset_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("datasetId")] public Output DatasetId { get; private set; } = null!; @@ -159,6 +233,16 @@ public partial class DatasetIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -224,8 +308,15 @@ public sealed class DatasetIamBindingArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}` or /// `{location_name}/{dataset_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("datasetId", required: true)] + public Input DatasetId { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -234,11 +325,6 @@ public sealed class DatasetIamBindingArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("datasetId", required: true)] - public Input DatasetId { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -269,15 +355,6 @@ public sealed class DatasetIamBindingState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}` or /// `{location_name}/{dataset_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("datasetId")] public Input? DatasetId { get; set; } @@ -290,6 +367,17 @@ public sealed class DatasetIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Healthcare/DatasetIamMember.cs b/sdk/dotnet/Healthcare/DatasetIamMember.cs index 25c4aef62f..8ecd8e302d 100644 --- a/sdk/dotnet/Healthcare/DatasetIamMember.cs +++ b/sdk/dotnet/Healthcare/DatasetIamMember.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_dataset\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var dataset = new Gcp.Healthcare.DatasetIamPolicy("dataset", new() + /// { + /// DatasetId = "your-dataset-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_dataset\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dataset = new Gcp.Healthcare.DatasetIamBinding("dataset", new() + /// { + /// DatasetId = "your-dataset-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_dataset\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dataset = new Gcp.Healthcare.DatasetIamMember("dataset", new() + /// { + /// DatasetId = "your-dataset-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -140,15 +223,6 @@ public partial class DatasetIamMember : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{dataset_name}` or /// `{location_name}/{dataset_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("datasetId")] public Output DatasetId { get; private set; } = null!; @@ -159,6 +233,16 @@ public partial class DatasetIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -224,8 +308,12 @@ public sealed class DatasetIamMemberArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}` or /// `{location_name}/{dataset_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("datasetId", required: true)] + public Input DatasetId { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -234,9 +322,6 @@ public sealed class DatasetIamMemberArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("datasetId", required: true)] - public Input DatasetId { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -264,15 +349,6 @@ public sealed class DatasetIamMemberState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}` or /// `{location_name}/{dataset_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("datasetId")] public Input? DatasetId { get; set; } @@ -283,6 +359,16 @@ public sealed class DatasetIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Healthcare/DatasetIamPolicy.cs b/sdk/dotnet/Healthcare/DatasetIamPolicy.cs index 6badf6d1f9..623fe5dfd5 100644 --- a/sdk/dotnet/Healthcare/DatasetIamPolicy.cs +++ b/sdk/dotnet/Healthcare/DatasetIamPolicy.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_dataset\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var dataset = new Gcp.Healthcare.DatasetIamPolicy("dataset", new() + /// { + /// DatasetId = "your-dataset-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_dataset\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dataset = new Gcp.Healthcare.DatasetIamBinding("dataset", new() + /// { + /// DatasetId = "your-dataset-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_dataset\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dataset = new Gcp.Healthcare.DatasetIamMember("dataset", new() + /// { + /// DatasetId = "your-dataset-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -137,15 +220,6 @@ public partial class DatasetIamPolicy : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{dataset_name}` or /// `{location_name}/{dataset_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("datasetId")] public Output DatasetId { get; private set; } = null!; @@ -214,15 +288,6 @@ public sealed class DatasetIamPolicyArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}` or /// `{location_name}/{dataset_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("datasetId", required: true)] public Input DatasetId { get; set; } = null!; @@ -247,15 +312,6 @@ public sealed class DatasetIamPolicyState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}` or /// `{location_name}/{dataset_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("datasetId")] public Input? DatasetId { get; set; } diff --git a/sdk/dotnet/Healthcare/DicomStoreIamBinding.cs b/sdk/dotnet/Healthcare/DicomStoreIamBinding.cs index 6ead8c4ded..cb5d626a72 100644 --- a/sdk/dotnet/Healthcare/DicomStoreIamBinding.cs +++ b/sdk/dotnet/Healthcare/DicomStoreIamBinding.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_dicom\_store\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy("dicom_store", new() + /// { + /// DicomStoreId = "your-dicom-store-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_dicom\_store\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding("dicom_store", new() + /// { + /// DicomStoreId = "your-dicom-store-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_dicom\_store\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dicomStore = new Gcp.Healthcare.DicomStoreIamMember("dicom_store", new() + /// { + /// DicomStoreId = "your-dicom-store-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -140,15 +223,6 @@ public partial class DicomStoreIamBinding : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or /// `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("dicomStoreId")] public Output DicomStoreId { get; private set; } = null!; @@ -159,6 +233,16 @@ public partial class DicomStoreIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -224,8 +308,15 @@ public sealed class DicomStoreIamBindingArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or /// `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("dicomStoreId", required: true)] + public Input DicomStoreId { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -234,11 +325,6 @@ public sealed class DicomStoreIamBindingArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("dicomStoreId", required: true)] - public Input DicomStoreId { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -269,15 +355,6 @@ public sealed class DicomStoreIamBindingState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or /// `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("dicomStoreId")] public Input? DicomStoreId { get; set; } @@ -290,6 +367,17 @@ public sealed class DicomStoreIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Healthcare/DicomStoreIamMember.cs b/sdk/dotnet/Healthcare/DicomStoreIamMember.cs index 4df2aca9ec..ee64845a1f 100644 --- a/sdk/dotnet/Healthcare/DicomStoreIamMember.cs +++ b/sdk/dotnet/Healthcare/DicomStoreIamMember.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_dicom\_store\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy("dicom_store", new() + /// { + /// DicomStoreId = "your-dicom-store-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_dicom\_store\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding("dicom_store", new() + /// { + /// DicomStoreId = "your-dicom-store-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_dicom\_store\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dicomStore = new Gcp.Healthcare.DicomStoreIamMember("dicom_store", new() + /// { + /// DicomStoreId = "your-dicom-store-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -140,15 +223,6 @@ public partial class DicomStoreIamMember : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or /// `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("dicomStoreId")] public Output DicomStoreId { get; private set; } = null!; @@ -159,6 +233,16 @@ public partial class DicomStoreIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -224,8 +308,12 @@ public sealed class DicomStoreIamMemberArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or /// `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("dicomStoreId", required: true)] + public Input DicomStoreId { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -234,9 +322,6 @@ public sealed class DicomStoreIamMemberArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("dicomStoreId", required: true)] - public Input DicomStoreId { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -264,15 +349,6 @@ public sealed class DicomStoreIamMemberState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or /// `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("dicomStoreId")] public Input? DicomStoreId { get; set; } @@ -283,6 +359,16 @@ public sealed class DicomStoreIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Healthcare/DicomStoreIamPolicy.cs b/sdk/dotnet/Healthcare/DicomStoreIamPolicy.cs index 06e52adceb..19401fa4a3 100644 --- a/sdk/dotnet/Healthcare/DicomStoreIamPolicy.cs +++ b/sdk/dotnet/Healthcare/DicomStoreIamPolicy.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_dicom\_store\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var dicomStore = new Gcp.Healthcare.DicomStoreIamPolicy("dicom_store", new() + /// { + /// DicomStoreId = "your-dicom-store-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_dicom\_store\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dicomStore = new Gcp.Healthcare.DicomStoreIamBinding("dicom_store", new() + /// { + /// DicomStoreId = "your-dicom-store-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_dicom\_store\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var dicomStore = new Gcp.Healthcare.DicomStoreIamMember("dicom_store", new() + /// { + /// DicomStoreId = "your-dicom-store-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -137,15 +220,6 @@ public partial class DicomStoreIamPolicy : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or /// `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("dicomStoreId")] public Output DicomStoreId { get; private set; } = null!; @@ -214,15 +288,6 @@ public sealed class DicomStoreIamPolicyArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or /// `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("dicomStoreId", required: true)] public Input DicomStoreId { get; set; } = null!; @@ -247,15 +312,6 @@ public sealed class DicomStoreIamPolicyState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or /// `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("dicomStoreId")] public Input? DicomStoreId { get; set; } diff --git a/sdk/dotnet/Healthcare/FhirStoreIamBinding.cs b/sdk/dotnet/Healthcare/FhirStoreIamBinding.cs index e2ff37f041..1f88c4b9df 100644 --- a/sdk/dotnet/Healthcare/FhirStoreIamBinding.cs +++ b/sdk/dotnet/Healthcare/FhirStoreIamBinding.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_fhir\_store\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy("fhir_store", new() + /// { + /// FhirStoreId = "your-fhir-store-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_fhir\_store\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding("fhir_store", new() + /// { + /// FhirStoreId = "your-fhir-store-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_fhir\_store\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var fhirStore = new Gcp.Healthcare.FhirStoreIamMember("fhir_store", new() + /// { + /// FhirStoreId = "your-fhir-store-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -146,8 +229,12 @@ public partial class FhirStoreIamBinding : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or /// `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("fhirStoreId")] + public Output FhirStoreId { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,9 +243,6 @@ public partial class FhirStoreIamBinding : global::Pulumi.CustomResource /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Output("fhirStoreId")] - public Output FhirStoreId { get; private set; } = null!; - [Output("members")] public Output> Members { get; private set; } = null!; @@ -224,8 +308,15 @@ public sealed class FhirStoreIamBindingArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or /// `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("fhirStoreId", required: true)] + public Input FhirStoreId { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -234,11 +325,6 @@ public sealed class FhirStoreIamBindingArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("fhirStoreId", required: true)] - public Input FhirStoreId { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -275,8 +361,15 @@ public sealed class FhirStoreIamBindingState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or /// `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("fhirStoreId")] + public Input? FhirStoreId { get; set; } + + [Input("members")] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -285,11 +378,6 @@ public sealed class FhirStoreIamBindingState : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("fhirStoreId")] - public Input? FhirStoreId { get; set; } - - [Input("members")] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Healthcare/FhirStoreIamMember.cs b/sdk/dotnet/Healthcare/FhirStoreIamMember.cs index e970a72145..e4e6672e44 100644 --- a/sdk/dotnet/Healthcare/FhirStoreIamMember.cs +++ b/sdk/dotnet/Healthcare/FhirStoreIamMember.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_fhir\_store\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy("fhir_store", new() + /// { + /// FhirStoreId = "your-fhir-store-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_fhir\_store\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding("fhir_store", new() + /// { + /// FhirStoreId = "your-fhir-store-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_fhir\_store\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var fhirStore = new Gcp.Healthcare.FhirStoreIamMember("fhir_store", new() + /// { + /// FhirStoreId = "your-fhir-store-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -146,8 +229,12 @@ public partial class FhirStoreIamMember : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or /// `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("fhirStoreId")] + public Output FhirStoreId { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,9 +243,6 @@ public partial class FhirStoreIamMember : global::Pulumi.CustomResource /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Output("fhirStoreId")] - public Output FhirStoreId { get; private set; } = null!; - [Output("member")] public Output Member { get; private set; } = null!; @@ -224,8 +308,12 @@ public sealed class FhirStoreIamMemberArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or /// `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("fhirStoreId", required: true)] + public Input FhirStoreId { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -234,9 +322,6 @@ public sealed class FhirStoreIamMemberArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("fhirStoreId", required: true)] - public Input FhirStoreId { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -270,8 +355,12 @@ public sealed class FhirStoreIamMemberState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or /// `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("fhirStoreId")] + public Input? FhirStoreId { get; set; } + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -280,9 +369,6 @@ public sealed class FhirStoreIamMemberState : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("fhirStoreId")] - public Input? FhirStoreId { get; set; } - [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Healthcare/FhirStoreIamPolicy.cs b/sdk/dotnet/Healthcare/FhirStoreIamPolicy.cs index e07933d5c8..fa2a636e18 100644 --- a/sdk/dotnet/Healthcare/FhirStoreIamPolicy.cs +++ b/sdk/dotnet/Healthcare/FhirStoreIamPolicy.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_fhir\_store\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var fhirStore = new Gcp.Healthcare.FhirStoreIamPolicy("fhir_store", new() + /// { + /// FhirStoreId = "your-fhir-store-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_fhir\_store\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var fhirStore = new Gcp.Healthcare.FhirStoreIamBinding("fhir_store", new() + /// { + /// FhirStoreId = "your-fhir-store-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_fhir\_store\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var fhirStore = new Gcp.Healthcare.FhirStoreIamMember("fhir_store", new() + /// { + /// FhirStoreId = "your-fhir-store-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -143,15 +226,6 @@ public partial class FhirStoreIamPolicy : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or /// `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("fhirStoreId")] public Output FhirStoreId { get; private set; } = null!; @@ -214,15 +288,6 @@ public sealed class FhirStoreIamPolicyArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or /// `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("fhirStoreId", required: true)] public Input FhirStoreId { get; set; } = null!; @@ -253,15 +318,6 @@ public sealed class FhirStoreIamPolicyState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or /// `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("fhirStoreId")] public Input? FhirStoreId { get; set; } diff --git a/sdk/dotnet/Healthcare/Hl7StoreIamBinding.cs b/sdk/dotnet/Healthcare/Hl7StoreIamBinding.cs index 9519caf809..6340fda53d 100644 --- a/sdk/dotnet/Healthcare/Hl7StoreIamBinding.cs +++ b/sdk/dotnet/Healthcare/Hl7StoreIamBinding.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_hl7\_v2\_store\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy("hl7_v2_store", new() + /// { + /// Hl7V2StoreId = "your-hl7-v2-store-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_hl7\_v2\_store\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding("hl7_v2_store", new() + /// { + /// Hl7V2StoreId = "your-hl7-v2-store-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_hl7\_v2\_store\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember("hl7_v2_store", new() + /// { + /// Hl7V2StoreId = "your-hl7-v2-store-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -146,8 +229,12 @@ public partial class Hl7StoreIamBinding : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or /// `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("hl7V2StoreId")] + public Output Hl7V2StoreId { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,9 +243,6 @@ public partial class Hl7StoreIamBinding : global::Pulumi.CustomResource /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Output("hl7V2StoreId")] - public Output Hl7V2StoreId { get; private set; } = null!; - [Output("members")] public Output> Members { get; private set; } = null!; @@ -224,8 +308,15 @@ public sealed class Hl7StoreIamBindingArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or /// `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("hl7V2StoreId", required: true)] + public Input Hl7V2StoreId { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -234,11 +325,6 @@ public sealed class Hl7StoreIamBindingArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("hl7V2StoreId", required: true)] - public Input Hl7V2StoreId { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -275,8 +361,15 @@ public sealed class Hl7StoreIamBindingState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or /// `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("hl7V2StoreId")] + public Input? Hl7V2StoreId { get; set; } + + [Input("members")] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -285,11 +378,6 @@ public sealed class Hl7StoreIamBindingState : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("hl7V2StoreId")] - public Input? Hl7V2StoreId { get; set; } - - [Input("members")] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Healthcare/Hl7StoreIamMember.cs b/sdk/dotnet/Healthcare/Hl7StoreIamMember.cs index 2a6db02c20..ca81239395 100644 --- a/sdk/dotnet/Healthcare/Hl7StoreIamMember.cs +++ b/sdk/dotnet/Healthcare/Hl7StoreIamMember.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_hl7\_v2\_store\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy("hl7_v2_store", new() + /// { + /// Hl7V2StoreId = "your-hl7-v2-store-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_hl7\_v2\_store\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding("hl7_v2_store", new() + /// { + /// Hl7V2StoreId = "your-hl7-v2-store-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_hl7\_v2\_store\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember("hl7_v2_store", new() + /// { + /// Hl7V2StoreId = "your-hl7-v2-store-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -146,8 +229,12 @@ public partial class Hl7StoreIamMember : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or /// `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("hl7V2StoreId")] + public Output Hl7V2StoreId { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,9 +243,6 @@ public partial class Hl7StoreIamMember : global::Pulumi.CustomResource /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Output("hl7V2StoreId")] - public Output Hl7V2StoreId { get; private set; } = null!; - [Output("member")] public Output Member { get; private set; } = null!; @@ -224,8 +308,12 @@ public sealed class Hl7StoreIamMemberArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or /// `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("hl7V2StoreId", required: true)] + public Input Hl7V2StoreId { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -234,9 +322,6 @@ public sealed class Hl7StoreIamMemberArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("hl7V2StoreId", required: true)] - public Input Hl7V2StoreId { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -270,8 +355,12 @@ public sealed class Hl7StoreIamMemberState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or /// `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("hl7V2StoreId")] + public Input? Hl7V2StoreId { get; set; } + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -280,9 +369,6 @@ public sealed class Hl7StoreIamMemberState : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("hl7V2StoreId")] - public Input? Hl7V2StoreId { get; set; } - [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Healthcare/Hl7StoreIamPolicy.cs b/sdk/dotnet/Healthcare/Hl7StoreIamPolicy.cs index c9d32a399a..c0f8f8a368 100644 --- a/sdk/dotnet/Healthcare/Hl7StoreIamPolicy.cs +++ b/sdk/dotnet/Healthcare/Hl7StoreIamPolicy.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.Healthcare /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_healthcare\_hl7\_v2\_store\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamPolicy("hl7_v2_store", new() + /// { + /// Hl7V2StoreId = "your-hl7-v2-store-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_hl7\_v2\_store\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamBinding("hl7_v2_store", new() + /// { + /// Hl7V2StoreId = "your-hl7-v2-store-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_healthcare\_hl7\_v2\_store\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var hl7V2Store = new Gcp.Healthcare.Hl7StoreIamMember("hl7_v2_store", new() + /// { + /// Hl7V2StoreId = "your-hl7-v2-store-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -143,15 +226,6 @@ public partial class Hl7StoreIamPolicy : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or /// `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("hl7V2StoreId")] public Output Hl7V2StoreId { get; private set; } = null!; @@ -214,15 +288,6 @@ public sealed class Hl7StoreIamPolicyArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or /// `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("hl7V2StoreId", required: true)] public Input Hl7V2StoreId { get; set; } = null!; @@ -253,15 +318,6 @@ public sealed class Hl7StoreIamPolicyState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or /// `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("hl7V2StoreId")] public Input? Hl7V2StoreId { get; set; } diff --git a/sdk/dotnet/Iap/AppEngineServiceIamBinding.cs b/sdk/dotnet/Iap/AppEngineServiceIamBinding.cs index d0d0bbe19f..17a603ab75 100644 --- a/sdk/dotnet/Iap/AppEngineServiceIamBinding.cs +++ b/sdk/dotnet/Iap/AppEngineServiceIamBinding.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_app\_engine\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.AppEngineServiceIamPolicy("policy", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.AppEngineServiceIamPolicy("policy", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_app\_engine\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.AppEngineServiceIamBinding("binding", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.AppEngineServiceIamBinding("binding", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_app\_engine\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.AppEngineServiceIamMember("member", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.AppEngineServiceIamMember("member", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -280,14 +474,8 @@ public partial class AppEngineServiceIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -299,6 +487,13 @@ public partial class AppEngineServiceIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -377,17 +572,9 @@ public sealed class AppEngineServiceIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -399,6 +586,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -445,17 +642,9 @@ public sealed class AppEngineServiceIamBindingState : global::Pulumi.ResourceArg [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -467,6 +656,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/AppEngineServiceIamMember.cs b/sdk/dotnet/Iap/AppEngineServiceIamMember.cs index caaa2b4c2b..f7a82728a3 100644 --- a/sdk/dotnet/Iap/AppEngineServiceIamMember.cs +++ b/sdk/dotnet/Iap/AppEngineServiceIamMember.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_app\_engine\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.AppEngineServiceIamPolicy("policy", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.AppEngineServiceIamPolicy("policy", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_app\_engine\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.AppEngineServiceIamBinding("binding", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.AppEngineServiceIamBinding("binding", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_app\_engine\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.AppEngineServiceIamMember("member", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.AppEngineServiceIamMember("member", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -280,14 +474,8 @@ public partial class AppEngineServiceIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -299,6 +487,13 @@ public partial class AppEngineServiceIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -375,14 +570,8 @@ public sealed class AppEngineServiceIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -394,6 +583,13 @@ public sealed class AppEngineServiceIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -438,14 +634,8 @@ public sealed class AppEngineServiceIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -457,6 +647,13 @@ public sealed class AppEngineServiceIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/AppEngineServiceIamPolicy.cs b/sdk/dotnet/Iap/AppEngineServiceIamPolicy.cs index bca5e52cb4..f325934df8 100644 --- a/sdk/dotnet/Iap/AppEngineServiceIamPolicy.cs +++ b/sdk/dotnet/Iap/AppEngineServiceIamPolicy.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_app\_engine\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.AppEngineServiceIamPolicy("policy", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.AppEngineServiceIamPolicy("policy", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_app\_engine\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.AppEngineServiceIamBinding("binding", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.AppEngineServiceIamBinding("binding", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.AppEngineServiceIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_app\_engine\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.AppEngineServiceIamMember("member", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.AppEngineServiceIamMember("member", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.AppEngineServiceIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -283,18 +477,6 @@ public partial class AppEngineServiceIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -367,18 +549,6 @@ public sealed class AppEngineServiceIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -419,18 +589,6 @@ public sealed class AppEngineServiceIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/AppEngineVersionIamBinding.cs b/sdk/dotnet/Iap/AppEngineVersionIamBinding.cs index 0cb368b6c9..33330a452b 100644 --- a/sdk/dotnet/Iap/AppEngineVersionIamBinding.cs +++ b/sdk/dotnet/Iap/AppEngineVersionIamBinding.cs @@ -226,6 +226,206 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_app\_engine\_version\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.AppEngineVersionIamPolicy("policy", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.AppEngineVersionIamPolicy("policy", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_app\_engine\_version\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.AppEngineVersionIamBinding("binding", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.AppEngineVersionIamBinding("binding", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_app\_engine\_version\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.AppEngineVersionIamMember("member", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.AppEngineVersionIamMember("member", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -286,14 +486,8 @@ public partial class AppEngineVersionIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -305,6 +499,13 @@ public partial class AppEngineVersionIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -389,17 +590,9 @@ public sealed class AppEngineVersionIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -411,6 +604,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -463,17 +666,9 @@ public sealed class AppEngineVersionIamBindingState : global::Pulumi.ResourceArg [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -485,6 +680,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/AppEngineVersionIamMember.cs b/sdk/dotnet/Iap/AppEngineVersionIamMember.cs index 75b5993026..ae2828a186 100644 --- a/sdk/dotnet/Iap/AppEngineVersionIamMember.cs +++ b/sdk/dotnet/Iap/AppEngineVersionIamMember.cs @@ -226,6 +226,206 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_app\_engine\_version\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.AppEngineVersionIamPolicy("policy", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.AppEngineVersionIamPolicy("policy", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_app\_engine\_version\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.AppEngineVersionIamBinding("binding", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.AppEngineVersionIamBinding("binding", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_app\_engine\_version\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.AppEngineVersionIamMember("member", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.AppEngineVersionIamMember("member", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -286,14 +486,8 @@ public partial class AppEngineVersionIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -305,6 +499,13 @@ public partial class AppEngineVersionIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -387,14 +588,8 @@ public sealed class AppEngineVersionIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -406,6 +601,13 @@ public sealed class AppEngineVersionIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -456,14 +658,8 @@ public sealed class AppEngineVersionIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -475,6 +671,13 @@ public sealed class AppEngineVersionIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/AppEngineVersionIamPolicy.cs b/sdk/dotnet/Iap/AppEngineVersionIamPolicy.cs index 56f5b9e875..e7a74e7a37 100644 --- a/sdk/dotnet/Iap/AppEngineVersionIamPolicy.cs +++ b/sdk/dotnet/Iap/AppEngineVersionIamPolicy.cs @@ -226,6 +226,206 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_app\_engine\_version\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.AppEngineVersionIamPolicy("policy", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.AppEngineVersionIamPolicy("policy", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_app\_engine\_version\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.AppEngineVersionIamBinding("binding", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.AppEngineVersionIamBinding("binding", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.AppEngineVersionIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_app\_engine\_version\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.AppEngineVersionIamMember("member", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.AppEngineVersionIamMember("member", new() + /// { + /// Project = version.Project, + /// AppId = version.Project, + /// Service = version.Service, + /// VersionId = version.VersionId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.AppEngineVersionIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -289,18 +489,6 @@ public partial class AppEngineVersionIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -379,18 +567,6 @@ public sealed class AppEngineVersionIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -437,18 +613,6 @@ public sealed class AppEngineVersionIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/TunnelDestGroupIamBinding.cs b/sdk/dotnet/Iap/TunnelDestGroupIamBinding.cs index 5414782748..7352d6ed57 100644 --- a/sdk/dotnet/Iap/TunnelDestGroupIamBinding.cs +++ b/sdk/dotnet/Iap/TunnelDestGroupIamBinding.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_tunnel\_dest\_group\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelDestGroupIamPolicy("policy", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelDestGroupIamPolicy("policy", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_dest\_group\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelDestGroupIamBinding("binding", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelDestGroupIamBinding("binding", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_dest\_group\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelDestGroupIamMember("member", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelDestGroupIamMember("member", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -279,14 +473,8 @@ public partial class TunnelDestGroupIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -298,6 +486,13 @@ public partial class TunnelDestGroupIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -376,17 +571,9 @@ public sealed class TunnelDestGroupIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -398,6 +585,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -444,17 +641,9 @@ public sealed class TunnelDestGroupIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -466,6 +655,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/TunnelDestGroupIamMember.cs b/sdk/dotnet/Iap/TunnelDestGroupIamMember.cs index a708d0f446..6d1f25524a 100644 --- a/sdk/dotnet/Iap/TunnelDestGroupIamMember.cs +++ b/sdk/dotnet/Iap/TunnelDestGroupIamMember.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_tunnel\_dest\_group\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelDestGroupIamPolicy("policy", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelDestGroupIamPolicy("policy", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_dest\_group\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelDestGroupIamBinding("binding", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelDestGroupIamBinding("binding", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_dest\_group\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelDestGroupIamMember("member", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelDestGroupIamMember("member", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -279,14 +473,8 @@ public partial class TunnelDestGroupIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -298,6 +486,13 @@ public partial class TunnelDestGroupIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -374,14 +569,8 @@ public sealed class TunnelDestGroupIamMemberArgs : global::Pulumi.ResourceArgs [Input("destGroup", required: true)] public Input DestGroup { get; set; } = null!; - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -393,6 +582,13 @@ public sealed class TunnelDestGroupIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -437,14 +633,8 @@ public sealed class TunnelDestGroupIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -456,6 +646,13 @@ public sealed class TunnelDestGroupIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/TunnelDestGroupIamPolicy.cs b/sdk/dotnet/Iap/TunnelDestGroupIamPolicy.cs index 4359368009..67a857dd0a 100644 --- a/sdk/dotnet/Iap/TunnelDestGroupIamPolicy.cs +++ b/sdk/dotnet/Iap/TunnelDestGroupIamPolicy.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_tunnel\_dest\_group\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelDestGroupIamPolicy("policy", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelDestGroupIamPolicy("policy", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_dest\_group\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelDestGroupIamBinding("binding", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelDestGroupIamBinding("binding", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_dest\_group\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelDestGroupIamMember("member", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelDestGroupIamMember("member", new() + /// { + /// Project = destGroup.Project, + /// Region = destGroup.Region, + /// DestGroup = destGroup.GroupName, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.TunnelDestGroupIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -282,18 +476,6 @@ public partial class TunnelDestGroupIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -366,18 +548,6 @@ public sealed class TunnelDestGroupIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -418,18 +588,6 @@ public sealed class TunnelDestGroupIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/TunnelIamBinding.cs b/sdk/dotnet/Iap/TunnelIamBinding.cs index 46ec729ca1..12384f189a 100644 --- a/sdk/dotnet/Iap/TunnelIamBinding.cs +++ b/sdk/dotnet/Iap/TunnelIamBinding.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_tunnel\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -258,14 +440,8 @@ public partial class TunnelIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -277,6 +453,13 @@ public partial class TunnelIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -343,17 +526,9 @@ public sealed class TunnelIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -365,6 +540,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -399,17 +584,9 @@ public sealed class TunnelIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -421,6 +598,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/TunnelIamMember.cs b/sdk/dotnet/Iap/TunnelIamMember.cs index d11a58b531..5f44583636 100644 --- a/sdk/dotnet/Iap/TunnelIamMember.cs +++ b/sdk/dotnet/Iap/TunnelIamMember.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_tunnel\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -258,14 +440,8 @@ public partial class TunnelIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -277,6 +453,13 @@ public partial class TunnelIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -341,14 +524,8 @@ public sealed class TunnelIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -360,6 +537,13 @@ public sealed class TunnelIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -392,14 +576,8 @@ public sealed class TunnelIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -411,6 +589,13 @@ public sealed class TunnelIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/TunnelIamPolicy.cs b/sdk/dotnet/Iap/TunnelIamPolicy.cs index be08d498af..3df8cc10e5 100644 --- a/sdk/dotnet/Iap/TunnelIamPolicy.cs +++ b/sdk/dotnet/Iap/TunnelIamPolicy.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_tunnel\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.TunnelIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.TunnelIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -261,18 +443,6 @@ public partial class TunnelIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -333,18 +503,6 @@ public sealed class TunnelIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -373,18 +531,6 @@ public sealed class TunnelIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/TunnelInstanceIAMBinding.cs b/sdk/dotnet/Iap/TunnelInstanceIAMBinding.cs index 688e04d833..43f3d802e2 100644 --- a/sdk/dotnet/Iap/TunnelInstanceIAMBinding.cs +++ b/sdk/dotnet/Iap/TunnelInstanceIAMBinding.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_tunnel\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelInstanceIAMPolicy("policy", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelInstanceIAMPolicy("policy", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelInstanceIAMBinding("binding", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelInstanceIAMBinding("binding", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelInstanceIAMMember("member", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelInstanceIAMMember("member", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -282,14 +476,8 @@ public partial class TunnelInstanceIAMBinding : global::Pulumi.CustomResource [Output("instance")] public Output Instance { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -301,6 +489,13 @@ public partial class TunnelInstanceIAMBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -376,17 +571,9 @@ public sealed class TunnelInstanceIAMBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -398,6 +585,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -441,17 +638,9 @@ public sealed class TunnelInstanceIAMBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -463,6 +652,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/TunnelInstanceIAMMember.cs b/sdk/dotnet/Iap/TunnelInstanceIAMMember.cs index 86ed4675f8..d98e33c5c9 100644 --- a/sdk/dotnet/Iap/TunnelInstanceIAMMember.cs +++ b/sdk/dotnet/Iap/TunnelInstanceIAMMember.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_tunnel\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelInstanceIAMPolicy("policy", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelInstanceIAMPolicy("policy", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelInstanceIAMBinding("binding", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelInstanceIAMBinding("binding", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelInstanceIAMMember("member", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelInstanceIAMMember("member", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -282,14 +476,8 @@ public partial class TunnelInstanceIAMMember : global::Pulumi.CustomResource [Output("instance")] public Output Instance { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -301,6 +489,13 @@ public partial class TunnelInstanceIAMMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -374,14 +569,8 @@ public sealed class TunnelInstanceIAMMemberArgs : global::Pulumi.ResourceArgs [Input("instance", required: true)] public Input Instance { get; set; } = null!; - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -393,6 +582,13 @@ public sealed class TunnelInstanceIAMMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -434,14 +630,8 @@ public sealed class TunnelInstanceIAMMemberState : global::Pulumi.ResourceArgs [Input("instance")] public Input? Instance { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -453,6 +643,13 @@ public sealed class TunnelInstanceIAMMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/TunnelInstanceIAMPolicy.cs b/sdk/dotnet/Iap/TunnelInstanceIAMPolicy.cs index 56cbc563a6..f2961611a2 100644 --- a/sdk/dotnet/Iap/TunnelInstanceIAMPolicy.cs +++ b/sdk/dotnet/Iap/TunnelInstanceIAMPolicy.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_tunnel\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelInstanceIAMPolicy("policy", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.TunnelInstanceIAMPolicy("policy", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelInstanceIAMBinding("binding", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.TunnelInstanceIAMBinding("binding", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_tunnel\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelInstanceIAMMember("member", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.TunnelInstanceIAMMember("member", new() + /// { + /// Project = tunnelvm.Project, + /// Zone = tunnelvm.Zone, + /// Instance = tunnelvm.Name, + /// Role = "roles/iap.tunnelResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.TunnelInstanceIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -285,18 +479,6 @@ public partial class TunnelInstanceIAMPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -366,18 +548,6 @@ public sealed class TunnelInstanceIAMPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -415,18 +585,6 @@ public sealed class TunnelInstanceIAMPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebBackendServiceIamBinding.cs b/sdk/dotnet/Iap/WebBackendServiceIamBinding.cs index afd2b67a5a..22ea04a9a0 100644 --- a/sdk/dotnet/Iap/WebBackendServiceIamBinding.cs +++ b/sdk/dotnet/Iap/WebBackendServiceIamBinding.cs @@ -214,6 +214,194 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_backend\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebBackendServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebBackendServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_backend\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebBackendServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebBackendServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_backend\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebBackendServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebBackendServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -266,14 +454,8 @@ public partial class WebBackendServiceIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -285,6 +467,13 @@ public partial class WebBackendServiceIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -357,17 +546,9 @@ public sealed class WebBackendServiceIamBindingArgs : global::Pulumi.ResourceArg [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -379,6 +560,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -419,17 +610,9 @@ public sealed class WebBackendServiceIamBindingState : global::Pulumi.ResourceAr [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -441,6 +624,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebBackendServiceIamMember.cs b/sdk/dotnet/Iap/WebBackendServiceIamMember.cs index efeaff9073..d26986b0d4 100644 --- a/sdk/dotnet/Iap/WebBackendServiceIamMember.cs +++ b/sdk/dotnet/Iap/WebBackendServiceIamMember.cs @@ -214,6 +214,194 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_backend\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebBackendServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebBackendServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_backend\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebBackendServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebBackendServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_backend\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebBackendServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebBackendServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -266,14 +454,8 @@ public partial class WebBackendServiceIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -285,6 +467,13 @@ public partial class WebBackendServiceIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -355,14 +544,8 @@ public sealed class WebBackendServiceIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -374,6 +557,13 @@ public sealed class WebBackendServiceIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -412,14 +602,8 @@ public sealed class WebBackendServiceIamMemberState : global::Pulumi.ResourceArg [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -431,6 +615,13 @@ public sealed class WebBackendServiceIamMemberState : global::Pulumi.ResourceArg /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebBackendServiceIamPolicy.cs b/sdk/dotnet/Iap/WebBackendServiceIamPolicy.cs index 6a63b60f78..3a46d662c1 100644 --- a/sdk/dotnet/Iap/WebBackendServiceIamPolicy.cs +++ b/sdk/dotnet/Iap/WebBackendServiceIamPolicy.cs @@ -214,6 +214,194 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_backend\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebBackendServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebBackendServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_backend\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebBackendServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebBackendServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebBackendServiceIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_backend\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebBackendServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebBackendServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// WebBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebBackendServiceIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -269,18 +457,6 @@ public partial class WebBackendServiceIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -347,18 +523,6 @@ public sealed class WebBackendServiceIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -393,18 +557,6 @@ public sealed class WebBackendServiceIamPolicyState : global::Pulumi.ResourceArg /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebIamBinding.cs b/sdk/dotnet/Iap/WebIamBinding.cs index 1dcd3b3d56..a62bd97a9f 100644 --- a/sdk/dotnet/Iap/WebIamBinding.cs +++ b/sdk/dotnet/Iap/WebIamBinding.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -258,14 +440,8 @@ public partial class WebIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -277,6 +453,13 @@ public partial class WebIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -343,17 +526,9 @@ public sealed class WebIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -365,6 +540,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -399,17 +584,9 @@ public sealed class WebIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -421,6 +598,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebIamMember.cs b/sdk/dotnet/Iap/WebIamMember.cs index 15afe59b77..60d000eadf 100644 --- a/sdk/dotnet/Iap/WebIamMember.cs +++ b/sdk/dotnet/Iap/WebIamMember.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -258,14 +440,8 @@ public partial class WebIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -277,6 +453,13 @@ public partial class WebIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -341,14 +524,8 @@ public sealed class WebIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -360,6 +537,13 @@ public sealed class WebIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -392,14 +576,8 @@ public sealed class WebIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -411,6 +589,13 @@ public sealed class WebIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebIamPolicy.cs b/sdk/dotnet/Iap/WebIamPolicy.cs index 629133009c..d70181b492 100644 --- a/sdk/dotnet/Iap/WebIamPolicy.cs +++ b/sdk/dotnet/Iap/WebIamPolicy.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -261,18 +443,6 @@ public partial class WebIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -333,18 +503,6 @@ public sealed class WebIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -373,18 +531,6 @@ public sealed class WebIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebRegionBackendServiceIamBinding.cs b/sdk/dotnet/Iap/WebRegionBackendServiceIamBinding.cs index 3da561c238..d7e164fc51 100644 --- a/sdk/dotnet/Iap/WebRegionBackendServiceIamBinding.cs +++ b/sdk/dotnet/Iap/WebRegionBackendServiceIamBinding.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_region\_backend\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_region\_backend\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_region\_backend\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebRegionBackendServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebRegionBackendServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -274,14 +468,8 @@ public partial class WebRegionBackendServiceIamBinding : global::Pulumi.CustomRe [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -293,6 +481,13 @@ public partial class WebRegionBackendServiceIamBinding : global::Pulumi.CustomRe /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -368,17 +563,9 @@ public sealed class WebRegionBackendServiceIamBindingArgs : global::Pulumi.Resou [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -390,6 +577,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -433,17 +630,9 @@ public sealed class WebRegionBackendServiceIamBindingState : global::Pulumi.Reso [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -455,6 +644,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebRegionBackendServiceIamMember.cs b/sdk/dotnet/Iap/WebRegionBackendServiceIamMember.cs index 27e934c164..b372e1bd8d 100644 --- a/sdk/dotnet/Iap/WebRegionBackendServiceIamMember.cs +++ b/sdk/dotnet/Iap/WebRegionBackendServiceIamMember.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_region\_backend\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_region\_backend\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_region\_backend\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebRegionBackendServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebRegionBackendServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -274,14 +468,8 @@ public partial class WebRegionBackendServiceIamMember : global::Pulumi.CustomRes [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -293,6 +481,13 @@ public partial class WebRegionBackendServiceIamMember : global::Pulumi.CustomRes /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -366,14 +561,8 @@ public sealed class WebRegionBackendServiceIamMemberArgs : global::Pulumi.Resour [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -385,6 +574,13 @@ public sealed class WebRegionBackendServiceIamMemberArgs : global::Pulumi.Resour /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -426,14 +622,8 @@ public sealed class WebRegionBackendServiceIamMemberState : global::Pulumi.Resou [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -445,6 +635,13 @@ public sealed class WebRegionBackendServiceIamMemberState : global::Pulumi.Resou /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebRegionBackendServiceIamPolicy.cs b/sdk/dotnet/Iap/WebRegionBackendServiceIamPolicy.cs index a12ec2b5c5..13c341695e 100644 --- a/sdk/dotnet/Iap/WebRegionBackendServiceIamPolicy.cs +++ b/sdk/dotnet/Iap/WebRegionBackendServiceIamPolicy.cs @@ -220,6 +220,200 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_region\_backend\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebRegionBackendServiceIamPolicy("policy", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_region\_backend\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebRegionBackendServiceIamBinding("binding", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_region\_backend\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebRegionBackendServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebRegionBackendServiceIamMember("member", new() + /// { + /// Project = @default.Project, + /// Region = @default.Region, + /// WebRegionBackendService = @default.Name, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebRegionBackendServiceIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -277,18 +471,6 @@ public partial class WebRegionBackendServiceIamPolicy : global::Pulumi.CustomRes /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -358,18 +540,6 @@ public sealed class WebRegionBackendServiceIamPolicyArgs : global::Pulumi.Resour /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -407,18 +577,6 @@ public sealed class WebRegionBackendServiceIamPolicyState : global::Pulumi.Resou /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebTypeAppEngingIamBinding.cs b/sdk/dotnet/Iap/WebTypeAppEngingIamBinding.cs index 62652fc5f5..4b896e5f6a 100644 --- a/sdk/dotnet/Iap/WebTypeAppEngingIamBinding.cs +++ b/sdk/dotnet/Iap/WebTypeAppEngingIamBinding.cs @@ -214,6 +214,194 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_type\_app\_engine\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy("policy", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy("policy", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_type\_app\_engine\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebTypeAppEngingIamBinding("binding", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebTypeAppEngingIamBinding("binding", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_type\_app\_engine\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebTypeAppEngingIamMember("member", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebTypeAppEngingIamMember("member", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -272,14 +460,8 @@ public partial class WebTypeAppEngingIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -291,6 +473,13 @@ public partial class WebTypeAppEngingIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -363,17 +552,9 @@ public sealed class WebTypeAppEngingIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -385,6 +566,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -425,17 +616,9 @@ public sealed class WebTypeAppEngingIamBindingState : global::Pulumi.ResourceArg [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -447,6 +630,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebTypeAppEngingIamMember.cs b/sdk/dotnet/Iap/WebTypeAppEngingIamMember.cs index 77053c9f47..69aea33d3e 100644 --- a/sdk/dotnet/Iap/WebTypeAppEngingIamMember.cs +++ b/sdk/dotnet/Iap/WebTypeAppEngingIamMember.cs @@ -214,6 +214,194 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_type\_app\_engine\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy("policy", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy("policy", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_type\_app\_engine\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebTypeAppEngingIamBinding("binding", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebTypeAppEngingIamBinding("binding", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_type\_app\_engine\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebTypeAppEngingIamMember("member", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebTypeAppEngingIamMember("member", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -272,14 +460,8 @@ public partial class WebTypeAppEngingIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -291,6 +473,13 @@ public partial class WebTypeAppEngingIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -361,14 +550,8 @@ public sealed class WebTypeAppEngingIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -380,6 +563,13 @@ public sealed class WebTypeAppEngingIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -418,14 +608,8 @@ public sealed class WebTypeAppEngingIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -437,6 +621,13 @@ public sealed class WebTypeAppEngingIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebTypeAppEngingIamPolicy.cs b/sdk/dotnet/Iap/WebTypeAppEngingIamPolicy.cs index 138988db3a..524944c009 100644 --- a/sdk/dotnet/Iap/WebTypeAppEngingIamPolicy.cs +++ b/sdk/dotnet/Iap/WebTypeAppEngingIamPolicy.cs @@ -214,6 +214,194 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_type\_app\_engine\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy("policy", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebTypeAppEngingIamPolicy("policy", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_type\_app\_engine\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebTypeAppEngingIamBinding("binding", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebTypeAppEngingIamBinding("binding", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_type\_app\_engine\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebTypeAppEngingIamMember("member", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebTypeAppEngingIamMember("member", new() + /// { + /// Project = app.Project, + /// AppId = app.AppId, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebTypeAppEngingIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -275,18 +463,6 @@ public partial class WebTypeAppEngingIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -353,18 +529,6 @@ public sealed class WebTypeAppEngingIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -399,18 +563,6 @@ public sealed class WebTypeAppEngingIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebTypeComputeIamBinding.cs b/sdk/dotnet/Iap/WebTypeComputeIamBinding.cs index 2c2202d430..add66e2b1c 100644 --- a/sdk/dotnet/Iap/WebTypeComputeIamBinding.cs +++ b/sdk/dotnet/Iap/WebTypeComputeIamBinding.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_type\_compute\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebTypeComputeIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebTypeComputeIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_type\_compute\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebTypeComputeIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebTypeComputeIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_type\_compute\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebTypeComputeIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebTypeComputeIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -258,14 +440,8 @@ public partial class WebTypeComputeIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -277,6 +453,13 @@ public partial class WebTypeComputeIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -343,17 +526,9 @@ public sealed class WebTypeComputeIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -365,6 +540,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -399,17 +584,9 @@ public sealed class WebTypeComputeIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -421,6 +598,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebTypeComputeIamMember.cs b/sdk/dotnet/Iap/WebTypeComputeIamMember.cs index 79cd329193..b164a3c68b 100644 --- a/sdk/dotnet/Iap/WebTypeComputeIamMember.cs +++ b/sdk/dotnet/Iap/WebTypeComputeIamMember.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_type\_compute\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebTypeComputeIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebTypeComputeIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_type\_compute\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebTypeComputeIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebTypeComputeIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_type\_compute\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebTypeComputeIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebTypeComputeIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -258,14 +440,8 @@ public partial class WebTypeComputeIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -277,6 +453,13 @@ public partial class WebTypeComputeIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -341,14 +524,8 @@ public sealed class WebTypeComputeIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -360,6 +537,13 @@ public sealed class WebTypeComputeIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -392,14 +576,8 @@ public sealed class WebTypeComputeIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -411,6 +589,13 @@ public sealed class WebTypeComputeIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Iap/WebTypeComputeIamPolicy.cs b/sdk/dotnet/Iap/WebTypeComputeIamPolicy.cs index b085e1a384..ee035f2201 100644 --- a/sdk/dotnet/Iap/WebTypeComputeIamPolicy.cs +++ b/sdk/dotnet/Iap/WebTypeComputeIamPolicy.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.Iap /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_iap\_web\_type\_compute\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebTypeComputeIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Iap.WebTypeComputeIamPolicy("policy", new() + /// { + /// Project = projectService.Project, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_type\_compute\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebTypeComputeIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Iap.WebTypeComputeIamBinding("binding", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Iap.Inputs.WebTypeComputeIamBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_iap\_web\_type\_compute\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebTypeComputeIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Iap.WebTypeComputeIamMember("member", new() + /// { + /// Project = projectService.Project, + /// Role = "roles/iap.httpsResourceAccessor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Iap.Inputs.WebTypeComputeIamMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -261,18 +443,6 @@ public partial class WebTypeComputeIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -333,18 +503,6 @@ public sealed class WebTypeComputeIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -373,18 +531,6 @@ public sealed class WebTypeComputeIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Kms/CryptoKeyIAMBinding.cs b/sdk/dotnet/Kms/CryptoKeyIAMBinding.cs index 158080d02e..660c46d809 100644 --- a/sdk/dotnet/Kms/CryptoKeyIAMBinding.cs +++ b/sdk/dotnet/Kms/CryptoKeyIAMBinding.cs @@ -246,15 +246,6 @@ public partial class CryptoKeyIAMBinding : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or /// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, /// the provider's project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("cryptoKeyId")] public Output CryptoKeyId { get; private set; } = null!; @@ -265,6 +256,16 @@ public partial class CryptoKeyIAMBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -333,8 +334,15 @@ public sealed class CryptoKeyIAMBindingArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or /// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, /// the provider's project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("cryptoKeyId", required: true)] + public Input CryptoKeyId { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -343,11 +351,6 @@ public sealed class CryptoKeyIAMBindingArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("cryptoKeyId", required: true)] - public Input CryptoKeyId { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -381,15 +384,6 @@ public sealed class CryptoKeyIAMBindingState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or /// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, /// the provider's project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("cryptoKeyId")] public Input? CryptoKeyId { get; set; } @@ -402,6 +396,17 @@ public sealed class CryptoKeyIAMBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Kms/CryptoKeyIAMMember.cs b/sdk/dotnet/Kms/CryptoKeyIAMMember.cs index 49dfdf1d11..08dc02109b 100644 --- a/sdk/dotnet/Kms/CryptoKeyIAMMember.cs +++ b/sdk/dotnet/Kms/CryptoKeyIAMMember.cs @@ -246,15 +246,6 @@ public partial class CryptoKeyIAMMember : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or /// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, /// the provider's project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("cryptoKeyId")] public Output CryptoKeyId { get; private set; } = null!; @@ -265,6 +256,16 @@ public partial class CryptoKeyIAMMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -333,8 +334,12 @@ public sealed class CryptoKeyIAMMemberArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or /// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, /// the provider's project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("cryptoKeyId", required: true)] + public Input CryptoKeyId { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -343,9 +348,6 @@ public sealed class CryptoKeyIAMMemberArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("cryptoKeyId", required: true)] - public Input CryptoKeyId { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -376,15 +378,6 @@ public sealed class CryptoKeyIAMMemberState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or /// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, /// the provider's project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("cryptoKeyId")] public Input? CryptoKeyId { get; set; } @@ -395,6 +388,16 @@ public sealed class CryptoKeyIAMMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Kms/CryptoKeyIAMPolicy.cs b/sdk/dotnet/Kms/CryptoKeyIAMPolicy.cs index 1d9c74c1a0..88f39df8e5 100644 --- a/sdk/dotnet/Kms/CryptoKeyIAMPolicy.cs +++ b/sdk/dotnet/Kms/CryptoKeyIAMPolicy.cs @@ -239,15 +239,6 @@ public partial class CryptoKeyIAMPolicy : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or /// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, /// the provider's project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("cryptoKeyId")] public Output CryptoKeyId { get; private set; } = null!; @@ -316,15 +307,6 @@ public sealed class CryptoKeyIAMPolicyArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or /// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, /// the provider's project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("cryptoKeyId", required: true)] public Input CryptoKeyId { get; set; } = null!; @@ -349,15 +331,6 @@ public sealed class CryptoKeyIAMPolicyState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or /// `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, /// the provider's project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("cryptoKeyId")] public Input? CryptoKeyId { get; set; } diff --git a/sdk/dotnet/Kms/KeyRingIAMBinding.cs b/sdk/dotnet/Kms/KeyRingIAMBinding.cs index ed85d2bb72..67db244fb7 100644 --- a/sdk/dotnet/Kms/KeyRingIAMBinding.cs +++ b/sdk/dotnet/Kms/KeyRingIAMBinding.cs @@ -216,6 +216,202 @@ namespace Pulumi.Gcp.Kms /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_kms\_key\_ring\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyring = new Gcp.Kms.KeyRing("keyring", new() + /// { + /// Name = "keyring-example", + /// Location = "global", + /// }); + /// + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var keyRing = new Gcp.Kms.KeyRingIAMPolicy("key_ring", new() + /// { + /// KeyRingId = keyring.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyring = new Gcp.Kms.KeyRing("keyring", new() + /// { + /// Name = "keyring-example", + /// Location = "global", + /// }); + /// + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var keyRing = new Gcp.Kms.KeyRingIAMPolicy("key_ring", new() + /// { + /// KeyRingId = keyring.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_kms\_key\_ring\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyRing = new Gcp.Kms.KeyRingIAMBinding("key_ring", new() + /// { + /// KeyRingId = "your-key-ring-id", + /// Role = "roles/cloudkms.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyRing = new Gcp.Kms.KeyRingIAMBinding("key_ring", new() + /// { + /// KeyRingId = "your-key-ring-id", + /// Role = "roles/cloudkms.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_kms\_key\_ring\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyRing = new Gcp.Kms.KeyRingIAMMember("key_ring", new() + /// { + /// KeyRingId = "your-key-ring-id", + /// Role = "roles/cloudkms.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyRing = new Gcp.Kms.KeyRingIAMMember("key_ring", new() + /// { + /// KeyRingId = "your-key-ring-id", + /// Role = "roles/cloudkms.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -263,8 +459,12 @@ public partial class KeyRingIAMBinding : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{key_ring_name}` or /// `{location_name}/{key_ring_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("keyRingId")] + public Output KeyRingId { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -273,9 +473,6 @@ public partial class KeyRingIAMBinding : global::Pulumi.CustomResource /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Output("keyRingId")] - public Output KeyRingId { get; private set; } = null!; - [Output("members")] public Output> Members { get; private set; } = null!; @@ -345,8 +542,15 @@ public sealed class KeyRingIAMBindingArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{key_ring_name}` or /// `{location_name}/{key_ring_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("keyRingId", required: true)] + public Input KeyRingId { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -355,11 +559,6 @@ public sealed class KeyRingIAMBindingArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("keyRingId", required: true)] - public Input KeyRingId { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -400,8 +599,15 @@ public sealed class KeyRingIAMBindingState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{key_ring_name}` or /// `{location_name}/{key_ring_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("keyRingId")] + public Input? KeyRingId { get; set; } + + [Input("members")] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -410,11 +616,6 @@ public sealed class KeyRingIAMBindingState : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("keyRingId")] - public Input? KeyRingId { get; set; } - - [Input("members")] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Kms/KeyRingIAMMember.cs b/sdk/dotnet/Kms/KeyRingIAMMember.cs index a520be52ae..39238813c1 100644 --- a/sdk/dotnet/Kms/KeyRingIAMMember.cs +++ b/sdk/dotnet/Kms/KeyRingIAMMember.cs @@ -216,6 +216,202 @@ namespace Pulumi.Gcp.Kms /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_kms\_key\_ring\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyring = new Gcp.Kms.KeyRing("keyring", new() + /// { + /// Name = "keyring-example", + /// Location = "global", + /// }); + /// + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var keyRing = new Gcp.Kms.KeyRingIAMPolicy("key_ring", new() + /// { + /// KeyRingId = keyring.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyring = new Gcp.Kms.KeyRing("keyring", new() + /// { + /// Name = "keyring-example", + /// Location = "global", + /// }); + /// + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var keyRing = new Gcp.Kms.KeyRingIAMPolicy("key_ring", new() + /// { + /// KeyRingId = keyring.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_kms\_key\_ring\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyRing = new Gcp.Kms.KeyRingIAMBinding("key_ring", new() + /// { + /// KeyRingId = "your-key-ring-id", + /// Role = "roles/cloudkms.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyRing = new Gcp.Kms.KeyRingIAMBinding("key_ring", new() + /// { + /// KeyRingId = "your-key-ring-id", + /// Role = "roles/cloudkms.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_kms\_key\_ring\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyRing = new Gcp.Kms.KeyRingIAMMember("key_ring", new() + /// { + /// KeyRingId = "your-key-ring-id", + /// Role = "roles/cloudkms.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyRing = new Gcp.Kms.KeyRingIAMMember("key_ring", new() + /// { + /// KeyRingId = "your-key-ring-id", + /// Role = "roles/cloudkms.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -263,8 +459,12 @@ public partial class KeyRingIAMMember : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{key_ring_name}` or /// `{location_name}/{key_ring_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("keyRingId")] + public Output KeyRingId { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -273,9 +473,6 @@ public partial class KeyRingIAMMember : global::Pulumi.CustomResource /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Output("keyRingId")] - public Output KeyRingId { get; private set; } = null!; - [Output("member")] public Output Member { get; private set; } = null!; @@ -345,8 +542,12 @@ public sealed class KeyRingIAMMemberArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{key_ring_name}` or /// `{location_name}/{key_ring_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("keyRingId", required: true)] + public Input KeyRingId { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -355,9 +556,6 @@ public sealed class KeyRingIAMMemberArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("keyRingId", required: true)] - public Input KeyRingId { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -395,8 +593,12 @@ public sealed class KeyRingIAMMemberState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{key_ring_name}` or /// `{location_name}/{key_ring_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("keyRingId")] + public Input? KeyRingId { get; set; } + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -405,9 +607,6 @@ public sealed class KeyRingIAMMemberState : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("keyRingId")] - public Input? KeyRingId { get; set; } - [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Kms/KeyRingIAMPolicy.cs b/sdk/dotnet/Kms/KeyRingIAMPolicy.cs index 06d0b874a3..d8dc09c07b 100644 --- a/sdk/dotnet/Kms/KeyRingIAMPolicy.cs +++ b/sdk/dotnet/Kms/KeyRingIAMPolicy.cs @@ -216,6 +216,202 @@ namespace Pulumi.Gcp.Kms /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_kms\_key\_ring\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyring = new Gcp.Kms.KeyRing("keyring", new() + /// { + /// Name = "keyring-example", + /// Location = "global", + /// }); + /// + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var keyRing = new Gcp.Kms.KeyRingIAMPolicy("key_ring", new() + /// { + /// KeyRingId = keyring.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyring = new Gcp.Kms.KeyRing("keyring", new() + /// { + /// Name = "keyring-example", + /// Location = "global", + /// }); + /// + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var keyRing = new Gcp.Kms.KeyRingIAMPolicy("key_ring", new() + /// { + /// KeyRingId = keyring.Id, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_kms\_key\_ring\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyRing = new Gcp.Kms.KeyRingIAMBinding("key_ring", new() + /// { + /// KeyRingId = "your-key-ring-id", + /// Role = "roles/cloudkms.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyRing = new Gcp.Kms.KeyRingIAMBinding("key_ring", new() + /// { + /// KeyRingId = "your-key-ring-id", + /// Role = "roles/cloudkms.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Kms.Inputs.KeyRingIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_kms\_key\_ring\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyRing = new Gcp.Kms.KeyRingIAMMember("key_ring", new() + /// { + /// KeyRingId = "your-key-ring-id", + /// Role = "roles/cloudkms.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var keyRing = new Gcp.Kms.KeyRingIAMMember("key_ring", new() + /// { + /// KeyRingId = "your-key-ring-id", + /// Role = "roles/cloudkms.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Kms.Inputs.KeyRingIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -256,15 +452,6 @@ public partial class KeyRingIAMPolicy : global::Pulumi.CustomResource /// `{project_id}/{location_name}/{key_ring_name}` or /// `{location_name}/{key_ring_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("keyRingId")] public Output KeyRingId { get; private set; } = null!; @@ -327,15 +514,6 @@ public sealed class KeyRingIAMPolicyArgs : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{key_ring_name}` or /// `{location_name}/{key_ring_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("keyRingId", required: true)] public Input KeyRingId { get; set; } = null!; @@ -366,15 +544,6 @@ public sealed class KeyRingIAMPolicyState : global::Pulumi.ResourceArgs /// `{project_id}/{location_name}/{key_ring_name}` or /// `{location_name}/{key_ring_name}`. In the second form, the provider's /// project setting will be used as a fallback. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("keyRingId")] public Input? KeyRingId { get; set; } diff --git a/sdk/dotnet/NetworkSecurity/AddressGroupIamPolicy.cs b/sdk/dotnet/NetworkSecurity/AddressGroupIamPolicy.cs index 5ef3f36661..4f5b0142e2 100644 --- a/sdk/dotnet/NetworkSecurity/AddressGroupIamPolicy.cs +++ b/sdk/dotnet/NetworkSecurity/AddressGroupIamPolicy.cs @@ -94,18 +94,6 @@ public partial class AddressGroupIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -179,18 +167,6 @@ public sealed class AddressGroupIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -232,18 +208,6 @@ public sealed class AddressGroupIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Notebooks/InstanceIamBinding.cs b/sdk/dotnet/Notebooks/InstanceIamBinding.cs index ac1e85285b..797db391f5 100644 --- a/sdk/dotnet/Notebooks/InstanceIamBinding.cs +++ b/sdk/dotnet/Notebooks/InstanceIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Notebooks /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_notebooks\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Notebooks.InstanceIamPolicy("policy", new() + /// { + /// Project = instance.Project, + /// Location = instance.Location, + /// InstanceName = instance.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_notebooks\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Notebooks.InstanceIamBinding("binding", new() + /// { + /// Project = instance.Project, + /// Location = instance.Location, + /// InstanceName = instance.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_notebooks\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Notebooks.InstanceIamMember("member", new() + /// { + /// Project = instance.Project, + /// Location = instance.Location, + /// InstanceName = instance.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -175,14 +264,8 @@ public partial class InstanceIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -194,6 +277,13 @@ public partial class InstanceIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -268,17 +358,9 @@ public sealed class InstanceIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -290,6 +372,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -332,17 +424,9 @@ public sealed class InstanceIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -354,6 +438,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Notebooks/InstanceIamMember.cs b/sdk/dotnet/Notebooks/InstanceIamMember.cs index 85dcc9baba..d84ca2fc79 100644 --- a/sdk/dotnet/Notebooks/InstanceIamMember.cs +++ b/sdk/dotnet/Notebooks/InstanceIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Notebooks /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_notebooks\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Notebooks.InstanceIamPolicy("policy", new() + /// { + /// Project = instance.Project, + /// Location = instance.Location, + /// InstanceName = instance.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_notebooks\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Notebooks.InstanceIamBinding("binding", new() + /// { + /// Project = instance.Project, + /// Location = instance.Location, + /// InstanceName = instance.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_notebooks\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Notebooks.InstanceIamMember("member", new() + /// { + /// Project = instance.Project, + /// Location = instance.Location, + /// InstanceName = instance.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -175,14 +264,8 @@ public partial class InstanceIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -194,6 +277,13 @@ public partial class InstanceIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -266,14 +356,8 @@ public sealed class InstanceIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -285,6 +369,13 @@ public sealed class InstanceIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -325,14 +416,8 @@ public sealed class InstanceIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -344,6 +429,13 @@ public sealed class InstanceIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Notebooks/InstanceIamPolicy.cs b/sdk/dotnet/Notebooks/InstanceIamPolicy.cs index 91d8ab7a21..c3f9548741 100644 --- a/sdk/dotnet/Notebooks/InstanceIamPolicy.cs +++ b/sdk/dotnet/Notebooks/InstanceIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Notebooks /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_notebooks\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Notebooks.InstanceIamPolicy("policy", new() + /// { + /// Project = instance.Project, + /// Location = instance.Location, + /// InstanceName = instance.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_notebooks\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Notebooks.InstanceIamBinding("binding", new() + /// { + /// Project = instance.Project, + /// Location = instance.Location, + /// InstanceName = instance.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_notebooks\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Notebooks.InstanceIamMember("member", new() + /// { + /// Project = instance.Project, + /// Location = instance.Location, + /// InstanceName = instance.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,18 +271,6 @@ public partial class InstanceIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -266,18 +343,6 @@ public sealed class InstanceIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -318,18 +383,6 @@ public sealed class InstanceIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Notebooks/RuntimeIamBinding.cs b/sdk/dotnet/Notebooks/RuntimeIamBinding.cs index 2989089246..e0371a05a0 100644 --- a/sdk/dotnet/Notebooks/RuntimeIamBinding.cs +++ b/sdk/dotnet/Notebooks/RuntimeIamBinding.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Notebooks /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_notebooks\_runtime\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Notebooks.RuntimeIamPolicy("policy", new() + /// { + /// Project = runtime.Project, + /// Location = runtime.Location, + /// RuntimeName = runtime.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_notebooks\_runtime\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Notebooks.RuntimeIamBinding("binding", new() + /// { + /// Project = runtime.Project, + /// Location = runtime.Location, + /// RuntimeName = runtime.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_notebooks\_runtime\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Notebooks.RuntimeIamMember("member", new() + /// { + /// Project = runtime.Project, + /// Location = runtime.Location, + /// RuntimeName = runtime.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,14 +258,8 @@ public partial class RuntimeIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -188,6 +271,13 @@ public partial class RuntimeIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -262,17 +352,9 @@ public sealed class RuntimeIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -284,6 +366,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -326,17 +418,9 @@ public sealed class RuntimeIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -348,6 +432,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Notebooks/RuntimeIamMember.cs b/sdk/dotnet/Notebooks/RuntimeIamMember.cs index e106691a29..10bb545d7b 100644 --- a/sdk/dotnet/Notebooks/RuntimeIamMember.cs +++ b/sdk/dotnet/Notebooks/RuntimeIamMember.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Notebooks /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_notebooks\_runtime\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Notebooks.RuntimeIamPolicy("policy", new() + /// { + /// Project = runtime.Project, + /// Location = runtime.Location, + /// RuntimeName = runtime.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_notebooks\_runtime\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Notebooks.RuntimeIamBinding("binding", new() + /// { + /// Project = runtime.Project, + /// Location = runtime.Location, + /// RuntimeName = runtime.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_notebooks\_runtime\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Notebooks.RuntimeIamMember("member", new() + /// { + /// Project = runtime.Project, + /// Location = runtime.Location, + /// RuntimeName = runtime.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,14 +258,8 @@ public partial class RuntimeIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -188,6 +271,13 @@ public partial class RuntimeIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -260,14 +350,8 @@ public sealed class RuntimeIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -279,6 +363,13 @@ public sealed class RuntimeIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -319,14 +410,8 @@ public sealed class RuntimeIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -338,6 +423,13 @@ public sealed class RuntimeIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Notebooks/RuntimeIamPolicy.cs b/sdk/dotnet/Notebooks/RuntimeIamPolicy.cs index 0eda1c5ae0..6c439226c5 100644 --- a/sdk/dotnet/Notebooks/RuntimeIamPolicy.cs +++ b/sdk/dotnet/Notebooks/RuntimeIamPolicy.cs @@ -113,6 +113,95 @@ namespace Pulumi.Gcp.Notebooks /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_notebooks\_runtime\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Notebooks.RuntimeIamPolicy("policy", new() + /// { + /// Project = runtime.Project, + /// Location = runtime.Location, + /// RuntimeName = runtime.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_notebooks\_runtime\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Notebooks.RuntimeIamBinding("binding", new() + /// { + /// Project = runtime.Project, + /// Location = runtime.Location, + /// RuntimeName = runtime.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_notebooks\_runtime\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Notebooks.RuntimeIamMember("member", new() + /// { + /// Project = runtime.Project, + /// Location = runtime.Location, + /// RuntimeName = runtime.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -176,18 +265,6 @@ public partial class RuntimeIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -260,18 +337,6 @@ public sealed class RuntimeIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -312,18 +377,6 @@ public sealed class RuntimeIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Organizations/IAMMember.cs b/sdk/dotnet/Organizations/IAMMember.cs index 256ea1bc6e..7dbf478850 100644 --- a/sdk/dotnet/Organizations/IAMMember.cs +++ b/sdk/dotnet/Organizations/IAMMember.cs @@ -255,6 +255,240 @@ namespace Pulumi.Gcp.Organizations /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_organization\_iam\_policy + /// + /// !> **Warning:** New organizations have several default policies which will, + /// without extreme caution, be **overwritten** by use of this resource. + /// The safest alternative is to use multiple `gcp.organizations.IAMBinding` + /// resources. This resource makes it easy to remove your own access to + /// an organization, which will require a call to Google Support to have + /// fixed, and can take multiple days to resolve. + /// + /// In general, this resource should only be used with organizations + /// fully managed by this provider.I f you do use this resource, + /// the best way to be sure that you are not making dangerous changes is to start + /// by **importing** your existing policy, and examining the diff very closely. + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var organization = new Gcp.Organizations.IAMPolicy("organization", new() + /// { + /// OrgId = "1234567890", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var organization = new Gcp.Organizations.IAMPolicy("organization", new() + /// { + /// OrgId = "1234567890", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_organization\_iam\_binding + /// + /// > **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization. + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var organization = new Gcp.Organizations.IAMBinding("organization", new() + /// { + /// OrgId = "1234567890", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var organization = new Gcp.Organizations.IAMBinding("organization", new() + /// { + /// OrgId = "1234567890", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_organization\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var organization = new Gcp.Organizations.IAMMember("organization", new() + /// { + /// OrgId = "1234567890", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var organization = new Gcp.Organizations.IAMMember("organization", new() + /// { + /// OrgId = "1234567890", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_organization\_iam\_audit\_config + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var organization = new Gcp.Organizations.IamAuditConfig("organization", new() + /// { + /// OrgId = "1234567890", + /// Service = "allServices", + /// AuditLogConfigs = new[] + /// { + /// new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs + /// { + /// LogType = "ADMIN_READ", + /// }, + /// new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs + /// { + /// LogType = "DATA_READ", + /// ExemptedMembers = new[] + /// { + /// "user:joebloggs@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing Audit Configs @@ -297,6 +531,14 @@ public partial class IAMMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -367,6 +609,14 @@ public sealed class IAMMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -405,6 +655,14 @@ public sealed class IAMMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Organizations/IAMPolicy.cs b/sdk/dotnet/Organizations/IAMPolicy.cs index 7f2d3e567e..3248956f1e 100644 --- a/sdk/dotnet/Organizations/IAMPolicy.cs +++ b/sdk/dotnet/Organizations/IAMPolicy.cs @@ -255,6 +255,240 @@ namespace Pulumi.Gcp.Organizations /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_organization\_iam\_policy + /// + /// !> **Warning:** New organizations have several default policies which will, + /// without extreme caution, be **overwritten** by use of this resource. + /// The safest alternative is to use multiple `gcp.organizations.IAMBinding` + /// resources. This resource makes it easy to remove your own access to + /// an organization, which will require a call to Google Support to have + /// fixed, and can take multiple days to resolve. + /// + /// In general, this resource should only be used with organizations + /// fully managed by this provider.I f you do use this resource, + /// the best way to be sure that you are not making dangerous changes is to start + /// by **importing** your existing policy, and examining the diff very closely. + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var organization = new Gcp.Organizations.IAMPolicy("organization", new() + /// { + /// OrgId = "1234567890", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var organization = new Gcp.Organizations.IAMPolicy("organization", new() + /// { + /// OrgId = "1234567890", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_organization\_iam\_binding + /// + /// > **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization. + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var organization = new Gcp.Organizations.IAMBinding("organization", new() + /// { + /// OrgId = "1234567890", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var organization = new Gcp.Organizations.IAMBinding("organization", new() + /// { + /// OrgId = "1234567890", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.IAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_organization\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var organization = new Gcp.Organizations.IAMMember("organization", new() + /// { + /// OrgId = "1234567890", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var organization = new Gcp.Organizations.IAMMember("organization", new() + /// { + /// OrgId = "1234567890", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Organizations.Inputs.IAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_organization\_iam\_audit\_config + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var organization = new Gcp.Organizations.IamAuditConfig("organization", new() + /// { + /// OrgId = "1234567890", + /// Service = "allServices", + /// AuditLogConfigs = new[] + /// { + /// new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs + /// { + /// LogType = "ADMIN_READ", + /// }, + /// new Gcp.Organizations.Inputs.IamAuditConfigAuditLogConfigArgs + /// { + /// LogType = "DATA_READ", + /// ExemptedMembers = new[] + /// { + /// "user:joebloggs@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing Audit Configs diff --git a/sdk/dotnet/Projects/IAMAuditConfig.cs b/sdk/dotnet/Projects/IAMAuditConfig.cs index 1027df1b13..513361fe1a 100644 --- a/sdk/dotnet/Projects/IAMAuditConfig.cs +++ b/sdk/dotnet/Projects/IAMAuditConfig.cs @@ -252,6 +252,234 @@ namespace Pulumi.Gcp.Projects /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_project\_iam\_policy + /// + /// !> **Be careful!** You can accidentally lock yourself out of your project + /// using this resource. Deleting a `gcp.projects.IAMPolicy` removes access + /// from anyone without organization-level access to the project. Proceed with caution. + /// It's not recommended to use `gcp.projects.IAMPolicy` with your provider project + /// to avoid locking yourself out, and it should generally only be used with projects + /// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + /// applying the change. + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var project = new Gcp.Projects.IAMPolicy("project", new() + /// { + /// Project = "your-project-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var project = new Gcp.Projects.IAMPolicy("project", new() + /// { + /// Project = "your-project-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_project\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMBinding("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMBinding("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/container.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_project\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMMember("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMMember("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/firebase.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_project\_iam\_audit\_config + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMAuditConfig("project", new() + /// { + /// Project = "your-project-id", + /// Service = "allServices", + /// AuditLogConfigs = new[] + /// { + /// new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs + /// { + /// LogType = "ADMIN_READ", + /// }, + /// new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs + /// { + /// LogType = "DATA_READ", + /// ExemptedMembers = new[] + /// { + /// "user:joebloggs@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing Audit Configs diff --git a/sdk/dotnet/Projects/IAMBinding.cs b/sdk/dotnet/Projects/IAMBinding.cs index aa743e47f2..75bb96db7c 100644 --- a/sdk/dotnet/Projects/IAMBinding.cs +++ b/sdk/dotnet/Projects/IAMBinding.cs @@ -252,6 +252,234 @@ namespace Pulumi.Gcp.Projects /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_project\_iam\_policy + /// + /// !> **Be careful!** You can accidentally lock yourself out of your project + /// using this resource. Deleting a `gcp.projects.IAMPolicy` removes access + /// from anyone without organization-level access to the project. Proceed with caution. + /// It's not recommended to use `gcp.projects.IAMPolicy` with your provider project + /// to avoid locking yourself out, and it should generally only be used with projects + /// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + /// applying the change. + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var project = new Gcp.Projects.IAMPolicy("project", new() + /// { + /// Project = "your-project-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var project = new Gcp.Projects.IAMPolicy("project", new() + /// { + /// Project = "your-project-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_project\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMBinding("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMBinding("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/container.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_project\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMMember("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMMember("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/firebase.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_project\_iam\_audit\_config + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMAuditConfig("project", new() + /// { + /// Project = "your-project-id", + /// Service = "allServices", + /// AuditLogConfigs = new[] + /// { + /// new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs + /// { + /// LogType = "ADMIN_READ", + /// }, + /// new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs + /// { + /// LogType = "DATA_READ", + /// ExemptedMembers = new[] + /// { + /// "user:joebloggs@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing Audit Configs @@ -294,6 +522,14 @@ public partial class IAMBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -367,6 +603,15 @@ public sealed class IAMBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -411,6 +656,15 @@ public sealed class IAMBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Projects/IAMMember.cs b/sdk/dotnet/Projects/IAMMember.cs index fa4f680ca3..0429d4e0f8 100644 --- a/sdk/dotnet/Projects/IAMMember.cs +++ b/sdk/dotnet/Projects/IAMMember.cs @@ -252,6 +252,234 @@ namespace Pulumi.Gcp.Projects /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_project\_iam\_policy + /// + /// !> **Be careful!** You can accidentally lock yourself out of your project + /// using this resource. Deleting a `gcp.projects.IAMPolicy` removes access + /// from anyone without organization-level access to the project. Proceed with caution. + /// It's not recommended to use `gcp.projects.IAMPolicy` with your provider project + /// to avoid locking yourself out, and it should generally only be used with projects + /// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + /// applying the change. + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var project = new Gcp.Projects.IAMPolicy("project", new() + /// { + /// Project = "your-project-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var project = new Gcp.Projects.IAMPolicy("project", new() + /// { + /// Project = "your-project-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_project\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMBinding("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMBinding("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/container.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_project\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMMember("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMMember("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/firebase.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_project\_iam\_audit\_config + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMAuditConfig("project", new() + /// { + /// Project = "your-project-id", + /// Service = "allServices", + /// AuditLogConfigs = new[] + /// { + /// new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs + /// { + /// LogType = "ADMIN_READ", + /// }, + /// new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs + /// { + /// LogType = "DATA_READ", + /// ExemptedMembers = new[] + /// { + /// "user:joebloggs@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing Audit Configs @@ -294,6 +522,14 @@ public partial class IAMMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -365,6 +601,14 @@ public sealed class IAMMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -404,6 +648,14 @@ public sealed class IAMMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + /// Each entry can have one of the following values: + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Projects/IAMPolicy.cs b/sdk/dotnet/Projects/IAMPolicy.cs index 2758ea9ba2..772b76472a 100644 --- a/sdk/dotnet/Projects/IAMPolicy.cs +++ b/sdk/dotnet/Projects/IAMPolicy.cs @@ -252,6 +252,234 @@ namespace Pulumi.Gcp.Projects /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_project\_iam\_policy + /// + /// !> **Be careful!** You can accidentally lock yourself out of your project + /// using this resource. Deleting a `gcp.projects.IAMPolicy` removes access + /// from anyone without organization-level access to the project. Proceed with caution. + /// It's not recommended to use `gcp.projects.IAMPolicy` with your provider project + /// to avoid locking yourself out, and it should generally only be used with projects + /// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + /// applying the change. + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var project = new Gcp.Projects.IAMPolicy("project", new() + /// { + /// Project = "your-project-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/compute.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var project = new Gcp.Projects.IAMPolicy("project", new() + /// { + /// Project = "your-project-id", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_project\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMBinding("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMBinding("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/container.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Projects.Inputs.IAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_project\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMMember("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMMember("project", new() + /// { + /// Project = "your-project-id", + /// Role = "roles/firebase.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Projects.Inputs.IAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_project\_iam\_audit\_config + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var project = new Gcp.Projects.IAMAuditConfig("project", new() + /// { + /// Project = "your-project-id", + /// Service = "allServices", + /// AuditLogConfigs = new[] + /// { + /// new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs + /// { + /// LogType = "ADMIN_READ", + /// }, + /// new Gcp.Projects.Inputs.IAMAuditConfigAuditLogConfigArgs + /// { + /// LogType = "DATA_READ", + /// ExemptedMembers = new[] + /// { + /// "user:joebloggs@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing Audit Configs diff --git a/sdk/dotnet/PubSub/SchemaIamBinding.cs b/sdk/dotnet/PubSub/SchemaIamBinding.cs index 2489dd7a75..89bc4dcbff 100644 --- a/sdk/dotnet/PubSub/SchemaIamBinding.cs +++ b/sdk/dotnet/PubSub/SchemaIamBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.PubSub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_pubsub\_schema\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.PubSub.SchemaIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Schema = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_schema\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.PubSub.SchemaIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Schema = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_schema\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.PubSub.SchemaIamMember("member", new() + /// { + /// Project = example.Project, + /// Schema = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,14 +244,8 @@ public partial class SchemaIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +257,13 @@ public partial class SchemaIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -245,17 +332,9 @@ public sealed class SchemaIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -267,6 +346,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -303,17 +392,9 @@ public sealed class SchemaIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -325,6 +406,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/PubSub/SchemaIamMember.cs b/sdk/dotnet/PubSub/SchemaIamMember.cs index 85e0f0d6c5..eded2a8f9d 100644 --- a/sdk/dotnet/PubSub/SchemaIamMember.cs +++ b/sdk/dotnet/PubSub/SchemaIamMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.PubSub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_pubsub\_schema\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.PubSub.SchemaIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Schema = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_schema\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.PubSub.SchemaIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Schema = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_schema\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.PubSub.SchemaIamMember("member", new() + /// { + /// Project = example.Project, + /// Schema = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,14 +244,8 @@ public partial class SchemaIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +257,13 @@ public partial class SchemaIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -243,14 +330,8 @@ public sealed class SchemaIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -262,6 +343,13 @@ public sealed class SchemaIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -296,14 +384,8 @@ public sealed class SchemaIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -315,6 +397,13 @@ public sealed class SchemaIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/PubSub/SchemaIamPolicy.cs b/sdk/dotnet/PubSub/SchemaIamPolicy.cs index 34e02f19ab..8578ceb232 100644 --- a/sdk/dotnet/PubSub/SchemaIamPolicy.cs +++ b/sdk/dotnet/PubSub/SchemaIamPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.PubSub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_pubsub\_schema\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.PubSub.SchemaIamPolicy("policy", new() + /// { + /// Project = example.Project, + /// Schema = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_schema\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.PubSub.SchemaIamBinding("binding", new() + /// { + /// Project = example.Project, + /// Schema = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_schema\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.PubSub.SchemaIamMember("member", new() + /// { + /// Project = example.Project, + /// Schema = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -165,18 +251,6 @@ public partial class SchemaIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -243,18 +317,6 @@ public sealed class SchemaIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -289,18 +351,6 @@ public sealed class SchemaIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/PubSub/SubscriptionIAMBinding.cs b/sdk/dotnet/PubSub/SubscriptionIAMBinding.cs index 29ee7d9a49..671a08becd 100644 --- a/sdk/dotnet/PubSub/SubscriptionIAMBinding.cs +++ b/sdk/dotnet/PubSub/SubscriptionIAMBinding.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.PubSub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_pubsub\_subscription\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.PubSub.SubscriptionIAMPolicy("editor", new() + /// { + /// Subscription = "your-subscription-name", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_subscription\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.PubSub.SubscriptionIAMBinding("editor", new() + /// { + /// Subscription = "your-subscription-name", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_subscription\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.PubSub.SubscriptionIAMMember("editor", new() + /// { + /// Subscription = "your-subscription-name", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -141,6 +224,16 @@ public partial class SubscriptionIAMBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -161,15 +254,6 @@ public partial class SubscriptionIAMBinding : global::Pulumi.CustomResource /// /// The subscription name or id to bind to attach IAM policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("subscription")] public Output Subscription { get; private set; } = null!; @@ -225,6 +309,17 @@ public sealed class SubscriptionIAMBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -248,15 +343,6 @@ public InputList Members /// /// The subscription name or id to bind to attach IAM policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("subscription", required: true)] public Input Subscription { get; set; } = null!; @@ -280,6 +366,17 @@ public sealed class SubscriptionIAMBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -303,15 +400,6 @@ public InputList Members /// /// The subscription name or id to bind to attach IAM policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("subscription")] public Input? Subscription { get; set; } diff --git a/sdk/dotnet/PubSub/SubscriptionIAMMember.cs b/sdk/dotnet/PubSub/SubscriptionIAMMember.cs index c50b4f2ba4..138cb38e9d 100644 --- a/sdk/dotnet/PubSub/SubscriptionIAMMember.cs +++ b/sdk/dotnet/PubSub/SubscriptionIAMMember.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.PubSub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_pubsub\_subscription\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.PubSub.SubscriptionIAMPolicy("editor", new() + /// { + /// Subscription = "your-subscription-name", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_subscription\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.PubSub.SubscriptionIAMBinding("editor", new() + /// { + /// Subscription = "your-subscription-name", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_subscription\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.PubSub.SubscriptionIAMMember("editor", new() + /// { + /// Subscription = "your-subscription-name", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -141,6 +224,16 @@ public partial class SubscriptionIAMMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -161,15 +254,6 @@ public partial class SubscriptionIAMMember : global::Pulumi.CustomResource /// /// The subscription name or id to bind to attach IAM policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("subscription")] public Output Subscription { get; private set; } = null!; @@ -223,6 +307,16 @@ public sealed class SubscriptionIAMMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -243,15 +337,6 @@ public sealed class SubscriptionIAMMemberArgs : global::Pulumi.ResourceArgs /// /// The subscription name or id to bind to attach IAM policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("subscription", required: true)] public Input Subscription { get; set; } = null!; @@ -273,6 +358,16 @@ public sealed class SubscriptionIAMMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member")] public Input? Member { get; set; } @@ -293,15 +388,6 @@ public sealed class SubscriptionIAMMemberState : global::Pulumi.ResourceArgs /// /// The subscription name or id to bind to attach IAM policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("subscription")] public Input? Subscription { get; set; } diff --git a/sdk/dotnet/PubSub/SubscriptionIAMPolicy.cs b/sdk/dotnet/PubSub/SubscriptionIAMPolicy.cs index e8730be424..7ef8c35479 100644 --- a/sdk/dotnet/PubSub/SubscriptionIAMPolicy.cs +++ b/sdk/dotnet/PubSub/SubscriptionIAMPolicy.cs @@ -103,6 +103,89 @@ namespace Pulumi.Gcp.PubSub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_pubsub\_subscription\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var editor = new Gcp.PubSub.SubscriptionIAMPolicy("editor", new() + /// { + /// Subscription = "your-subscription-name", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_subscription\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.PubSub.SubscriptionIAMBinding("editor", new() + /// { + /// Subscription = "your-subscription-name", + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_subscription\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var editor = new Gcp.PubSub.SubscriptionIAMMember("editor", new() + /// { + /// Subscription = "your-subscription-name", + /// Role = "roles/editor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -156,15 +239,6 @@ public partial class SubscriptionIAMPolicy : global::Pulumi.CustomResource /// /// The subscription name or id to bind to attach IAM policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("subscription")] public Output Subscription { get; private set; } = null!; @@ -233,15 +307,6 @@ public sealed class SubscriptionIAMPolicyArgs : global::Pulumi.ResourceArgs /// /// The subscription name or id to bind to attach IAM policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("subscription", required: true)] public Input Subscription { get; set; } = null!; @@ -278,15 +343,6 @@ public sealed class SubscriptionIAMPolicyState : global::Pulumi.ResourceArgs /// /// The subscription name or id to bind to attach IAM policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("subscription")] public Input? Subscription { get; set; } diff --git a/sdk/dotnet/PubSub/TopicIAMBinding.cs b/sdk/dotnet/PubSub/TopicIAMBinding.cs index 85c2a60765..3d45020e29 100644 --- a/sdk/dotnet/PubSub/TopicIAMBinding.cs +++ b/sdk/dotnet/PubSub/TopicIAMBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.PubSub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_pubsub\_topic\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.PubSub.TopicIAMPolicy("policy", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_topic\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.PubSub.TopicIAMBinding("binding", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_topic\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.PubSub.TopicIAMMember("member", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,14 +244,8 @@ public partial class TopicIAMBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +257,13 @@ public partial class TopicIAMBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -245,17 +332,9 @@ public sealed class TopicIAMBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -267,6 +346,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -303,17 +392,9 @@ public sealed class TopicIAMBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -325,6 +406,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/PubSub/TopicIAMMember.cs b/sdk/dotnet/PubSub/TopicIAMMember.cs index fdf5f4de8a..cec76b3562 100644 --- a/sdk/dotnet/PubSub/TopicIAMMember.cs +++ b/sdk/dotnet/PubSub/TopicIAMMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.PubSub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_pubsub\_topic\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.PubSub.TopicIAMPolicy("policy", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_topic\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.PubSub.TopicIAMBinding("binding", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_topic\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.PubSub.TopicIAMMember("member", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,14 +244,8 @@ public partial class TopicIAMMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +257,13 @@ public partial class TopicIAMMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -243,14 +330,8 @@ public sealed class TopicIAMMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -262,6 +343,13 @@ public sealed class TopicIAMMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -296,14 +384,8 @@ public sealed class TopicIAMMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -315,6 +397,13 @@ public sealed class TopicIAMMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/PubSub/TopicIAMPolicy.cs b/sdk/dotnet/PubSub/TopicIAMPolicy.cs index 093aaec2c6..6328ebd5cb 100644 --- a/sdk/dotnet/PubSub/TopicIAMPolicy.cs +++ b/sdk/dotnet/PubSub/TopicIAMPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.PubSub /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_pubsub\_topic\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.PubSub.TopicIAMPolicy("policy", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_topic\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.PubSub.TopicIAMBinding("binding", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_topic\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.PubSub.TopicIAMMember("member", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -165,18 +251,6 @@ public partial class TopicIAMPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -243,18 +317,6 @@ public sealed class TopicIAMPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -289,18 +351,6 @@ public sealed class TopicIAMPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/RuntimeConfig/ConfigIamBinding.cs b/sdk/dotnet/RuntimeConfig/ConfigIamBinding.cs index 0a7006924b..8cc8ab6b59 100644 --- a/sdk/dotnet/RuntimeConfig/ConfigIamBinding.cs +++ b/sdk/dotnet/RuntimeConfig/ConfigIamBinding.cs @@ -64,14 +64,8 @@ public partial class ConfigIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -83,6 +77,13 @@ public partial class ConfigIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -151,17 +152,9 @@ public sealed class ConfigIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +166,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -209,17 +212,9 @@ public sealed class ConfigIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -231,6 +226,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/RuntimeConfig/ConfigIamMember.cs b/sdk/dotnet/RuntimeConfig/ConfigIamMember.cs index bee9c38998..36bb328ee6 100644 --- a/sdk/dotnet/RuntimeConfig/ConfigIamMember.cs +++ b/sdk/dotnet/RuntimeConfig/ConfigIamMember.cs @@ -64,14 +64,8 @@ public partial class ConfigIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -83,6 +77,13 @@ public partial class ConfigIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -149,14 +150,8 @@ public sealed class ConfigIamMemberArgs : global::Pulumi.ResourceArgs [Input("config", required: true)] public Input Config { get; set; } = null!; - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +163,13 @@ public sealed class ConfigIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -202,14 +204,8 @@ public sealed class ConfigIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -221,6 +217,13 @@ public sealed class ConfigIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/RuntimeConfig/ConfigIamPolicy.cs b/sdk/dotnet/RuntimeConfig/ConfigIamPolicy.cs index f90df24bc1..dcda7470ff 100644 --- a/sdk/dotnet/RuntimeConfig/ConfigIamPolicy.cs +++ b/sdk/dotnet/RuntimeConfig/ConfigIamPolicy.cs @@ -71,18 +71,6 @@ public partial class ConfigIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -149,18 +137,6 @@ public sealed class ConfigIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -195,18 +171,6 @@ public sealed class ConfigIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/SecretManager/SecretIamBinding.cs b/sdk/dotnet/SecretManager/SecretIamBinding.cs index 34fab94183..46aaccce4e 100644 --- a/sdk/dotnet/SecretManager/SecretIamBinding.cs +++ b/sdk/dotnet/SecretManager/SecretIamBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.SecretManager /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_secret\_manager\_secret\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/secretmanager.secretAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.SecretManager.SecretIamPolicy("policy", new() + /// { + /// Project = secret_basic.Project, + /// SecretId = secret_basic.SecretId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_secret\_manager\_secret\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.SecretManager.SecretIamBinding("binding", new() + /// { + /// Project = secret_basic.Project, + /// SecretId = secret_basic.SecretId, + /// Role = "roles/secretmanager.secretAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_secret\_manager\_secret\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.SecretManager.SecretIamMember("member", new() + /// { + /// Project = secret_basic.Project, + /// SecretId = secret_basic.SecretId, + /// Role = "roles/secretmanager.secretAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,14 +244,8 @@ public partial class SecretIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +257,13 @@ public partial class SecretIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -242,17 +329,9 @@ public sealed class SecretIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -264,6 +343,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -297,17 +386,9 @@ public sealed class SecretIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -319,6 +400,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/SecretManager/SecretIamMember.cs b/sdk/dotnet/SecretManager/SecretIamMember.cs index 20e5f3dca0..8ebec71dfe 100644 --- a/sdk/dotnet/SecretManager/SecretIamMember.cs +++ b/sdk/dotnet/SecretManager/SecretIamMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.SecretManager /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_secret\_manager\_secret\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/secretmanager.secretAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.SecretManager.SecretIamPolicy("policy", new() + /// { + /// Project = secret_basic.Project, + /// SecretId = secret_basic.SecretId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_secret\_manager\_secret\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.SecretManager.SecretIamBinding("binding", new() + /// { + /// Project = secret_basic.Project, + /// SecretId = secret_basic.SecretId, + /// Role = "roles/secretmanager.secretAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_secret\_manager\_secret\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.SecretManager.SecretIamMember("member", new() + /// { + /// Project = secret_basic.Project, + /// SecretId = secret_basic.SecretId, + /// Role = "roles/secretmanager.secretAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,14 +244,8 @@ public partial class SecretIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +257,13 @@ public partial class SecretIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -240,14 +327,8 @@ public sealed class SecretIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -259,6 +340,13 @@ public sealed class SecretIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -290,14 +378,8 @@ public sealed class SecretIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -309,6 +391,13 @@ public sealed class SecretIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/SecretManager/SecretIamPolicy.cs b/sdk/dotnet/SecretManager/SecretIamPolicy.cs index e7c6ecfc41..02e722e344 100644 --- a/sdk/dotnet/SecretManager/SecretIamPolicy.cs +++ b/sdk/dotnet/SecretManager/SecretIamPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.SecretManager /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_secret\_manager\_secret\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/secretmanager.secretAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.SecretManager.SecretIamPolicy("policy", new() + /// { + /// Project = secret_basic.Project, + /// SecretId = secret_basic.SecretId, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_secret\_manager\_secret\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.SecretManager.SecretIamBinding("binding", new() + /// { + /// Project = secret_basic.Project, + /// SecretId = secret_basic.SecretId, + /// Role = "roles/secretmanager.secretAccessor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_secret\_manager\_secret\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.SecretManager.SecretIamMember("member", new() + /// { + /// Project = secret_basic.Project, + /// SecretId = secret_basic.SecretId, + /// Role = "roles/secretmanager.secretAccessor", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -165,18 +251,6 @@ public partial class SecretIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -240,18 +314,6 @@ public sealed class SecretIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -283,18 +345,6 @@ public sealed class SecretIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/ServiceAccount/IAMBinding.cs b/sdk/dotnet/ServiceAccount/IAMBinding.cs index 9ab9cb25db..aa14a6826a 100644 --- a/sdk/dotnet/ServiceAccount/IAMBinding.cs +++ b/sdk/dotnet/ServiceAccount/IAMBinding.cs @@ -206,6 +206,190 @@ namespace Pulumi.Gcp.ServiceAccount /// ``` /// <!--End PulumiCodeChooser --> /// + /// ### Additional Examples + /// + /// ### Service Account IAM Policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iam.serviceAccountUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that only Jane can interact with", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ### Service Account IAM Binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that only Jane can use", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMBinding("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// Role = "roles/iam.serviceAccountUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ### Service Account IAM Binding With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that only Jane can use", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMBinding("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// Role = "roles/iam.serviceAccountUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ### Service Account IAM Member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke(); + /// + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that Jane can use", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMMember("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// Role = "roles/iam.serviceAccountUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// // Allow SA service account use the default GCE account + /// var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember("gce-default-account-iam", new() + /// { + /// ServiceAccountId = @default.Apply(@default => @default.Apply(getDefaultServiceAccountResult => getDefaultServiceAccountResult.Name)), + /// Role = "roles/iam.serviceAccountUser", + /// Member = sa.Email.Apply(email => $"serviceAccount:{email}"), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ### Service Account IAM Member With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that Jane can use", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMMember("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// Role = "roles/iam.serviceAccountUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing with conditions: @@ -236,6 +420,16 @@ public partial class IAMBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -249,15 +443,6 @@ public partial class IAMBinding : global::Pulumi.CustomResource /// /// The fully-qualified name of the service account to apply policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("serviceAccountId")] public Output ServiceAccountId { get; private set; } = null!; @@ -321,6 +506,17 @@ public sealed class IAMBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -337,15 +533,6 @@ public InputList Members /// /// The fully-qualified name of the service account to apply policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("serviceAccountId", required: true)] public Input ServiceAccountId { get; set; } = null!; @@ -373,6 +560,17 @@ public sealed class IAMBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -389,15 +587,6 @@ public InputList Members /// /// The fully-qualified name of the service account to apply policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("serviceAccountId")] public Input? ServiceAccountId { get; set; } diff --git a/sdk/dotnet/ServiceAccount/IAMMember.cs b/sdk/dotnet/ServiceAccount/IAMMember.cs index 4c4a67d05e..a5c3a60627 100644 --- a/sdk/dotnet/ServiceAccount/IAMMember.cs +++ b/sdk/dotnet/ServiceAccount/IAMMember.cs @@ -206,6 +206,190 @@ namespace Pulumi.Gcp.ServiceAccount /// ``` /// <!--End PulumiCodeChooser --> /// + /// ### Additional Examples + /// + /// ### Service Account IAM Policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iam.serviceAccountUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that only Jane can interact with", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ### Service Account IAM Binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that only Jane can use", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMBinding("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// Role = "roles/iam.serviceAccountUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ### Service Account IAM Binding With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that only Jane can use", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMBinding("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// Role = "roles/iam.serviceAccountUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ### Service Account IAM Member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke(); + /// + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that Jane can use", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMMember("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// Role = "roles/iam.serviceAccountUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// // Allow SA service account use the default GCE account + /// var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember("gce-default-account-iam", new() + /// { + /// ServiceAccountId = @default.Apply(@default => @default.Apply(getDefaultServiceAccountResult => getDefaultServiceAccountResult.Name)), + /// Role = "roles/iam.serviceAccountUser", + /// Member = sa.Email.Apply(email => $"serviceAccount:{email}"), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ### Service Account IAM Member With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that Jane can use", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMMember("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// Role = "roles/iam.serviceAccountUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing with conditions: @@ -236,6 +420,16 @@ public partial class IAMMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -249,15 +443,6 @@ public partial class IAMMember : global::Pulumi.CustomResource /// /// The fully-qualified name of the service account to apply policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("serviceAccountId")] public Output ServiceAccountId { get; private set; } = null!; @@ -319,6 +504,16 @@ public sealed class IAMMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -332,15 +527,6 @@ public sealed class IAMMemberArgs : global::Pulumi.ResourceArgs /// /// The fully-qualified name of the service account to apply policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("serviceAccountId", required: true)] public Input ServiceAccountId { get; set; } = null!; @@ -366,6 +552,16 @@ public sealed class IAMMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// [Input("member")] public Input? Member { get; set; } @@ -379,15 +575,6 @@ public sealed class IAMMemberState : global::Pulumi.ResourceArgs /// /// The fully-qualified name of the service account to apply policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("serviceAccountId")] public Input? ServiceAccountId { get; set; } diff --git a/sdk/dotnet/ServiceAccount/IAMPolicy.cs b/sdk/dotnet/ServiceAccount/IAMPolicy.cs index f253ac92b6..ef6344c507 100644 --- a/sdk/dotnet/ServiceAccount/IAMPolicy.cs +++ b/sdk/dotnet/ServiceAccount/IAMPolicy.cs @@ -206,6 +206,190 @@ namespace Pulumi.Gcp.ServiceAccount /// ``` /// <!--End PulumiCodeChooser --> /// + /// ### Additional Examples + /// + /// ### Service Account IAM Policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/iam.serviceAccountUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that only Jane can interact with", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMPolicy("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ### Service Account IAM Binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that only Jane can use", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMBinding("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// Role = "roles/iam.serviceAccountUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ### Service Account IAM Binding With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that only Jane can use", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMBinding("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// Role = "roles/iam.serviceAccountUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.ServiceAccount.Inputs.IAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ### Service Account IAM Member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var @default = Gcp.Compute.GetDefaultServiceAccount.Invoke(); + /// + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that Jane can use", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMMember("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// Role = "roles/iam.serviceAccountUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// // Allow SA service account use the default GCE account + /// var gce_default_account_iam = new Gcp.ServiceAccount.IAMMember("gce-default-account-iam", new() + /// { + /// ServiceAccountId = @default.Apply(@default => @default.Apply(getDefaultServiceAccountResult => getDefaultServiceAccountResult.Name)), + /// Role = "roles/iam.serviceAccountUser", + /// Member = sa.Email.Apply(email => $"serviceAccount:{email}"), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ### Service Account IAM Member With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var sa = new Gcp.ServiceAccount.Account("sa", new() + /// { + /// AccountId = "my-service-account", + /// DisplayName = "A service account that Jane can use", + /// }); + /// + /// var admin_account_iam = new Gcp.ServiceAccount.IAMMember("admin-account-iam", new() + /// { + /// ServiceAccountId = sa.Name, + /// Role = "roles/iam.serviceAccountUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.ServiceAccount.Inputs.IAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing with conditions: @@ -238,15 +422,6 @@ public partial class IAMPolicy : global::Pulumi.CustomResource /// /// The fully-qualified name of the service account to apply policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("serviceAccountId")] public Output ServiceAccountId { get; private set; } = null!; @@ -310,15 +485,6 @@ public sealed class IAMPolicyArgs : global::Pulumi.ResourceArgs /// /// The fully-qualified name of the service account to apply policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("serviceAccountId", required: true)] public Input ServiceAccountId { get; set; } = null!; @@ -346,15 +512,6 @@ public sealed class IAMPolicyState : global::Pulumi.ResourceArgs /// /// The fully-qualified name of the service account to apply policy to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("serviceAccountId")] public Input? ServiceAccountId { get; set; } diff --git a/sdk/dotnet/ServiceDirectory/NamespaceIamBinding.cs b/sdk/dotnet/ServiceDirectory/NamespaceIamBinding.cs index e1e7c7895e..b9568db141 100644 --- a/sdk/dotnet/ServiceDirectory/NamespaceIamBinding.cs +++ b/sdk/dotnet/ServiceDirectory/NamespaceIamBinding.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.ServiceDirectory /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_service\_directory\_namespace\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy("policy", new() + /// { + /// Name = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_service\_directory\_namespace\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ServiceDirectory.NamespaceIamBinding("binding", new() + /// { + /// Name = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_service\_directory\_namespace\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ServiceDirectory.NamespaceIamMember("member", new() + /// { + /// Name = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -155,13 +238,8 @@ public partial class NamespaceIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +251,12 @@ public partial class NamespaceIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Output("name")] public Output Name { get; private set; } = null!; @@ -235,16 +319,9 @@ public sealed class NamespaceIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +333,15 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("name")] public Input? Name { get; set; } @@ -286,16 +372,9 @@ public sealed class NamespaceIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -307,6 +386,15 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("name")] public Input? Name { get; set; } diff --git a/sdk/dotnet/ServiceDirectory/NamespaceIamMember.cs b/sdk/dotnet/ServiceDirectory/NamespaceIamMember.cs index a70a360ae8..6415f114c6 100644 --- a/sdk/dotnet/ServiceDirectory/NamespaceIamMember.cs +++ b/sdk/dotnet/ServiceDirectory/NamespaceIamMember.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.ServiceDirectory /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_service\_directory\_namespace\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy("policy", new() + /// { + /// Name = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_service\_directory\_namespace\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ServiceDirectory.NamespaceIamBinding("binding", new() + /// { + /// Name = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_service\_directory\_namespace\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ServiceDirectory.NamespaceIamMember("member", new() + /// { + /// Name = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -155,13 +238,8 @@ public partial class NamespaceIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +251,12 @@ public partial class NamespaceIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Output("name")] public Output Name { get; private set; } = null!; @@ -233,13 +317,8 @@ public sealed class NamespaceIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -251,6 +330,12 @@ public sealed class NamespaceIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("name")] public Input? Name { get; set; } @@ -279,13 +364,8 @@ public sealed class NamespaceIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -297,6 +377,12 @@ public sealed class NamespaceIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("name")] public Input? Name { get; set; } diff --git a/sdk/dotnet/ServiceDirectory/NamespaceIamPolicy.cs b/sdk/dotnet/ServiceDirectory/NamespaceIamPolicy.cs index cae2760ca2..6205e5480a 100644 --- a/sdk/dotnet/ServiceDirectory/NamespaceIamPolicy.cs +++ b/sdk/dotnet/ServiceDirectory/NamespaceIamPolicy.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.ServiceDirectory /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_service\_directory\_namespace\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ServiceDirectory.NamespaceIamPolicy("policy", new() + /// { + /// Name = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_service\_directory\_namespace\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ServiceDirectory.NamespaceIamBinding("binding", new() + /// { + /// Name = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_service\_directory\_namespace\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ServiceDirectory.NamespaceIamMember("member", new() + /// { + /// Name = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,18 +237,6 @@ public partial class NamespaceIamPolicy : global::Pulumi.CustomResource /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("name")] public Output Name { get; private set; } = null!; @@ -225,18 +296,6 @@ public sealed class NamespaceIamPolicyArgs : global::Pulumi.ResourceArgs { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("name")] public Input? Name { get; set; } @@ -264,18 +323,6 @@ public sealed class NamespaceIamPolicyState : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("name")] public Input? Name { get; set; } diff --git a/sdk/dotnet/ServiceDirectory/ServiceIamBinding.cs b/sdk/dotnet/ServiceDirectory/ServiceIamBinding.cs index 1624a3f3c6..d983a8bcb3 100644 --- a/sdk/dotnet/ServiceDirectory/ServiceIamBinding.cs +++ b/sdk/dotnet/ServiceDirectory/ServiceIamBinding.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.ServiceDirectory /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_service\_directory\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ServiceDirectory.ServiceIamPolicy("policy", new() + /// { + /// Name = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_service\_directory\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ServiceDirectory.ServiceIamBinding("binding", new() + /// { + /// Name = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_service\_directory\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ServiceDirectory.ServiceIamMember("member", new() + /// { + /// Name = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -155,13 +238,8 @@ public partial class ServiceIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +251,12 @@ public partial class ServiceIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Output("name")] public Output Name { get; private set; } = null!; @@ -235,16 +319,9 @@ public sealed class ServiceIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +333,15 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("name")] public Input? Name { get; set; } @@ -286,16 +372,9 @@ public sealed class ServiceIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -307,6 +386,15 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("name")] public Input? Name { get; set; } diff --git a/sdk/dotnet/ServiceDirectory/ServiceIamMember.cs b/sdk/dotnet/ServiceDirectory/ServiceIamMember.cs index 0bc242cd45..986dd8a2fd 100644 --- a/sdk/dotnet/ServiceDirectory/ServiceIamMember.cs +++ b/sdk/dotnet/ServiceDirectory/ServiceIamMember.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.ServiceDirectory /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_service\_directory\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ServiceDirectory.ServiceIamPolicy("policy", new() + /// { + /// Name = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_service\_directory\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ServiceDirectory.ServiceIamBinding("binding", new() + /// { + /// Name = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_service\_directory\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ServiceDirectory.ServiceIamMember("member", new() + /// { + /// Name = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -155,13 +238,8 @@ public partial class ServiceIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +251,12 @@ public partial class ServiceIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Output("name")] public Output Name { get; private set; } = null!; @@ -233,13 +317,8 @@ public sealed class ServiceIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -251,6 +330,12 @@ public sealed class ServiceIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("name")] public Input? Name { get; set; } @@ -279,13 +364,8 @@ public sealed class ServiceIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -297,6 +377,12 @@ public sealed class ServiceIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// Used to find the parent resource to bind the IAM policy to + /// [Input("name")] public Input? Name { get; set; } diff --git a/sdk/dotnet/ServiceDirectory/ServiceIamPolicy.cs b/sdk/dotnet/ServiceDirectory/ServiceIamPolicy.cs index aa597d2b25..9cc55ad004 100644 --- a/sdk/dotnet/ServiceDirectory/ServiceIamPolicy.cs +++ b/sdk/dotnet/ServiceDirectory/ServiceIamPolicy.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.ServiceDirectory /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_service\_directory\_service\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.ServiceDirectory.ServiceIamPolicy("policy", new() + /// { + /// Name = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_service\_directory\_service\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.ServiceDirectory.ServiceIamBinding("binding", new() + /// { + /// Name = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_service\_directory\_service\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.ServiceDirectory.ServiceIamMember("member", new() + /// { + /// Name = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,18 +237,6 @@ public partial class ServiceIamPolicy : global::Pulumi.CustomResource /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("name")] public Output Name { get; private set; } = null!; @@ -225,18 +296,6 @@ public sealed class ServiceIamPolicyArgs : global::Pulumi.ResourceArgs { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("name")] public Input? Name { get; set; } @@ -264,18 +323,6 @@ public sealed class ServiceIamPolicyState : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("name")] public Input? Name { get; set; } diff --git a/sdk/dotnet/SourceRepo/RepositoryIamBinding.cs b/sdk/dotnet/SourceRepo/RepositoryIamBinding.cs index 860ff05f17..3b80decd63 100644 --- a/sdk/dotnet/SourceRepo/RepositoryIamBinding.cs +++ b/sdk/dotnet/SourceRepo/RepositoryIamBinding.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.SourceRepo /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_pubsub\_topic\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.PubSub.TopicIAMPolicy("policy", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_topic\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.PubSub.TopicIAMBinding("binding", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_topic\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.PubSub.TopicIAMMember("member", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,14 +244,8 @@ public partial class RepositoryIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +257,13 @@ public partial class RepositoryIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -242,17 +329,9 @@ public sealed class RepositoryIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -264,6 +343,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -297,17 +386,9 @@ public sealed class RepositoryIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -319,6 +400,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/SourceRepo/RepositoryIamMember.cs b/sdk/dotnet/SourceRepo/RepositoryIamMember.cs index e9ba99cf9a..70a8728297 100644 --- a/sdk/dotnet/SourceRepo/RepositoryIamMember.cs +++ b/sdk/dotnet/SourceRepo/RepositoryIamMember.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.SourceRepo /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_pubsub\_topic\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.PubSub.TopicIAMPolicy("policy", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_topic\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.PubSub.TopicIAMBinding("binding", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_topic\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.PubSub.TopicIAMMember("member", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,14 +244,8 @@ public partial class RepositoryIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +257,13 @@ public partial class RepositoryIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -240,14 +327,8 @@ public sealed class RepositoryIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -259,6 +340,13 @@ public sealed class RepositoryIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -290,14 +378,8 @@ public sealed class RepositoryIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -309,6 +391,13 @@ public sealed class RepositoryIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/SourceRepo/RepositoryIamPolicy.cs b/sdk/dotnet/SourceRepo/RepositoryIamPolicy.cs index 4c291d02ee..52fa20a05b 100644 --- a/sdk/dotnet/SourceRepo/RepositoryIamPolicy.cs +++ b/sdk/dotnet/SourceRepo/RepositoryIamPolicy.cs @@ -110,6 +110,92 @@ namespace Pulumi.Gcp.SourceRepo /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_pubsub\_topic\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.PubSub.TopicIAMPolicy("policy", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_topic\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.PubSub.TopicIAMBinding("binding", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_pubsub\_topic\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.PubSub.TopicIAMMember("member", new() + /// { + /// Project = example.Project, + /// Topic = example.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -165,18 +251,6 @@ public partial class RepositoryIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -240,18 +314,6 @@ public sealed class RepositoryIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -283,18 +345,6 @@ public sealed class RepositoryIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Spanner/DatabaseIAMBinding.cs b/sdk/dotnet/Spanner/DatabaseIAMBinding.cs index 6b2bb14fa8..58e87f32de 100644 --- a/sdk/dotnet/Spanner/DatabaseIAMBinding.cs +++ b/sdk/dotnet/Spanner/DatabaseIAMBinding.cs @@ -213,6 +213,196 @@ namespace Pulumi.Gcp.Spanner /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_spanner\_database\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var database = new Gcp.Spanner.DatabaseIAMPolicy("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "My Role", + /// Description = "Grant permissions on my_role", + /// Expression = "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + /// }, + /// }, + /// }, + /// }); + /// + /// var database = new Gcp.Spanner.DatabaseIAMPolicy("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_spanner\_database\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var database = new Gcp.Spanner.DatabaseIAMBinding("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var database = new Gcp.Spanner.DatabaseIAMBinding("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs + /// { + /// Title = "My Role", + /// Description = "Grant permissions on my_role", + /// Expression = "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_spanner\_database\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var database = new Gcp.Spanner.DatabaseIAMMember("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// Role = "roles/compute.networkUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var database = new Gcp.Spanner.DatabaseIAMMember("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// Role = "roles/compute.networkUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs + /// { + /// Title = "My Role", + /// Description = "Grant permissions on my_role", + /// Expression = "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -263,8 +453,12 @@ public partial class DatabaseIAMBinding : global::Pulumi.CustomResource /// /// The name of the Spanner instance the database belongs to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("instance")] + public Output Instance { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -273,9 +467,6 @@ public partial class DatabaseIAMBinding : global::Pulumi.CustomResource /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Output("instance")] - public Output Instance { get; private set; } = null!; - [Output("members")] public Output> Members { get; private set; } = null!; @@ -355,8 +546,15 @@ public sealed class DatabaseIAMBindingArgs : global::Pulumi.ResourceArgs /// /// The name of the Spanner instance the database belongs to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("instance", required: true)] + public Input Instance { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -365,11 +563,6 @@ public sealed class DatabaseIAMBindingArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("instance", required: true)] - public Input Instance { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -420,8 +613,15 @@ public sealed class DatabaseIAMBindingState : global::Pulumi.ResourceArgs /// /// The name of the Spanner instance the database belongs to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("instance")] + public Input? Instance { get; set; } + + [Input("members")] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -430,11 +630,6 @@ public sealed class DatabaseIAMBindingState : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("instance")] - public Input? Instance { get; set; } - - [Input("members")] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Spanner/DatabaseIAMMember.cs b/sdk/dotnet/Spanner/DatabaseIAMMember.cs index 7ac18b6f3b..6dcfb398be 100644 --- a/sdk/dotnet/Spanner/DatabaseIAMMember.cs +++ b/sdk/dotnet/Spanner/DatabaseIAMMember.cs @@ -213,6 +213,196 @@ namespace Pulumi.Gcp.Spanner /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_spanner\_database\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var database = new Gcp.Spanner.DatabaseIAMPolicy("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "My Role", + /// Description = "Grant permissions on my_role", + /// Expression = "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + /// }, + /// }, + /// }, + /// }); + /// + /// var database = new Gcp.Spanner.DatabaseIAMPolicy("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_spanner\_database\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var database = new Gcp.Spanner.DatabaseIAMBinding("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var database = new Gcp.Spanner.DatabaseIAMBinding("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs + /// { + /// Title = "My Role", + /// Description = "Grant permissions on my_role", + /// Expression = "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_spanner\_database\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var database = new Gcp.Spanner.DatabaseIAMMember("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// Role = "roles/compute.networkUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var database = new Gcp.Spanner.DatabaseIAMMember("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// Role = "roles/compute.networkUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs + /// { + /// Title = "My Role", + /// Description = "Grant permissions on my_role", + /// Expression = "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -263,8 +453,12 @@ public partial class DatabaseIAMMember : global::Pulumi.CustomResource /// /// The name of the Spanner instance the database belongs to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("instance")] + public Output Instance { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -273,9 +467,6 @@ public partial class DatabaseIAMMember : global::Pulumi.CustomResource /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Output("instance")] - public Output Instance { get; private set; } = null!; - [Output("member")] public Output Member { get; private set; } = null!; @@ -355,8 +546,12 @@ public sealed class DatabaseIAMMemberArgs : global::Pulumi.ResourceArgs /// /// The name of the Spanner instance the database belongs to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("instance", required: true)] + public Input Instance { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -365,9 +560,6 @@ public sealed class DatabaseIAMMemberArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("instance", required: true)] - public Input Instance { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -415,8 +607,12 @@ public sealed class DatabaseIAMMemberState : global::Pulumi.ResourceArgs /// /// The name of the Spanner instance the database belongs to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("instance")] + public Input? Instance { get; set; } + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -425,9 +621,6 @@ public sealed class DatabaseIAMMemberState : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("instance")] - public Input? Instance { get; set; } - [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Spanner/DatabaseIAMPolicy.cs b/sdk/dotnet/Spanner/DatabaseIAMPolicy.cs index 1d3c978897..6dfb086a20 100644 --- a/sdk/dotnet/Spanner/DatabaseIAMPolicy.cs +++ b/sdk/dotnet/Spanner/DatabaseIAMPolicy.cs @@ -213,6 +213,196 @@ namespace Pulumi.Gcp.Spanner /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_spanner\_database\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var database = new Gcp.Spanner.DatabaseIAMPolicy("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "My Role", + /// Description = "Grant permissions on my_role", + /// Expression = "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + /// }, + /// }, + /// }, + /// }); + /// + /// var database = new Gcp.Spanner.DatabaseIAMPolicy("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_spanner\_database\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var database = new Gcp.Spanner.DatabaseIAMBinding("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var database = new Gcp.Spanner.DatabaseIAMBinding("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// Role = "roles/compute.networkUser", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Spanner.Inputs.DatabaseIAMBindingConditionArgs + /// { + /// Title = "My Role", + /// Description = "Grant permissions on my_role", + /// Expression = "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_spanner\_database\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var database = new Gcp.Spanner.DatabaseIAMMember("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// Role = "roles/compute.networkUser", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var database = new Gcp.Spanner.DatabaseIAMMember("database", new() + /// { + /// Instance = "your-instance-name", + /// Database = "your-database-name", + /// Role = "roles/compute.networkUser", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Spanner.Inputs.DatabaseIAMMemberConditionArgs + /// { + /// Title = "My Role", + /// Description = "Grant permissions on my_role", + /// Expression = "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -256,15 +446,6 @@ public partial class DatabaseIAMPolicy : global::Pulumi.CustomResource /// /// The name of the Spanner instance the database belongs to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("instance")] public Output Instance { get; private set; } = null!; @@ -337,15 +518,6 @@ public sealed class DatabaseIAMPolicyArgs : global::Pulumi.ResourceArgs /// /// The name of the Spanner instance the database belongs to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("instance", required: true)] public Input Instance { get; set; } = null!; @@ -386,15 +558,6 @@ public sealed class DatabaseIAMPolicyState : global::Pulumi.ResourceArgs /// /// The name of the Spanner instance the database belongs to. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("instance")] public Input? Instance { get; set; } diff --git a/sdk/dotnet/Spanner/InstanceIAMBinding.cs b/sdk/dotnet/Spanner/InstanceIAMBinding.cs index 9340f76007..254a4ad285 100644 --- a/sdk/dotnet/Spanner/InstanceIAMBinding.cs +++ b/sdk/dotnet/Spanner/InstanceIAMBinding.cs @@ -106,6 +106,89 @@ namespace Pulumi.Gcp.Spanner /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_spanner\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var instance = new Gcp.Spanner.InstanceIAMPolicy("instance", new() + /// { + /// Instance = "your-instance-name", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_spanner\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var instance = new Gcp.Spanner.InstanceIAMBinding("instance", new() + /// { + /// Instance = "your-instance-name", + /// Role = "roles/spanner.databaseAdmin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_spanner\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var instance = new Gcp.Spanner.InstanceIAMMember("instance", new() + /// { + /// Instance = "your-instance-name", + /// Role = "roles/spanner.databaseAdmin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -146,8 +229,12 @@ public partial class InstanceIAMBinding : global::Pulumi.CustomResource /// /// The name of the instance. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("instance")] + public Output Instance { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,9 +243,6 @@ public partial class InstanceIAMBinding : global::Pulumi.CustomResource /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Output("instance")] - public Output Instance { get; private set; } = null!; - [Output("members")] public Output> Members { get; private set; } = null!; @@ -228,8 +312,15 @@ public sealed class InstanceIAMBindingArgs : global::Pulumi.ResourceArgs /// /// The name of the instance. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("instance", required: true)] + public Input Instance { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -238,11 +329,6 @@ public sealed class InstanceIAMBindingArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("instance", required: true)] - public Input Instance { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -283,8 +369,15 @@ public sealed class InstanceIAMBindingState : global::Pulumi.ResourceArgs /// /// The name of the instance. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("instance")] + public Input? Instance { get; set; } + + [Input("members")] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -293,11 +386,6 @@ public sealed class InstanceIAMBindingState : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("instance")] - public Input? Instance { get; set; } - - [Input("members")] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Spanner/InstanceIAMMember.cs b/sdk/dotnet/Spanner/InstanceIAMMember.cs index 2a95c192b9..df916f3dfe 100644 --- a/sdk/dotnet/Spanner/InstanceIAMMember.cs +++ b/sdk/dotnet/Spanner/InstanceIAMMember.cs @@ -106,6 +106,89 @@ namespace Pulumi.Gcp.Spanner /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_spanner\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var instance = new Gcp.Spanner.InstanceIAMPolicy("instance", new() + /// { + /// Instance = "your-instance-name", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_spanner\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var instance = new Gcp.Spanner.InstanceIAMBinding("instance", new() + /// { + /// Instance = "your-instance-name", + /// Role = "roles/spanner.databaseAdmin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_spanner\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var instance = new Gcp.Spanner.InstanceIAMMember("instance", new() + /// { + /// Instance = "your-instance-name", + /// Role = "roles/spanner.databaseAdmin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -146,8 +229,12 @@ public partial class InstanceIAMMember : global::Pulumi.CustomResource /// /// The name of the instance. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("instance")] + public Output Instance { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,9 +243,6 @@ public partial class InstanceIAMMember : global::Pulumi.CustomResource /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Output("instance")] - public Output Instance { get; private set; } = null!; - [Output("member")] public Output Member { get; private set; } = null!; @@ -228,8 +312,12 @@ public sealed class InstanceIAMMemberArgs : global::Pulumi.ResourceArgs /// /// The name of the instance. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("instance", required: true)] + public Input Instance { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -238,9 +326,6 @@ public sealed class InstanceIAMMemberArgs : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("instance", required: true)] - public Input Instance { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -278,8 +363,12 @@ public sealed class InstanceIAMMemberState : global::Pulumi.ResourceArgs /// /// The name of the instance. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("instance")] + public Input? Instance { get; set; } + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -288,9 +377,6 @@ public sealed class InstanceIAMMemberState : global::Pulumi.ResourceArgs /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// - [Input("instance")] - public Input? Instance { get; set; } - [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Spanner/InstanceIAMPolicy.cs b/sdk/dotnet/Spanner/InstanceIAMPolicy.cs index 5bb40cca65..1d363bb712 100644 --- a/sdk/dotnet/Spanner/InstanceIAMPolicy.cs +++ b/sdk/dotnet/Spanner/InstanceIAMPolicy.cs @@ -106,6 +106,89 @@ namespace Pulumi.Gcp.Spanner /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_spanner\_instance\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/editor", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var instance = new Gcp.Spanner.InstanceIAMPolicy("instance", new() + /// { + /// Instance = "your-instance-name", + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_spanner\_instance\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var instance = new Gcp.Spanner.InstanceIAMBinding("instance", new() + /// { + /// Instance = "your-instance-name", + /// Role = "roles/spanner.databaseAdmin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_spanner\_instance\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var instance = new Gcp.Spanner.InstanceIAMMember("instance", new() + /// { + /// Instance = "your-instance-name", + /// Role = "roles/spanner.databaseAdmin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// ### Importing IAM policies @@ -143,15 +226,6 @@ public partial class InstanceIAMPolicy : global::Pulumi.CustomResource /// /// The name of the instance. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Output("instance")] public Output Instance { get; private set; } = null!; @@ -218,15 +292,6 @@ public sealed class InstanceIAMPolicyArgs : global::Pulumi.ResourceArgs { /// /// The name of the instance. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("instance", required: true)] public Input Instance { get; set; } = null!; @@ -261,15 +326,6 @@ public sealed class InstanceIAMPolicyState : global::Pulumi.ResourceArgs /// /// The name of the instance. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. /// [Input("instance")] public Input? Instance { get; set; } diff --git a/sdk/dotnet/Storage/BucketIAMBinding.cs b/sdk/dotnet/Storage/BucketIAMBinding.cs index ab3b203c27..a9b4a4181a 100644 --- a/sdk/dotnet/Storage/BucketIAMBinding.cs +++ b/sdk/dotnet/Storage/BucketIAMBinding.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.Storage /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_storage\_bucket\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/storage.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Storage.BucketIAMPolicy("policy", new() + /// { + /// Bucket = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/storage.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Storage.BucketIAMPolicy("policy", new() + /// { + /// Bucket = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_storage\_bucket\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Storage.BucketIAMBinding("binding", new() + /// { + /// Bucket = @default.Name, + /// Role = "roles/storage.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Storage.BucketIAMBinding("binding", new() + /// { + /// Bucket = @default.Name, + /// Role = "roles/storage.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_storage\_bucket\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Storage.BucketIAMMember("member", new() + /// { + /// Bucket = @default.Name, + /// Role = "roles/storage.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Storage.BucketIAMMember("member", new() + /// { + /// Bucket = @default.Name, + /// Role = "roles/storage.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -247,18 +429,6 @@ public partial class BucketIAMBinding : global::Pulumi.CustomResource { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("bucket")] public Output Bucket { get; private set; } = null!; @@ -276,6 +446,19 @@ public partial class BucketIAMBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -335,18 +518,6 @@ public sealed class BucketIAMBindingArgs : global::Pulumi.ResourceArgs { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("bucket", required: true)] public Input Bucket { get; set; } = null!; @@ -360,6 +531,20 @@ public sealed class BucketIAMBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -384,18 +569,6 @@ public sealed class BucketIAMBindingState : global::Pulumi.ResourceArgs { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("bucket")] public Input? Bucket { get; set; } @@ -415,6 +588,20 @@ public sealed class BucketIAMBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Storage/BucketIAMMember.cs b/sdk/dotnet/Storage/BucketIAMMember.cs index febc2a891e..e9457f72bb 100644 --- a/sdk/dotnet/Storage/BucketIAMMember.cs +++ b/sdk/dotnet/Storage/BucketIAMMember.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.Storage /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_storage\_bucket\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/storage.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Storage.BucketIAMPolicy("policy", new() + /// { + /// Bucket = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/storage.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Storage.BucketIAMPolicy("policy", new() + /// { + /// Bucket = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_storage\_bucket\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Storage.BucketIAMBinding("binding", new() + /// { + /// Bucket = @default.Name, + /// Role = "roles/storage.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Storage.BucketIAMBinding("binding", new() + /// { + /// Bucket = @default.Name, + /// Role = "roles/storage.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_storage\_bucket\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Storage.BucketIAMMember("member", new() + /// { + /// Bucket = @default.Name, + /// Role = "roles/storage.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Storage.BucketIAMMember("member", new() + /// { + /// Bucket = @default.Name, + /// Role = "roles/storage.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -247,18 +429,6 @@ public partial class BucketIAMMember : global::Pulumi.CustomResource { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("bucket")] public Output Bucket { get; private set; } = null!; @@ -276,6 +446,19 @@ public partial class BucketIAMMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -335,18 +518,6 @@ public sealed class BucketIAMMemberArgs : global::Pulumi.ResourceArgs { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("bucket", required: true)] public Input Bucket { get; set; } = null!; @@ -358,6 +529,19 @@ public sealed class BucketIAMMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -379,18 +563,6 @@ public sealed class BucketIAMMemberState : global::Pulumi.ResourceArgs { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("bucket")] public Input? Bucket { get; set; } @@ -408,6 +580,19 @@ public sealed class BucketIAMMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Storage/BucketIAMPolicy.cs b/sdk/dotnet/Storage/BucketIAMPolicy.cs index 5130fab305..2115e7e545 100644 --- a/sdk/dotnet/Storage/BucketIAMPolicy.cs +++ b/sdk/dotnet/Storage/BucketIAMPolicy.cs @@ -208,6 +208,188 @@ namespace Pulumi.Gcp.Storage /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_storage\_bucket\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/storage.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Storage.BucketIAMPolicy("policy", new() + /// { + /// Bucket = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/storage.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Organizations.Inputs.GetIAMPolicyBindingConditionInputArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Storage.BucketIAMPolicy("policy", new() + /// { + /// Bucket = @default.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_storage\_bucket\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Storage.BucketIAMBinding("binding", new() + /// { + /// Bucket = @default.Name, + /// Role = "roles/storage.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Storage.BucketIAMBinding("binding", new() + /// { + /// Bucket = @default.Name, + /// Role = "roles/storage.admin", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// Condition = new Gcp.Storage.Inputs.BucketIAMBindingConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// ## google\_storage\_bucket\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Storage.BucketIAMMember("member", new() + /// { + /// Bucket = @default.Name, + /// Role = "roles/storage.admin", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// With IAM Conditions: + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Storage.BucketIAMMember("member", new() + /// { + /// Bucket = @default.Name, + /// Role = "roles/storage.admin", + /// Member = "user:jane@example.com", + /// Condition = new Gcp.Storage.Inputs.BucketIAMMemberConditionArgs + /// { + /// Title = "expires_after_2019_12_31", + /// Description = "Expiring at midnight of 2019-12-31", + /// Expression = "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -247,18 +429,6 @@ public partial class BucketIAMPolicy : global::Pulumi.CustomResource { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("bucket")] public Output Bucket { get; private set; } = null!; @@ -324,18 +494,6 @@ public sealed class BucketIAMPolicyArgs : global::Pulumi.ResourceArgs { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("bucket", required: true)] public Input Bucket { get; set; } = null!; @@ -357,18 +515,6 @@ public sealed class BucketIAMPolicyState : global::Pulumi.ResourceArgs { /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("bucket")] public Input? Bucket { get; set; } diff --git a/sdk/dotnet/Tags/TagKeyIamBinding.cs b/sdk/dotnet/Tags/TagKeyIamBinding.cs index 8ac1566161..2989366e44 100644 --- a/sdk/dotnet/Tags/TagKeyIamBinding.cs +++ b/sdk/dotnet/Tags/TagKeyIamBinding.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.Tags /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_tags\_tag\_key\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Tags.TagKeyIamPolicy("policy", new() + /// { + /// TagKey = key.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_tags\_tag\_key\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Tags.TagKeyIamBinding("binding", new() + /// { + /// TagKey = key.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_tags\_tag\_key\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Tags.TagKeyIamMember("member", new() + /// { + /// TagKey = key.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,6 +236,19 @@ public partial class TagKeyIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -166,18 +262,6 @@ public partial class TagKeyIamBinding : global::Pulumi.CustomResource /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("tagKey")] public Output TagKey { get; private set; } = null!; @@ -233,6 +317,20 @@ public sealed class TagKeyIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -249,18 +347,6 @@ public InputList Members /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("tagKey", required: true)] public Input TagKey { get; set; } = null!; @@ -284,6 +370,20 @@ public sealed class TagKeyIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -300,18 +400,6 @@ public InputList Members /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("tagKey")] public Input? TagKey { get; set; } diff --git a/sdk/dotnet/Tags/TagKeyIamMember.cs b/sdk/dotnet/Tags/TagKeyIamMember.cs index 2c51c8eddd..b74d702f15 100644 --- a/sdk/dotnet/Tags/TagKeyIamMember.cs +++ b/sdk/dotnet/Tags/TagKeyIamMember.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.Tags /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_tags\_tag\_key\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Tags.TagKeyIamPolicy("policy", new() + /// { + /// TagKey = key.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_tags\_tag\_key\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Tags.TagKeyIamBinding("binding", new() + /// { + /// TagKey = key.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_tags\_tag\_key\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Tags.TagKeyIamMember("member", new() + /// { + /// TagKey = key.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,6 +236,19 @@ public partial class TagKeyIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -166,18 +262,6 @@ public partial class TagKeyIamMember : global::Pulumi.CustomResource /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("tagKey")] public Output TagKey { get; private set; } = null!; @@ -231,6 +315,19 @@ public sealed class TagKeyIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -244,18 +341,6 @@ public sealed class TagKeyIamMemberArgs : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("tagKey", required: true)] public Input TagKey { get; set; } = null!; @@ -277,6 +362,19 @@ public sealed class TagKeyIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -290,18 +388,6 @@ public sealed class TagKeyIamMemberState : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("tagKey")] public Input? TagKey { get; set; } diff --git a/sdk/dotnet/Tags/TagKeyIamPolicy.cs b/sdk/dotnet/Tags/TagKeyIamPolicy.cs index 2ea5a25a36..c2dcddaafc 100644 --- a/sdk/dotnet/Tags/TagKeyIamPolicy.cs +++ b/sdk/dotnet/Tags/TagKeyIamPolicy.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.Tags /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_tags\_tag\_key\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Tags.TagKeyIamPolicy("policy", new() + /// { + /// TagKey = key.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_tags\_tag\_key\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Tags.TagKeyIamBinding("binding", new() + /// { + /// TagKey = key.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_tags\_tag\_key\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Tags.TagKeyIamMember("member", new() + /// { + /// TagKey = key.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -159,18 +242,6 @@ public partial class TagKeyIamPolicy : global::Pulumi.CustomResource /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("tagKey")] public Output TagKey { get; private set; } = null!; @@ -230,18 +301,6 @@ public sealed class TagKeyIamPolicyArgs : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("tagKey", required: true)] public Input TagKey { get; set; } = null!; @@ -269,18 +328,6 @@ public sealed class TagKeyIamPolicyState : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("tagKey")] public Input? TagKey { get; set; } diff --git a/sdk/dotnet/Tags/TagValueIamBinding.cs b/sdk/dotnet/Tags/TagValueIamBinding.cs index 33031c9b3b..e3c4ca9683 100644 --- a/sdk/dotnet/Tags/TagValueIamBinding.cs +++ b/sdk/dotnet/Tags/TagValueIamBinding.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.Tags /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_tags\_tag\_value\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Tags.TagValueIamPolicy("policy", new() + /// { + /// TagValue = @value.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_tags\_tag\_value\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Tags.TagValueIamBinding("binding", new() + /// { + /// TagValue = @value.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_tags\_tag\_value\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Tags.TagValueIamMember("member", new() + /// { + /// TagValue = @value.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,6 +236,19 @@ public partial class TagValueIamBinding : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("members")] public Output> Members { get; private set; } = null!; @@ -166,18 +262,6 @@ public partial class TagValueIamBinding : global::Pulumi.CustomResource /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("tagValue")] public Output TagValue { get; private set; } = null!; @@ -233,6 +317,20 @@ public sealed class TagValueIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -249,18 +347,6 @@ public InputList Members /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("tagValue", required: true)] public Input TagValue { get; set; } = null!; @@ -284,6 +370,20 @@ public sealed class TagValueIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// public InputList Members { get => _members ?? (_members = new InputList()); @@ -300,18 +400,6 @@ public InputList Members /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("tagValue")] public Input? TagValue { get; set; } diff --git a/sdk/dotnet/Tags/TagValueIamMember.cs b/sdk/dotnet/Tags/TagValueIamMember.cs index 53dc96e136..ae42b57f5c 100644 --- a/sdk/dotnet/Tags/TagValueIamMember.cs +++ b/sdk/dotnet/Tags/TagValueIamMember.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.Tags /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_tags\_tag\_value\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Tags.TagValueIamPolicy("policy", new() + /// { + /// TagValue = @value.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_tags\_tag\_value\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Tags.TagValueIamBinding("binding", new() + /// { + /// TagValue = @value.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_tags\_tag\_value\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Tags.TagValueIamMember("member", new() + /// { + /// TagValue = @value.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,6 +236,19 @@ public partial class TagValueIamMember : global::Pulumi.CustomResource [Output("etag")] public Output Etag { get; private set; } = null!; + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Output("member")] public Output Member { get; private set; } = null!; @@ -166,18 +262,6 @@ public partial class TagValueIamMember : global::Pulumi.CustomResource /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("tagValue")] public Output TagValue { get; private set; } = null!; @@ -231,6 +315,19 @@ public sealed class TagValueIamMemberArgs : global::Pulumi.ResourceArgs [Input("condition")] public Input? Condition { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -244,18 +341,6 @@ public sealed class TagValueIamMemberArgs : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("tagValue", required: true)] public Input TagValue { get; set; } = null!; @@ -277,6 +362,19 @@ public sealed class TagValueIamMemberState : global::Pulumi.ResourceArgs [Input("etag")] public Input? Etag { get; set; } + /// + /// Identities that will be granted the privilege in `role`. + /// Each entry can have one of the following values: + /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + /// [Input("member")] public Input? Member { get; set; } @@ -290,18 +388,6 @@ public sealed class TagValueIamMemberState : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("tagValue")] public Input? TagValue { get; set; } diff --git a/sdk/dotnet/Tags/TagValueIamPolicy.cs b/sdk/dotnet/Tags/TagValueIamPolicy.cs index 54dcaed2fb..5426d1cb78 100644 --- a/sdk/dotnet/Tags/TagValueIamPolicy.cs +++ b/sdk/dotnet/Tags/TagValueIamPolicy.cs @@ -107,6 +107,89 @@ namespace Pulumi.Gcp.Tags /// ``` /// <!--End PulumiCodeChooser --> /// + /// ## google\_tags\_tag\_value\_iam\_policy + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var admin = Gcp.Organizations.GetIAMPolicy.Invoke(new() + /// { + /// Bindings = new[] + /// { + /// new Gcp.Organizations.Inputs.GetIAMPolicyBindingInputArgs + /// { + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }, + /// }, + /// }); + /// + /// var policy = new Gcp.Tags.TagValueIamPolicy("policy", new() + /// { + /// TagValue = @value.Name, + /// PolicyData = admin.Apply(getIAMPolicyResult => getIAMPolicyResult.PolicyData), + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_tags\_tag\_value\_iam\_binding + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var binding = new Gcp.Tags.TagValueIamBinding("binding", new() + /// { + /// TagValue = @value.Name, + /// Role = "roles/viewer", + /// Members = new[] + /// { + /// "user:jane@example.com", + /// }, + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// + /// ## google\_tags\_tag\_value\_iam\_member + /// + /// <!--Start PulumiCodeChooser --> + /// ```csharp + /// using System.Collections.Generic; + /// using System.Linq; + /// using Pulumi; + /// using Gcp = Pulumi.Gcp; + /// + /// return await Deployment.RunAsync(() => + /// { + /// var member = new Gcp.Tags.TagValueIamMember("member", new() + /// { + /// TagValue = @value.Name, + /// Role = "roles/viewer", + /// Member = "user:jane@example.com", + /// }); + /// + /// }); + /// ``` + /// <!--End PulumiCodeChooser --> + /// /// ## Import /// /// For all import syntaxes, the "resource in question" can take any of the following forms: @@ -159,18 +242,6 @@ public partial class TagValueIamPolicy : global::Pulumi.CustomResource /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("tagValue")] public Output TagValue { get; private set; } = null!; @@ -230,18 +301,6 @@ public sealed class TagValueIamPolicyArgs : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("tagValue", required: true)] public Input TagValue { get; set; } = null!; @@ -269,18 +328,6 @@ public sealed class TagValueIamPolicyState : global::Pulumi.ResourceArgs /// /// Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("tagValue")] public Input? TagValue { get; set; } diff --git a/sdk/dotnet/Vertex/AiFeatureStoreEntityTypeIamBinding.cs b/sdk/dotnet/Vertex/AiFeatureStoreEntityTypeIamBinding.cs index 9ed1bd4ba0..2c6d536300 100644 --- a/sdk/dotnet/Vertex/AiFeatureStoreEntityTypeIamBinding.cs +++ b/sdk/dotnet/Vertex/AiFeatureStoreEntityTypeIamBinding.cs @@ -64,8 +64,12 @@ public partial class AiFeatureStoreEntityTypeIamBinding : global::Pulumi.CustomR /// /// The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("featurestore")] + public Output Featurestore { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -77,9 +81,6 @@ public partial class AiFeatureStoreEntityTypeIamBinding : global::Pulumi.CustomR /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Output("featurestore")] - public Output Featurestore { get; private set; } = null!; - [Output("members")] public Output> Members { get; private set; } = null!; @@ -148,8 +149,15 @@ public sealed class AiFeatureStoreEntityTypeIamBindingArgs : global::Pulumi.Reso /// /// The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("featurestore", required: true)] + public Input Featurestore { get; set; } = null!; + + [Input("members", required: true)] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -161,11 +169,6 @@ public sealed class AiFeatureStoreEntityTypeIamBindingArgs : global::Pulumi.Reso /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Input("featurestore", required: true)] - public Input Featurestore { get; set; } = null!; - - [Input("members", required: true)] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); @@ -205,8 +208,15 @@ public sealed class AiFeatureStoreEntityTypeIamBindingState : global::Pulumi.Res /// /// The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("featurestore")] + public Input? Featurestore { get; set; } + + [Input("members")] + private InputList? _members; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -218,11 +228,6 @@ public sealed class AiFeatureStoreEntityTypeIamBindingState : global::Pulumi.Res /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Input("featurestore")] - public Input? Featurestore { get; set; } - - [Input("members")] - private InputList? _members; public InputList Members { get => _members ?? (_members = new InputList()); diff --git a/sdk/dotnet/Vertex/AiFeatureStoreEntityTypeIamMember.cs b/sdk/dotnet/Vertex/AiFeatureStoreEntityTypeIamMember.cs index 5576c2ac8b..de17c93191 100644 --- a/sdk/dotnet/Vertex/AiFeatureStoreEntityTypeIamMember.cs +++ b/sdk/dotnet/Vertex/AiFeatureStoreEntityTypeIamMember.cs @@ -64,8 +64,12 @@ public partial class AiFeatureStoreEntityTypeIamMember : global::Pulumi.CustomRe /// /// The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Output("featurestore")] + public Output Featurestore { get; private set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -77,9 +81,6 @@ public partial class AiFeatureStoreEntityTypeIamMember : global::Pulumi.CustomRe /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Output("featurestore")] - public Output Featurestore { get; private set; } = null!; - [Output("member")] public Output Member { get; private set; } = null!; @@ -148,8 +149,12 @@ public sealed class AiFeatureStoreEntityTypeIamMemberArgs : global::Pulumi.Resou /// /// The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("featurestore", required: true)] + public Input Featurestore { get; set; } = null!; + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -161,9 +166,6 @@ public sealed class AiFeatureStoreEntityTypeIamMemberArgs : global::Pulumi.Resou /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Input("featurestore", required: true)] - public Input Featurestore { get; set; } = null!; - [Input("member", required: true)] public Input Member { get; set; } = null!; @@ -200,8 +202,12 @@ public sealed class AiFeatureStoreEntityTypeIamMemberState : global::Pulumi.Reso /// /// The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// + [Input("featurestore")] + public Input? Featurestore { get; set; } + + /// + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -213,9 +219,6 @@ public sealed class AiFeatureStoreEntityTypeIamMemberState : global::Pulumi.Reso /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// - [Input("featurestore")] - public Input? Featurestore { get; set; } - [Input("member")] public Input? Member { get; set; } diff --git a/sdk/dotnet/Vertex/AiFeatureStoreEntityTypeIamPolicy.cs b/sdk/dotnet/Vertex/AiFeatureStoreEntityTypeIamPolicy.cs index dc4afd923f..f75f702c20 100644 --- a/sdk/dotnet/Vertex/AiFeatureStoreEntityTypeIamPolicy.cs +++ b/sdk/dotnet/Vertex/AiFeatureStoreEntityTypeIamPolicy.cs @@ -61,18 +61,6 @@ public partial class AiFeatureStoreEntityTypeIamPolicy : global::Pulumi.CustomRe /// /// The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("featurestore")] public Output Featurestore { get; private set; } = null!; @@ -138,18 +126,6 @@ public sealed class AiFeatureStoreEntityTypeIamPolicyArgs : global::Pulumi.Resou /// /// The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("featurestore", required: true)] public Input Featurestore { get; set; } = null!; @@ -183,18 +159,6 @@ public sealed class AiFeatureStoreEntityTypeIamPolicyState : global::Pulumi.Reso /// /// The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("featurestore")] public Input? Featurestore { get; set; } diff --git a/sdk/dotnet/Vertex/AiFeatureStoreIamBinding.cs b/sdk/dotnet/Vertex/AiFeatureStoreIamBinding.cs index 1a9ddbfa4f..dbc2911e43 100644 --- a/sdk/dotnet/Vertex/AiFeatureStoreIamBinding.cs +++ b/sdk/dotnet/Vertex/AiFeatureStoreIamBinding.cs @@ -66,14 +66,8 @@ public partial class AiFeatureStoreIamBinding : global::Pulumi.CustomResource [Output("featurestore")] public Output Featurestore { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -85,6 +79,13 @@ public partial class AiFeatureStoreIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -161,17 +162,9 @@ public sealed class AiFeatureStoreIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -183,6 +176,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -227,17 +230,9 @@ public sealed class AiFeatureStoreIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -249,6 +244,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Vertex/AiFeatureStoreIamMember.cs b/sdk/dotnet/Vertex/AiFeatureStoreIamMember.cs index b5cf6f14ba..a9eacf6ea0 100644 --- a/sdk/dotnet/Vertex/AiFeatureStoreIamMember.cs +++ b/sdk/dotnet/Vertex/AiFeatureStoreIamMember.cs @@ -66,14 +66,8 @@ public partial class AiFeatureStoreIamMember : global::Pulumi.CustomResource [Output("featurestore")] public Output Featurestore { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -85,6 +79,13 @@ public partial class AiFeatureStoreIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -159,14 +160,8 @@ public sealed class AiFeatureStoreIamMemberArgs : global::Pulumi.ResourceArgs [Input("featurestore", required: true)] public Input Featurestore { get; set; } = null!; - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -178,6 +173,13 @@ public sealed class AiFeatureStoreIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -220,14 +222,8 @@ public sealed class AiFeatureStoreIamMemberState : global::Pulumi.ResourceArgs [Input("featurestore")] public Input? Featurestore { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -239,6 +235,13 @@ public sealed class AiFeatureStoreIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Vertex/AiFeatureStoreIamPolicy.cs b/sdk/dotnet/Vertex/AiFeatureStoreIamPolicy.cs index d6d960a275..f2a8ed93cc 100644 --- a/sdk/dotnet/Vertex/AiFeatureStoreIamPolicy.cs +++ b/sdk/dotnet/Vertex/AiFeatureStoreIamPolicy.cs @@ -73,18 +73,6 @@ public partial class AiFeatureStoreIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -159,18 +147,6 @@ public sealed class AiFeatureStoreIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -213,18 +189,6 @@ public sealed class AiFeatureStoreIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Workstations/WorkstationConfigIamBinding.cs b/sdk/dotnet/Workstations/WorkstationConfigIamBinding.cs index 1720ecef09..1fcf5dd4df 100644 --- a/sdk/dotnet/Workstations/WorkstationConfigIamBinding.cs +++ b/sdk/dotnet/Workstations/WorkstationConfigIamBinding.cs @@ -67,14 +67,8 @@ public partial class WorkstationConfigIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -86,6 +80,13 @@ public partial class WorkstationConfigIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -161,17 +162,9 @@ public sealed class WorkstationConfigIamBindingArgs : global::Pulumi.ResourceArg [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -183,6 +176,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -226,17 +229,9 @@ public sealed class WorkstationConfigIamBindingState : global::Pulumi.ResourceAr [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -248,6 +243,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Workstations/WorkstationConfigIamMember.cs b/sdk/dotnet/Workstations/WorkstationConfigIamMember.cs index 5526b3f220..5fe965031f 100644 --- a/sdk/dotnet/Workstations/WorkstationConfigIamMember.cs +++ b/sdk/dotnet/Workstations/WorkstationConfigIamMember.cs @@ -67,14 +67,8 @@ public partial class WorkstationConfigIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -86,6 +80,13 @@ public partial class WorkstationConfigIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -159,14 +160,8 @@ public sealed class WorkstationConfigIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -178,6 +173,13 @@ public sealed class WorkstationConfigIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -219,14 +221,8 @@ public sealed class WorkstationConfigIamMemberState : global::Pulumi.ResourceArg [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -238,6 +234,13 @@ public sealed class WorkstationConfigIamMemberState : global::Pulumi.ResourceArg /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Workstations/WorkstationConfigIamPolicy.cs b/sdk/dotnet/Workstations/WorkstationConfigIamPolicy.cs index 756bcf04a2..c5f49e2680 100644 --- a/sdk/dotnet/Workstations/WorkstationConfigIamPolicy.cs +++ b/sdk/dotnet/Workstations/WorkstationConfigIamPolicy.cs @@ -74,18 +74,6 @@ public partial class WorkstationConfigIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -159,18 +147,6 @@ public sealed class WorkstationConfigIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -212,18 +188,6 @@ public sealed class WorkstationConfigIamPolicyState : global::Pulumi.ResourceArg /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Workstations/WorkstationIamBinding.cs b/sdk/dotnet/Workstations/WorkstationIamBinding.cs index 2f895e2d88..e6fc6859ef 100644 --- a/sdk/dotnet/Workstations/WorkstationIamBinding.cs +++ b/sdk/dotnet/Workstations/WorkstationIamBinding.cs @@ -67,14 +67,8 @@ public partial class WorkstationIamBinding : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("members")] - public Output> Members { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -86,6 +80,13 @@ public partial class WorkstationIamBinding : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("members")] + public Output> Members { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -164,17 +165,9 @@ public sealed class WorkstationIamBindingArgs : global::Pulumi.ResourceArgs [Input("members", required: true)] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -186,6 +179,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -232,17 +235,9 @@ public sealed class WorkstationIamBindingState : global::Pulumi.ResourceArgs [Input("members")] private InputList? _members; - public InputList Members - { - get => _members ?? (_members = new InputList()); - set => _members = value; - } /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -254,6 +249,16 @@ public InputList Members /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + public InputList Members + { + get => _members ?? (_members = new InputList()); + set => _members = value; + } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Workstations/WorkstationIamMember.cs b/sdk/dotnet/Workstations/WorkstationIamMember.cs index f5e11f86c8..390ffaaffb 100644 --- a/sdk/dotnet/Workstations/WorkstationIamMember.cs +++ b/sdk/dotnet/Workstations/WorkstationIamMember.cs @@ -67,14 +67,8 @@ public partial class WorkstationIamMember : global::Pulumi.CustomResource [Output("location")] public Output Location { get; private set; } = null!; - [Output("member")] - public Output Member { get; private set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -86,6 +80,13 @@ public partial class WorkstationIamMember : global::Pulumi.CustomResource /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Output("member")] + public Output Member { get; private set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Output("project")] public Output Project { get; private set; } = null!; @@ -162,14 +163,8 @@ public sealed class WorkstationIamMemberArgs : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member", required: true)] - public Input Member { get; set; } = null!; - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -181,6 +176,13 @@ public sealed class WorkstationIamMemberArgs : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member", required: true)] + public Input Member { get; set; } = null!; + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } @@ -225,14 +227,8 @@ public sealed class WorkstationIamMemberState : global::Pulumi.ResourceArgs [Input("location")] public Input? Location { get; set; } - [Input("member")] - public Input? Member { get; set; } - /// - /// The ID of the project in which the resource belongs. - /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. + /// Identities that will be granted the privilege in `role`. /// Each entry can have one of the following values: /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,6 +240,13 @@ public sealed class WorkstationIamMemberState : global::Pulumi.ResourceArgs /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// + [Input("member")] + public Input? Member { get; set; } + + /// + /// The ID of the project in which the resource belongs. + /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/dotnet/Workstations/WorkstationIamPolicy.cs b/sdk/dotnet/Workstations/WorkstationIamPolicy.cs index fb533e24c3..e9bb7d8ecc 100644 --- a/sdk/dotnet/Workstations/WorkstationIamPolicy.cs +++ b/sdk/dotnet/Workstations/WorkstationIamPolicy.cs @@ -74,18 +74,6 @@ public partial class WorkstationIamPolicy : global::Pulumi.CustomResource /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Output("project")] public Output Project { get; private set; } = null!; @@ -162,18 +150,6 @@ public sealed class WorkstationIamPolicyArgs : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } @@ -218,18 +194,6 @@ public sealed class WorkstationIamPolicyState : global::Pulumi.ResourceArgs /// /// The ID of the project in which the resource belongs. /// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - /// - /// * `member/members` - (Required) Identities that will be granted the privilege in `role`. - /// Each entry can have one of the following values: - /// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - /// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - /// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - /// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - /// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - /// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - /// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - /// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - /// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" /// [Input("project")] public Input? Project { get; set; } diff --git a/sdk/go/gcp/accesscontextmanager/accessPolicyIamBinding.go b/sdk/go/gcp/accesscontextmanager/accessPolicyIamBinding.go index 6fcdd480ba..886f155bc6 100644 --- a/sdk/go/gcp/accesscontextmanager/accessPolicyIamBinding.go +++ b/sdk/go/gcp/accesscontextmanager/accessPolicyIamBinding.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_access\_context\_manager\_access\_policy\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/accesscontextmanager.policyAdmin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, "policy", &accesscontextmanager.AccessPolicyIamPolicyArgs{ +// Name: pulumi.Any(access_policy.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_access\_context\_manager\_access\_policy\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, "binding", &accesscontextmanager.AccessPolicyIamBindingArgs{ +// Name: pulumi.Any(access_policy.Name), +// Role: pulumi.String("roles/accesscontextmanager.policyAdmin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_access\_context\_manager\_access\_policy\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, "member", &accesscontextmanager.AccessPolicyIamMemberArgs{ +// Name: pulumi.Any(access_policy.Name), +// Role: pulumi.String("roles/accesscontextmanager.policyAdmin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,12 +274,9 @@ type AccessPolicyIamBinding struct { Condition AccessPolicyIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -184,6 +286,8 @@ type AccessPolicyIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringOutput `pulumi:"name"` // The role that should be applied. Only one // `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -229,12 +333,9 @@ func GetAccessPolicyIamBinding(ctx *pulumi.Context, type accessPolicyIamBindingState struct { Condition *AccessPolicyIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,6 +345,8 @@ type accessPolicyIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to Name *string `pulumi:"name"` // The role that should be applied. Only one // `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -254,12 +357,9 @@ type accessPolicyIamBindingState struct { type AccessPolicyIamBindingState struct { Condition AccessPolicyIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,6 +369,8 @@ type AccessPolicyIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The role that should be applied. Only one // `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -282,11 +384,8 @@ func (AccessPolicyIamBindingState) ElementType() reflect.Type { type accessPolicyIamBindingArgs struct { Condition *AccessPolicyIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -296,6 +395,8 @@ type accessPolicyIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to Name *string `pulumi:"name"` // The role that should be applied. Only one // `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -306,11 +407,8 @@ type accessPolicyIamBindingArgs struct { // The set of arguments for constructing a AccessPolicyIamBinding resource. type AccessPolicyIamBindingArgs struct { Condition AccessPolicyIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -320,6 +418,8 @@ type AccessPolicyIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The role that should be applied. Only one // `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -423,23 +523,22 @@ func (o AccessPolicyIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *AccessPolicyIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AccessPolicyIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *AccessPolicyIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AccessPolicyIamBindingOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *AccessPolicyIamBinding) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/accesscontextmanager/accessPolicyIamMember.go b/sdk/go/gcp/accesscontextmanager/accessPolicyIamMember.go index f31b5e811b..78c5a8574c 100644 --- a/sdk/go/gcp/accesscontextmanager/accessPolicyIamMember.go +++ b/sdk/go/gcp/accesscontextmanager/accessPolicyIamMember.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_access\_context\_manager\_access\_policy\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/accesscontextmanager.policyAdmin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, "policy", &accesscontextmanager.AccessPolicyIamPolicyArgs{ +// Name: pulumi.Any(access_policy.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_access\_context\_manager\_access\_policy\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, "binding", &accesscontextmanager.AccessPolicyIamBindingArgs{ +// Name: pulumi.Any(access_policy.Name), +// Role: pulumi.String("roles/accesscontextmanager.policyAdmin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_access\_context\_manager\_access\_policy\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, "member", &accesscontextmanager.AccessPolicyIamMemberArgs{ +// Name: pulumi.Any(access_policy.Name), +// Role: pulumi.String("roles/accesscontextmanager.policyAdmin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,12 +274,9 @@ type AccessPolicyIamMember struct { Condition AccessPolicyIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -184,6 +286,8 @@ type AccessPolicyIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringOutput `pulumi:"name"` // The role that should be applied. Only one // `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -229,12 +333,9 @@ func GetAccessPolicyIamMember(ctx *pulumi.Context, type accessPolicyIamMemberState struct { Condition *AccessPolicyIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,6 +345,8 @@ type accessPolicyIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to Name *string `pulumi:"name"` // The role that should be applied. Only one // `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -254,12 +357,9 @@ type accessPolicyIamMemberState struct { type AccessPolicyIamMemberState struct { Condition AccessPolicyIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,6 +369,8 @@ type AccessPolicyIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The role that should be applied. Only one // `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -282,11 +384,8 @@ func (AccessPolicyIamMemberState) ElementType() reflect.Type { type accessPolicyIamMemberArgs struct { Condition *AccessPolicyIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -296,6 +395,8 @@ type accessPolicyIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to Name *string `pulumi:"name"` // The role that should be applied. Only one // `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -306,11 +407,8 @@ type accessPolicyIamMemberArgs struct { // The set of arguments for constructing a AccessPolicyIamMember resource. type AccessPolicyIamMemberArgs struct { Condition AccessPolicyIamMemberConditionPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -320,6 +418,8 @@ type AccessPolicyIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The role that should be applied. Only one // `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -423,23 +523,22 @@ func (o AccessPolicyIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *AccessPolicyIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AccessPolicyIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *AccessPolicyIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AccessPolicyIamMemberOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *AccessPolicyIamMember) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/accesscontextmanager/accessPolicyIamPolicy.go b/sdk/go/gcp/accesscontextmanager/accessPolicyIamPolicy.go index 3cf2f869c3..b45553593e 100644 --- a/sdk/go/gcp/accesscontextmanager/accessPolicyIamPolicy.go +++ b/sdk/go/gcp/accesscontextmanager/accessPolicyIamPolicy.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_access\_context\_manager\_access\_policy\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/accesscontextmanager.policyAdmin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = accesscontextmanager.NewAccessPolicyIamPolicy(ctx, "policy", &accesscontextmanager.AccessPolicyIamPolicyArgs{ +// Name: pulumi.Any(access_policy.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_access\_context\_manager\_access\_policy\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := accesscontextmanager.NewAccessPolicyIamBinding(ctx, "binding", &accesscontextmanager.AccessPolicyIamBindingArgs{ +// Name: pulumi.Any(access_policy.Name), +// Role: pulumi.String("roles/accesscontextmanager.policyAdmin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_access\_context\_manager\_access\_policy\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/accesscontextmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := accesscontextmanager.NewAccessPolicyIamMember(ctx, "member", &accesscontextmanager.AccessPolicyIamMemberArgs{ +// Name: pulumi.Any(access_policy.Name), +// Role: pulumi.String("roles/accesscontextmanager.policyAdmin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -170,18 +275,6 @@ type AccessPolicyIamPolicy struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name pulumi.StringOutput `pulumi:"name"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -224,18 +317,6 @@ type accessPolicyIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name *string `pulumi:"name"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -246,18 +327,6 @@ type AccessPolicyIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -270,18 +339,6 @@ func (AccessPolicyIamPolicyState) ElementType() reflect.Type { type accessPolicyIamPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name *string `pulumi:"name"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -291,18 +348,6 @@ type accessPolicyIamPolicyArgs struct { // The set of arguments for constructing a AccessPolicyIamPolicy resource. type AccessPolicyIamPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -402,18 +447,6 @@ func (o AccessPolicyIamPolicyOutput) Etag() pulumi.StringOutput { } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AccessPolicyIamPolicyOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *AccessPolicyIamPolicy) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/apigateway/apiConfigIamBinding.go b/sdk/go/gcp/apigateway/apiConfigIamBinding.go index ff95726c75..b10887c841 100644 --- a/sdk/go/gcp/apigateway/apiConfigIamBinding.go +++ b/sdk/go/gcp/apigateway/apiConfigIamBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_api\_gateway\_api\_config\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/apigateway.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = apigateway.NewApiConfigIamPolicy(ctx, "policy", &apigateway.ApiConfigIamPolicyArgs{ +// Api: pulumi.Any(apiCfg.Api), +// ApiConfig: pulumi.Any(apiCfg.ApiConfigId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_api\_config\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewApiConfigIamBinding(ctx, "binding", &apigateway.ApiConfigIamBindingArgs{ +// Api: pulumi.Any(apiCfg.Api), +// ApiConfig: pulumi.Any(apiCfg.ApiConfigId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_api\_config\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewApiConfigIamMember(ctx, "member", &apigateway.ApiConfigIamMemberArgs{ +// Api: pulumi.Any(apiCfg.Api), +// ApiConfig: pulumi.Any(apiCfg.ApiConfigId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -180,13 +288,9 @@ type ApiConfigIamBinding struct { ApiConfig pulumi.StringOutput `pulumi:"apiConfig"` Condition ApiConfigIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -196,6 +300,9 @@ type ApiConfigIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -251,13 +358,9 @@ type apiConfigIamBindingState struct { ApiConfig *string `pulumi:"apiConfig"` Condition *ApiConfigIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +370,9 @@ type apiConfigIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -281,13 +387,9 @@ type ApiConfigIamBindingState struct { ApiConfig pulumi.StringPtrInput Condition ApiConfigIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +399,9 @@ type ApiConfigIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -314,12 +419,8 @@ type apiConfigIamBindingArgs struct { Api string `pulumi:"api"` ApiConfig string `pulumi:"apiConfig"` Condition *ApiConfigIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -329,6 +430,9 @@ type apiConfigIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -343,12 +447,8 @@ type ApiConfigIamBindingArgs struct { Api pulumi.StringInput ApiConfig pulumi.StringInput Condition ApiConfigIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -358,6 +458,9 @@ type ApiConfigIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -471,24 +574,23 @@ func (o ApiConfigIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ApiConfigIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ApiConfigIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ApiConfigIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ApiConfigIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ApiConfigIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/apigateway/apiConfigIamMember.go b/sdk/go/gcp/apigateway/apiConfigIamMember.go index 8f2b990cbd..879b01e538 100644 --- a/sdk/go/gcp/apigateway/apiConfigIamMember.go +++ b/sdk/go/gcp/apigateway/apiConfigIamMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_api\_gateway\_api\_config\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/apigateway.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = apigateway.NewApiConfigIamPolicy(ctx, "policy", &apigateway.ApiConfigIamPolicyArgs{ +// Api: pulumi.Any(apiCfg.Api), +// ApiConfig: pulumi.Any(apiCfg.ApiConfigId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_api\_config\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewApiConfigIamBinding(ctx, "binding", &apigateway.ApiConfigIamBindingArgs{ +// Api: pulumi.Any(apiCfg.Api), +// ApiConfig: pulumi.Any(apiCfg.ApiConfigId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_api\_config\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewApiConfigIamMember(ctx, "member", &apigateway.ApiConfigIamMemberArgs{ +// Api: pulumi.Any(apiCfg.Api), +// ApiConfig: pulumi.Any(apiCfg.ApiConfigId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -180,13 +288,9 @@ type ApiConfigIamMember struct { ApiConfig pulumi.StringOutput `pulumi:"apiConfig"` Condition ApiConfigIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -196,6 +300,9 @@ type ApiConfigIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -251,13 +358,9 @@ type apiConfigIamMemberState struct { ApiConfig *string `pulumi:"apiConfig"` Condition *ApiConfigIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +370,9 @@ type apiConfigIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -281,13 +387,9 @@ type ApiConfigIamMemberState struct { ApiConfig pulumi.StringPtrInput Condition ApiConfigIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +399,9 @@ type ApiConfigIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -314,12 +419,8 @@ type apiConfigIamMemberArgs struct { Api string `pulumi:"api"` ApiConfig string `pulumi:"apiConfig"` Condition *ApiConfigIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -329,6 +430,9 @@ type apiConfigIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -343,12 +447,8 @@ type ApiConfigIamMemberArgs struct { Api pulumi.StringInput ApiConfig pulumi.StringInput Condition ApiConfigIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -358,6 +458,9 @@ type ApiConfigIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -471,24 +574,23 @@ func (o ApiConfigIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ApiConfigIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ApiConfigIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ApiConfigIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ApiConfigIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ApiConfigIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/apigateway/apiConfigIamPolicy.go b/sdk/go/gcp/apigateway/apiConfigIamPolicy.go index 842f5ae66e..0033a26697 100644 --- a/sdk/go/gcp/apigateway/apiConfigIamPolicy.go +++ b/sdk/go/gcp/apigateway/apiConfigIamPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_api\_gateway\_api\_config\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/apigateway.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = apigateway.NewApiConfigIamPolicy(ctx, "policy", &apigateway.ApiConfigIamPolicyArgs{ +// Api: pulumi.Any(apiCfg.Api), +// ApiConfig: pulumi.Any(apiCfg.ApiConfigId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_api\_config\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewApiConfigIamBinding(ctx, "binding", &apigateway.ApiConfigIamBindingArgs{ +// Api: pulumi.Any(apiCfg.Api), +// ApiConfig: pulumi.Any(apiCfg.ApiConfigId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_api\_config\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewApiConfigIamMember(ctx, "member", &apigateway.ApiConfigIamMemberArgs{ +// Api: pulumi.Any(apiCfg.Api), +// ApiConfig: pulumi.Any(apiCfg.ApiConfigId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -185,18 +293,6 @@ type ApiConfigIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -250,18 +346,6 @@ type apiConfigIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -277,18 +361,6 @@ type ApiConfigIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -306,18 +378,6 @@ type apiConfigIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -332,18 +392,6 @@ type ApiConfigIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -457,18 +505,6 @@ func (o ApiConfigIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ApiConfigIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ApiConfigIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/apigateway/apiIamBinding.go b/sdk/go/gcp/apigateway/apiIamBinding.go index 36351d6d5f..2ff2aa64f2 100644 --- a/sdk/go/gcp/apigateway/apiIamBinding.go +++ b/sdk/go/gcp/apigateway/apiIamBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_api\_gateway\_api\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/apigateway.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = apigateway.NewApiIamPolicy(ctx, "policy", &apigateway.ApiIamPolicyArgs{ +// Project: pulumi.Any(api.Project), +// Api: pulumi.Any(api.ApiId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_api\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewApiIamBinding(ctx, "binding", &apigateway.ApiIamBindingArgs{ +// Project: pulumi.Any(api.Project), +// Api: pulumi.Any(api.ApiId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_api\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewApiIamMember(ctx, "member", &apigateway.ApiIamMemberArgs{ +// Project: pulumi.Any(api.Project), +// Api: pulumi.Any(api.ApiId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -175,13 +283,9 @@ type ApiIamBinding struct { Api pulumi.StringOutput `pulumi:"api"` Condition ApiIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -191,6 +295,9 @@ type ApiIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format @@ -240,13 +347,9 @@ type apiIamBindingState struct { Api *string `pulumi:"api"` Condition *ApiIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,6 +359,9 @@ type apiIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format @@ -267,13 +373,9 @@ type ApiIamBindingState struct { Api pulumi.StringPtrInput Condition ApiIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -283,6 +385,9 @@ type ApiIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format @@ -297,12 +402,8 @@ func (ApiIamBindingState) ElementType() reflect.Type { type apiIamBindingArgs struct { Api string `pulumi:"api"` Condition *ApiIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -312,6 +413,9 @@ type apiIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format @@ -323,12 +427,8 @@ type apiIamBindingArgs struct { type ApiIamBindingArgs struct { Api pulumi.StringInput Condition ApiIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -338,6 +438,9 @@ type ApiIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format @@ -445,24 +548,23 @@ func (o ApiIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ApiIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ApiIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ApiIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ApiIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ApiIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/apigateway/apiIamMember.go b/sdk/go/gcp/apigateway/apiIamMember.go index dffea56398..76a2f029f4 100644 --- a/sdk/go/gcp/apigateway/apiIamMember.go +++ b/sdk/go/gcp/apigateway/apiIamMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_api\_gateway\_api\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/apigateway.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = apigateway.NewApiIamPolicy(ctx, "policy", &apigateway.ApiIamPolicyArgs{ +// Project: pulumi.Any(api.Project), +// Api: pulumi.Any(api.ApiId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_api\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewApiIamBinding(ctx, "binding", &apigateway.ApiIamBindingArgs{ +// Project: pulumi.Any(api.Project), +// Api: pulumi.Any(api.ApiId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_api\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewApiIamMember(ctx, "member", &apigateway.ApiIamMemberArgs{ +// Project: pulumi.Any(api.Project), +// Api: pulumi.Any(api.ApiId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -175,13 +283,9 @@ type ApiIamMember struct { Api pulumi.StringOutput `pulumi:"api"` Condition ApiIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -191,6 +295,9 @@ type ApiIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format @@ -240,13 +347,9 @@ type apiIamMemberState struct { Api *string `pulumi:"api"` Condition *ApiIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,6 +359,9 @@ type apiIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format @@ -267,13 +373,9 @@ type ApiIamMemberState struct { Api pulumi.StringPtrInput Condition ApiIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -283,6 +385,9 @@ type ApiIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format @@ -297,12 +402,8 @@ func (ApiIamMemberState) ElementType() reflect.Type { type apiIamMemberArgs struct { Api string `pulumi:"api"` Condition *ApiIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -312,6 +413,9 @@ type apiIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format @@ -323,12 +427,8 @@ type apiIamMemberArgs struct { type ApiIamMemberArgs struct { Api pulumi.StringInput Condition ApiIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -338,6 +438,9 @@ type ApiIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format @@ -445,24 +548,23 @@ func (o ApiIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ApiIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ApiIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ApiIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ApiIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ApiIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/apigateway/apiIamPolicy.go b/sdk/go/gcp/apigateway/apiIamPolicy.go index f4622effe0..d62aa3be17 100644 --- a/sdk/go/gcp/apigateway/apiIamPolicy.go +++ b/sdk/go/gcp/apigateway/apiIamPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_api\_gateway\_api\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/apigateway.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = apigateway.NewApiIamPolicy(ctx, "policy", &apigateway.ApiIamPolicyArgs{ +// Project: pulumi.Any(api.Project), +// Api: pulumi.Any(api.ApiId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_api\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewApiIamBinding(ctx, "binding", &apigateway.ApiIamBindingArgs{ +// Project: pulumi.Any(api.Project), +// Api: pulumi.Any(api.ApiId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_api\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewApiIamMember(ctx, "member", &apigateway.ApiIamMemberArgs{ +// Project: pulumi.Any(api.Project), +// Api: pulumi.Any(api.ApiId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -180,18 +288,6 @@ type ApiIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -239,18 +335,6 @@ type apiIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -263,18 +347,6 @@ type ApiIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -289,18 +361,6 @@ type apiIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -312,18 +372,6 @@ type ApiIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -431,18 +479,6 @@ func (o ApiIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ApiIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ApiIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/apigateway/gatewayIamBinding.go b/sdk/go/gcp/apigateway/gatewayIamBinding.go index 5b7d5fab8b..ea88089f13 100644 --- a/sdk/go/gcp/apigateway/gatewayIamBinding.go +++ b/sdk/go/gcp/apigateway/gatewayIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_api\_gateway\_gateway\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/apigateway.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = apigateway.NewGatewayIamPolicy(ctx, "policy", &apigateway.GatewayIamPolicyArgs{ +// Project: pulumi.Any(apiGw.Project), +// Region: pulumi.Any(apiGw.Region), +// Gateway: pulumi.Any(apiGw.GatewayId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_gateway\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewGatewayIamBinding(ctx, "binding", &apigateway.GatewayIamBindingArgs{ +// Project: pulumi.Any(apiGw.Project), +// Region: pulumi.Any(apiGw.Region), +// Gateway: pulumi.Any(apiGw.GatewayId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_gateway\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewGatewayIamMember(ctx, "member", &apigateway.GatewayIamMemberArgs{ +// Project: pulumi.Any(apiGw.Project), +// Region: pulumi.Any(apiGw.Region), +// Gateway: pulumi.Any(apiGw.GatewayId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -179,14 +290,10 @@ type GatewayIamBinding struct { Condition GatewayIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Gateway pulumi.StringOutput `pulumi:"gateway"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + Gateway pulumi.StringOutput `pulumi:"gateway"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -196,6 +303,9 @@ type GatewayIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -249,14 +359,10 @@ func GetGatewayIamBinding(ctx *pulumi.Context, type gatewayIamBindingState struct { Condition *GatewayIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Gateway *string `pulumi:"gateway"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + Gateway *string `pulumi:"gateway"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -266,6 +372,9 @@ type gatewayIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -283,12 +392,8 @@ type GatewayIamBindingState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Gateway pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -298,6 +403,9 @@ type GatewayIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -317,12 +425,8 @@ func (GatewayIamBindingState) ElementType() reflect.Type { type gatewayIamBindingArgs struct { Condition *GatewayIamBindingCondition `pulumi:"condition"` Gateway string `pulumi:"gateway"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -332,6 +436,9 @@ type gatewayIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -348,12 +455,8 @@ type gatewayIamBindingArgs struct { type GatewayIamBindingArgs struct { Condition GatewayIamBindingConditionPtrInput Gateway pulumi.StringInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -363,6 +466,9 @@ type GatewayIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -475,24 +581,23 @@ func (o GatewayIamBindingOutput) Gateway() pulumi.StringOutput { return o.ApplyT(func(v *GatewayIamBinding) pulumi.StringOutput { return v.Gateway }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o GatewayIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *GatewayIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o GatewayIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *GatewayIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/apigateway/gatewayIamMember.go b/sdk/go/gcp/apigateway/gatewayIamMember.go index aaef125f97..22def11ec6 100644 --- a/sdk/go/gcp/apigateway/gatewayIamMember.go +++ b/sdk/go/gcp/apigateway/gatewayIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_api\_gateway\_gateway\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/apigateway.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = apigateway.NewGatewayIamPolicy(ctx, "policy", &apigateway.GatewayIamPolicyArgs{ +// Project: pulumi.Any(apiGw.Project), +// Region: pulumi.Any(apiGw.Region), +// Gateway: pulumi.Any(apiGw.GatewayId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_gateway\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewGatewayIamBinding(ctx, "binding", &apigateway.GatewayIamBindingArgs{ +// Project: pulumi.Any(apiGw.Project), +// Region: pulumi.Any(apiGw.Region), +// Gateway: pulumi.Any(apiGw.GatewayId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_gateway\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewGatewayIamMember(ctx, "member", &apigateway.GatewayIamMemberArgs{ +// Project: pulumi.Any(apiGw.Project), +// Region: pulumi.Any(apiGw.Region), +// Gateway: pulumi.Any(apiGw.GatewayId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,12 +292,8 @@ type GatewayIamMember struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Gateway pulumi.StringOutput `pulumi:"gateway"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -196,6 +303,9 @@ type GatewayIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -251,12 +361,8 @@ type gatewayIamMemberState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` Gateway *string `pulumi:"gateway"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -266,6 +372,9 @@ type gatewayIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -283,12 +392,8 @@ type GatewayIamMemberState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Gateway pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -298,6 +403,9 @@ type GatewayIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -317,12 +425,8 @@ func (GatewayIamMemberState) ElementType() reflect.Type { type gatewayIamMemberArgs struct { Condition *GatewayIamMemberCondition `pulumi:"condition"` Gateway string `pulumi:"gateway"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -332,6 +436,9 @@ type gatewayIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -348,12 +455,8 @@ type gatewayIamMemberArgs struct { type GatewayIamMemberArgs struct { Condition GatewayIamMemberConditionPtrInput Gateway pulumi.StringInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -363,6 +466,9 @@ type GatewayIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -475,24 +581,23 @@ func (o GatewayIamMemberOutput) Gateway() pulumi.StringOutput { return o.ApplyT(func(v *GatewayIamMember) pulumi.StringOutput { return v.Gateway }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o GatewayIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *GatewayIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o GatewayIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *GatewayIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/apigateway/gatewayIamPolicy.go b/sdk/go/gcp/apigateway/gatewayIamPolicy.go index e4c5b29ed9..566ae4b406 100644 --- a/sdk/go/gcp/apigateway/gatewayIamPolicy.go +++ b/sdk/go/gcp/apigateway/gatewayIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_api\_gateway\_gateway\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/apigateway.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = apigateway.NewGatewayIamPolicy(ctx, "policy", &apigateway.GatewayIamPolicyArgs{ +// Project: pulumi.Any(apiGw.Project), +// Region: pulumi.Any(apiGw.Region), +// Gateway: pulumi.Any(apiGw.GatewayId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_gateway\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewGatewayIamBinding(ctx, "binding", &apigateway.GatewayIamBindingArgs{ +// Project: pulumi.Any(apiGw.Project), +// Region: pulumi.Any(apiGw.Region), +// Gateway: pulumi.Any(apiGw.GatewayId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_api\_gateway\_gateway\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigateway" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigateway.NewGatewayIamMember(ctx, "member", &apigateway.GatewayIamMemberArgs{ +// Project: pulumi.Any(apiGw.Project), +// Region: pulumi.Any(apiGw.Region), +// Gateway: pulumi.Any(apiGw.GatewayId), +// Role: pulumi.String("roles/apigateway.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -185,18 +296,6 @@ type GatewayIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -249,18 +348,6 @@ type gatewayIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -278,18 +365,6 @@ type GatewayIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -309,18 +384,6 @@ type gatewayIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -337,18 +400,6 @@ type GatewayIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The region of the gateway for the API. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -461,18 +512,6 @@ func (o GatewayIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o GatewayIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *GatewayIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/apigee/environmentIamBinding.go b/sdk/go/gcp/apigee/environmentIamBinding.go index d3cad47361..34d6f73125 100644 --- a/sdk/go/gcp/apigee/environmentIamBinding.go +++ b/sdk/go/gcp/apigee/environmentIamBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_apigee\_environment\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = apigee.NewEnvironmentIamPolicy(ctx, "policy", &apigee.EnvironmentIamPolicyArgs{ +// OrgId: pulumi.Any(apigeeEnvironment.OrgId), +// EnvId: pulumi.Any(apigeeEnvironment.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_apigee\_environment\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigee.NewEnvironmentIamBinding(ctx, "binding", &apigee.EnvironmentIamBindingArgs{ +// OrgId: pulumi.Any(apigeeEnvironment.OrgId), +// EnvId: pulumi.Any(apigeeEnvironment.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_apigee\_environment\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigee.NewEnvironmentIamMember(ctx, "member", &apigee.EnvironmentIamMemberArgs{ +// OrgId: pulumi.Any(apigeeEnvironment.OrgId), +// EnvId: pulumi.Any(apigeeEnvironment.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -172,9 +280,11 @@ type EnvironmentIamBinding struct { Condition EnvironmentIamBindingConditionPtrOutput `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + EnvId pulumi.StringOutput `pulumi:"envId"` + // (Computed) The etag of the IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -184,9 +294,6 @@ type EnvironmentIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - EnvId pulumi.StringOutput `pulumi:"envId"` - // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` OrgId pulumi.StringOutput `pulumi:"orgId"` // The role that should be applied. Only one @@ -239,9 +346,11 @@ func GetEnvironmentIamBinding(ctx *pulumi.Context, type environmentIamBindingState struct { Condition *EnvironmentIamBindingCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + EnvId *string `pulumi:"envId"` + // (Computed) The etag of the IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -251,9 +360,6 @@ type environmentIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - EnvId *string `pulumi:"envId"` - // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` Members []string `pulumi:"members"` OrgId *string `pulumi:"orgId"` // The role that should be applied. Only one @@ -265,9 +371,11 @@ type environmentIamBindingState struct { type EnvironmentIamBindingState struct { Condition EnvironmentIamBindingConditionPtrInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + EnvId pulumi.StringPtrInput + // (Computed) The etag of the IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -277,9 +385,6 @@ type EnvironmentIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - EnvId pulumi.StringPtrInput - // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput Members pulumi.StringArrayInput OrgId pulumi.StringPtrInput // The role that should be applied. Only one @@ -295,9 +400,9 @@ func (EnvironmentIamBindingState) ElementType() reflect.Type { type environmentIamBindingArgs struct { Condition *EnvironmentIamBindingCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + EnvId string `pulumi:"envId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -307,7 +412,6 @@ type environmentIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - EnvId string `pulumi:"envId"` Members []string `pulumi:"members"` OrgId string `pulumi:"orgId"` // The role that should be applied. Only one @@ -320,9 +424,9 @@ type environmentIamBindingArgs struct { type EnvironmentIamBindingArgs struct { Condition EnvironmentIamBindingConditionPtrInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + EnvId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -332,7 +436,6 @@ type EnvironmentIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - EnvId pulumi.StringInput Members pulumi.StringArrayInput OrgId pulumi.StringInput // The role that should be applied. Only one @@ -433,18 +536,6 @@ func (o EnvironmentIamBindingOutput) Condition() EnvironmentIamBindingConditionP } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o EnvironmentIamBindingOutput) EnvId() pulumi.StringOutput { return o.ApplyT(func(v *EnvironmentIamBinding) pulumi.StringOutput { return v.EnvId }).(pulumi.StringOutput) } @@ -454,6 +545,17 @@ func (o EnvironmentIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *EnvironmentIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o EnvironmentIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *EnvironmentIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/apigee/environmentIamMember.go b/sdk/go/gcp/apigee/environmentIamMember.go index 83ed590d6a..163e07bac5 100644 --- a/sdk/go/gcp/apigee/environmentIamMember.go +++ b/sdk/go/gcp/apigee/environmentIamMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_apigee\_environment\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = apigee.NewEnvironmentIamPolicy(ctx, "policy", &apigee.EnvironmentIamPolicyArgs{ +// OrgId: pulumi.Any(apigeeEnvironment.OrgId), +// EnvId: pulumi.Any(apigeeEnvironment.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_apigee\_environment\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigee.NewEnvironmentIamBinding(ctx, "binding", &apigee.EnvironmentIamBindingArgs{ +// OrgId: pulumi.Any(apigeeEnvironment.OrgId), +// EnvId: pulumi.Any(apigeeEnvironment.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_apigee\_environment\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigee.NewEnvironmentIamMember(ctx, "member", &apigee.EnvironmentIamMemberArgs{ +// OrgId: pulumi.Any(apigeeEnvironment.OrgId), +// EnvId: pulumi.Any(apigeeEnvironment.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -172,9 +280,11 @@ type EnvironmentIamMember struct { Condition EnvironmentIamMemberConditionPtrOutput `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + EnvId pulumi.StringOutput `pulumi:"envId"` + // (Computed) The etag of the IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -184,9 +294,6 @@ type EnvironmentIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - EnvId pulumi.StringOutput `pulumi:"envId"` - // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` OrgId pulumi.StringOutput `pulumi:"orgId"` // The role that should be applied. Only one @@ -239,9 +346,11 @@ func GetEnvironmentIamMember(ctx *pulumi.Context, type environmentIamMemberState struct { Condition *EnvironmentIamMemberCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + EnvId *string `pulumi:"envId"` + // (Computed) The etag of the IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -251,9 +360,6 @@ type environmentIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - EnvId *string `pulumi:"envId"` - // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` Member *string `pulumi:"member"` OrgId *string `pulumi:"orgId"` // The role that should be applied. Only one @@ -265,9 +371,11 @@ type environmentIamMemberState struct { type EnvironmentIamMemberState struct { Condition EnvironmentIamMemberConditionPtrInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + EnvId pulumi.StringPtrInput + // (Computed) The etag of the IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -277,9 +385,6 @@ type EnvironmentIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - EnvId pulumi.StringPtrInput - // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput Member pulumi.StringPtrInput OrgId pulumi.StringPtrInput // The role that should be applied. Only one @@ -295,9 +400,9 @@ func (EnvironmentIamMemberState) ElementType() reflect.Type { type environmentIamMemberArgs struct { Condition *EnvironmentIamMemberCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + EnvId string `pulumi:"envId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -307,7 +412,6 @@ type environmentIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - EnvId string `pulumi:"envId"` Member string `pulumi:"member"` OrgId string `pulumi:"orgId"` // The role that should be applied. Only one @@ -320,9 +424,9 @@ type environmentIamMemberArgs struct { type EnvironmentIamMemberArgs struct { Condition EnvironmentIamMemberConditionPtrInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + EnvId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -332,7 +436,6 @@ type EnvironmentIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - EnvId pulumi.StringInput Member pulumi.StringInput OrgId pulumi.StringInput // The role that should be applied. Only one @@ -433,18 +536,6 @@ func (o EnvironmentIamMemberOutput) Condition() EnvironmentIamMemberConditionPtr } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o EnvironmentIamMemberOutput) EnvId() pulumi.StringOutput { return o.ApplyT(func(v *EnvironmentIamMember) pulumi.StringOutput { return v.EnvId }).(pulumi.StringOutput) } @@ -454,6 +545,17 @@ func (o EnvironmentIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *EnvironmentIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o EnvironmentIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *EnvironmentIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/apigee/environmentIamPolicy.go b/sdk/go/gcp/apigee/environmentIamPolicy.go index 13957a8914..82f6e11086 100644 --- a/sdk/go/gcp/apigee/environmentIamPolicy.go +++ b/sdk/go/gcp/apigee/environmentIamPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_apigee\_environment\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = apigee.NewEnvironmentIamPolicy(ctx, "policy", &apigee.EnvironmentIamPolicyArgs{ +// OrgId: pulumi.Any(apigeeEnvironment.OrgId), +// EnvId: pulumi.Any(apigeeEnvironment.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_apigee\_environment\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigee.NewEnvironmentIamBinding(ctx, "binding", &apigee.EnvironmentIamBindingArgs{ +// OrgId: pulumi.Any(apigeeEnvironment.OrgId), +// EnvId: pulumi.Any(apigeeEnvironment.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_apigee\_environment\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/apigee" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := apigee.NewEnvironmentIamMember(ctx, "member", &apigee.EnvironmentIamMemberArgs{ +// OrgId: pulumi.Any(apigeeEnvironment.OrgId), +// EnvId: pulumi.Any(apigeeEnvironment.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,18 +279,6 @@ type EnvironmentIamPolicy struct { pulumi.CustomResourceState // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" EnvId pulumi.StringOutput `pulumi:"envId"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` @@ -232,18 +328,6 @@ func GetEnvironmentIamPolicy(ctx *pulumi.Context, // Input properties used for looking up and filtering EnvironmentIamPolicy resources. type environmentIamPolicyState struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" EnvId *string `pulumi:"envId"` // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` @@ -255,18 +339,6 @@ type environmentIamPolicyState struct { type EnvironmentIamPolicyState struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" EnvId pulumi.StringPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput @@ -282,18 +354,6 @@ func (EnvironmentIamPolicyState) ElementType() reflect.Type { type environmentIamPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" EnvId string `pulumi:"envId"` OrgId string `pulumi:"orgId"` // The policy data generated by @@ -304,18 +364,6 @@ type environmentIamPolicyArgs struct { // The set of arguments for constructing a EnvironmentIamPolicy resource. type EnvironmentIamPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" EnvId pulumi.StringInput OrgId pulumi.StringInput // The policy data generated by @@ -411,18 +459,6 @@ func (o EnvironmentIamPolicyOutput) ToEnvironmentIamPolicyOutputWithContext(ctx } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o EnvironmentIamPolicyOutput) EnvId() pulumi.StringOutput { return o.ApplyT(func(v *EnvironmentIamPolicy) pulumi.StringOutput { return v.EnvId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/artifactregistry/repositoryIamBinding.go b/sdk/go/gcp/artifactregistry/repositoryIamBinding.go index 5315fec12c..28ce53d4e7 100644 --- a/sdk/go/gcp/artifactregistry/repositoryIamBinding.go +++ b/sdk/go/gcp/artifactregistry/repositoryIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_artifact\_registry\_repository\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/artifactregistry.reader", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = artifactregistry.NewRepositoryIamPolicy(ctx, "policy", &artifactregistry.RepositoryIamPolicyArgs{ +// Project: pulumi.Any(my_repo.Project), +// Location: pulumi.Any(my_repo.Location), +// Repository: pulumi.Any(my_repo.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_artifact\_registry\_repository\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := artifactregistry.NewRepositoryIamBinding(ctx, "binding", &artifactregistry.RepositoryIamBindingArgs{ +// Project: pulumi.Any(my_repo.Project), +// Location: pulumi.Any(my_repo.Location), +// Repository: pulumi.Any(my_repo.Name), +// Role: pulumi.String("roles/artifactregistry.reader"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_artifact\_registry\_repository\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := artifactregistry.NewRepositoryIamMember(ctx, "member", &artifactregistry.RepositoryIamMemberArgs{ +// Project: pulumi.Any(my_repo.Project), +// Location: pulumi.Any(my_repo.Location), +// Repository: pulumi.Any(my_repo.Name), +// Role: pulumi.String("roles/artifactregistry.reader"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,13 +293,9 @@ type RepositoryIamBinding struct { Etag pulumi.StringOutput `pulumi:"etag"` // The name of the location this repository is located in. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -198,6 +305,9 @@ type RepositoryIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Repository pulumi.StringOutput `pulumi:"repository"` @@ -251,13 +361,9 @@ type repositoryIamBindingState struct { Etag *string `pulumi:"etag"` // The name of the location this repository is located in. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +373,9 @@ type repositoryIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Repository *string `pulumi:"repository"` @@ -283,12 +392,8 @@ type RepositoryIamBindingState struct { // The name of the location this repository is located in. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -298,6 +403,9 @@ type RepositoryIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Repository pulumi.StringPtrInput @@ -315,13 +423,9 @@ type repositoryIamBindingArgs struct { Condition *RepositoryIamBindingCondition `pulumi:"condition"` // The name of the location this repository is located in. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -331,6 +435,9 @@ type repositoryIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Repository string `pulumi:"repository"` @@ -346,12 +453,8 @@ type RepositoryIamBindingArgs struct { // The name of the location this repository is located in. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -361,6 +464,9 @@ type RepositoryIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Repository pulumi.StringInput @@ -472,24 +578,23 @@ func (o RepositoryIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RepositoryIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *RepositoryIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RepositoryIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/artifactregistry/repositoryIamMember.go b/sdk/go/gcp/artifactregistry/repositoryIamMember.go index 6d58eeadd0..f1a9ad9448 100644 --- a/sdk/go/gcp/artifactregistry/repositoryIamMember.go +++ b/sdk/go/gcp/artifactregistry/repositoryIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_artifact\_registry\_repository\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/artifactregistry.reader", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = artifactregistry.NewRepositoryIamPolicy(ctx, "policy", &artifactregistry.RepositoryIamPolicyArgs{ +// Project: pulumi.Any(my_repo.Project), +// Location: pulumi.Any(my_repo.Location), +// Repository: pulumi.Any(my_repo.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_artifact\_registry\_repository\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := artifactregistry.NewRepositoryIamBinding(ctx, "binding", &artifactregistry.RepositoryIamBindingArgs{ +// Project: pulumi.Any(my_repo.Project), +// Location: pulumi.Any(my_repo.Location), +// Repository: pulumi.Any(my_repo.Name), +// Role: pulumi.String("roles/artifactregistry.reader"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_artifact\_registry\_repository\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := artifactregistry.NewRepositoryIamMember(ctx, "member", &artifactregistry.RepositoryIamMemberArgs{ +// Project: pulumi.Any(my_repo.Project), +// Location: pulumi.Any(my_repo.Location), +// Repository: pulumi.Any(my_repo.Name), +// Role: pulumi.String("roles/artifactregistry.reader"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,12 +294,8 @@ type RepositoryIamMember struct { // The name of the location this repository is located in. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -198,6 +305,9 @@ type RepositoryIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Repository pulumi.StringOutput `pulumi:"repository"` @@ -252,12 +362,8 @@ type repositoryIamMemberState struct { // The name of the location this repository is located in. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +373,9 @@ type repositoryIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Repository *string `pulumi:"repository"` @@ -283,12 +392,8 @@ type RepositoryIamMemberState struct { // The name of the location this repository is located in. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -298,6 +403,9 @@ type RepositoryIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Repository pulumi.StringPtrInput @@ -316,12 +424,8 @@ type repositoryIamMemberArgs struct { // The name of the location this repository is located in. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -331,6 +435,9 @@ type repositoryIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Repository string `pulumi:"repository"` @@ -346,12 +453,8 @@ type RepositoryIamMemberArgs struct { // The name of the location this repository is located in. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -361,6 +464,9 @@ type RepositoryIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Repository pulumi.StringInput @@ -472,24 +578,23 @@ func (o RepositoryIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RepositoryIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RepositoryIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/artifactregistry/repositoryIamPolicy.go b/sdk/go/gcp/artifactregistry/repositoryIamPolicy.go index 4220283ee4..07a1f7373b 100644 --- a/sdk/go/gcp/artifactregistry/repositoryIamPolicy.go +++ b/sdk/go/gcp/artifactregistry/repositoryIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_artifact\_registry\_repository\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/artifactregistry.reader", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = artifactregistry.NewRepositoryIamPolicy(ctx, "policy", &artifactregistry.RepositoryIamPolicyArgs{ +// Project: pulumi.Any(my_repo.Project), +// Location: pulumi.Any(my_repo.Location), +// Repository: pulumi.Any(my_repo.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_artifact\_registry\_repository\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := artifactregistry.NewRepositoryIamBinding(ctx, "binding", &artifactregistry.RepositoryIamBindingArgs{ +// Project: pulumi.Any(my_repo.Project), +// Location: pulumi.Any(my_repo.Location), +// Repository: pulumi.Any(my_repo.Name), +// Role: pulumi.String("roles/artifactregistry.reader"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_artifact\_registry\_repository\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/artifactregistry" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := artifactregistry.NewRepositoryIamMember(ctx, "member", &artifactregistry.RepositoryIamMemberArgs{ +// Project: pulumi.Any(my_repo.Project), +// Location: pulumi.Any(my_repo.Location), +// Repository: pulumi.Any(my_repo.Name), +// Role: pulumi.String("roles/artifactregistry.reader"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -187,18 +298,6 @@ type RepositoryIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Repository pulumi.StringOutput `pulumi:"repository"` @@ -250,18 +349,6 @@ type repositoryIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Repository *string `pulumi:"repository"` @@ -278,18 +365,6 @@ type RepositoryIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Repository pulumi.StringPtrInput @@ -308,18 +383,6 @@ type repositoryIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Repository string `pulumi:"repository"` @@ -335,18 +398,6 @@ type RepositoryIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Repository pulumi.StringInput @@ -458,18 +509,6 @@ func (o RepositoryIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RepositoryIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigquery/connectionIamBinding.go b/sdk/go/gcp/bigquery/connectionIamBinding.go index 4a947aa780..44e356279d 100644 --- a/sdk/go/gcp/bigquery/connectionIamBinding.go +++ b/sdk/go/gcp/bigquery/connectionIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_bigquery\_connection\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigquery.NewConnectionIamPolicy(ctx, "policy", &bigquery.ConnectionIamPolicyArgs{ +// Project: pulumi.Any(connection.Project), +// Location: pulumi.Any(connection.Location), +// ConnectionId: pulumi.Any(connection.ConnectionId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_connection\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewConnectionIamBinding(ctx, "binding", &bigquery.ConnectionIamBindingArgs{ +// Project: pulumi.Any(connection.Project), +// Location: pulumi.Any(connection.Location), +// ConnectionId: pulumi.Any(connection.ConnectionId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_connection\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewConnectionIamMember(ctx, "member", &bigquery.ConnectionIamMemberArgs{ +// Project: pulumi.Any(connection.Project), +// Location: pulumi.Any(connection.Location), +// ConnectionId: pulumi.Any(connection.ConnectionId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -190,13 +301,9 @@ type ConnectionIamBinding struct { // Spanner Connections same as spanner region // AWS allowed regions are aws-us-east-1 // Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -206,6 +313,9 @@ type ConnectionIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format @@ -265,13 +375,9 @@ type connectionIamBindingState struct { // Spanner Connections same as spanner region // AWS allowed regions are aws-us-east-1 // Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -281,6 +387,9 @@ type connectionIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format @@ -303,12 +412,8 @@ type ConnectionIamBindingState struct { // AWS allowed regions are aws-us-east-1 // Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -318,6 +423,9 @@ type ConnectionIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format @@ -341,13 +449,9 @@ type connectionIamBindingArgs struct { // Spanner Connections same as spanner region // AWS allowed regions are aws-us-east-1 // Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -357,6 +461,9 @@ type connectionIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format @@ -378,12 +485,8 @@ type ConnectionIamBindingArgs struct { // AWS allowed regions are aws-us-east-1 // Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -393,6 +496,9 @@ type ConnectionIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format @@ -513,24 +619,23 @@ func (o ConnectionIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *ConnectionIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConnectionIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ConnectionIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConnectionIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ConnectionIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigquery/connectionIamMember.go b/sdk/go/gcp/bigquery/connectionIamMember.go index 317a35784e..39615117bc 100644 --- a/sdk/go/gcp/bigquery/connectionIamMember.go +++ b/sdk/go/gcp/bigquery/connectionIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_bigquery\_connection\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigquery.NewConnectionIamPolicy(ctx, "policy", &bigquery.ConnectionIamPolicyArgs{ +// Project: pulumi.Any(connection.Project), +// Location: pulumi.Any(connection.Location), +// ConnectionId: pulumi.Any(connection.ConnectionId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_connection\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewConnectionIamBinding(ctx, "binding", &bigquery.ConnectionIamBindingArgs{ +// Project: pulumi.Any(connection.Project), +// Location: pulumi.Any(connection.Location), +// ConnectionId: pulumi.Any(connection.ConnectionId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_connection\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewConnectionIamMember(ctx, "member", &bigquery.ConnectionIamMemberArgs{ +// Project: pulumi.Any(connection.Project), +// Location: pulumi.Any(connection.Location), +// ConnectionId: pulumi.Any(connection.ConnectionId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -191,12 +302,8 @@ type ConnectionIamMember struct { // AWS allowed regions are aws-us-east-1 // Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -206,6 +313,9 @@ type ConnectionIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format @@ -266,12 +376,8 @@ type connectionIamMemberState struct { // AWS allowed regions are aws-us-east-1 // Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -281,6 +387,9 @@ type connectionIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format @@ -303,12 +412,8 @@ type ConnectionIamMemberState struct { // AWS allowed regions are aws-us-east-1 // Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -318,6 +423,9 @@ type ConnectionIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format @@ -342,12 +450,8 @@ type connectionIamMemberArgs struct { // AWS allowed regions are aws-us-east-1 // Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -357,6 +461,9 @@ type connectionIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format @@ -378,12 +485,8 @@ type ConnectionIamMemberArgs struct { // AWS allowed regions are aws-us-east-1 // Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -393,6 +496,9 @@ type ConnectionIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format @@ -513,24 +619,23 @@ func (o ConnectionIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *ConnectionIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConnectionIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ConnectionIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConnectionIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ConnectionIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigquery/connectionIamPolicy.go b/sdk/go/gcp/bigquery/connectionIamPolicy.go index af0d6c54ca..0ff75f75c9 100644 --- a/sdk/go/gcp/bigquery/connectionIamPolicy.go +++ b/sdk/go/gcp/bigquery/connectionIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_bigquery\_connection\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigquery.NewConnectionIamPolicy(ctx, "policy", &bigquery.ConnectionIamPolicyArgs{ +// Project: pulumi.Any(connection.Project), +// Location: pulumi.Any(connection.Location), +// ConnectionId: pulumi.Any(connection.ConnectionId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_connection\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewConnectionIamBinding(ctx, "binding", &bigquery.ConnectionIamBindingArgs{ +// Project: pulumi.Any(connection.Project), +// Location: pulumi.Any(connection.Location), +// ConnectionId: pulumi.Any(connection.ConnectionId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_connection\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewConnectionIamMember(ctx, "member", &bigquery.ConnectionIamMemberArgs{ +// Project: pulumi.Any(connection.Project), +// Location: pulumi.Any(connection.Location), +// ConnectionId: pulumi.Any(connection.ConnectionId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -195,18 +306,6 @@ type ConnectionIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -264,18 +363,6 @@ type connectionIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -298,18 +385,6 @@ type ConnectionIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -334,18 +409,6 @@ type connectionIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -367,18 +430,6 @@ type ConnectionIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -499,18 +550,6 @@ func (o ConnectionIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConnectionIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ConnectionIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigquery/datasetIamBinding.go b/sdk/go/gcp/bigquery/datasetIamBinding.go index cf08ebbb2f..132981c9c4 100644 --- a/sdk/go/gcp/bigquery/datasetIamBinding.go +++ b/sdk/go/gcp/bigquery/datasetIamBinding.go @@ -153,6 +153,129 @@ import ( // ``` // // +// ## google\_bigquery\_dataset\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// owner, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigquery.dataOwner", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// datasetDataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{ +// DatasetId: pulumi.String("example_dataset"), +// }) +// if err != nil { +// return err +// } +// _, err = bigquery.NewDatasetIamPolicy(ctx, "dataset", &bigquery.DatasetIamPolicyArgs{ +// DatasetId: datasetDataset.DatasetId, +// PolicyData: pulumi.String(owner.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_dataset\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// dataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{ +// DatasetId: pulumi.String("example_dataset"), +// }) +// if err != nil { +// return err +// } +// _, err = bigquery.NewDatasetIamBinding(ctx, "reader", &bigquery.DatasetIamBindingArgs{ +// DatasetId: dataset.DatasetId, +// Role: pulumi.String("roles/bigquery.dataViewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_dataset\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// dataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{ +// DatasetId: pulumi.String("example_dataset"), +// }) +// if err != nil { +// return err +// } +// _, err = bigquery.NewDatasetIamMember(ctx, "editor", &bigquery.DatasetIamMemberArgs{ +// DatasetId: dataset.DatasetId, +// Role: pulumi.String("roles/bigquery.dataEditor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -183,9 +306,11 @@ type DatasetIamBinding struct { Condition DatasetIamBindingConditionPtrOutput `pulumi:"condition"` // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId pulumi.StringOutput `pulumi:"datasetId"` + // (Computed) The etag of the dataset's IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -193,9 +318,6 @@ type DatasetIamBinding struct { // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - DatasetId pulumi.StringOutput `pulumi:"datasetId"` - // (Computed) The etag of the dataset's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. @@ -247,9 +369,11 @@ func GetDatasetIamBinding(ctx *pulumi.Context, type datasetIamBindingState struct { Condition *DatasetIamBindingCondition `pulumi:"condition"` // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId *string `pulumi:"datasetId"` + // (Computed) The etag of the dataset's IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -257,9 +381,6 @@ type datasetIamBindingState struct { // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - DatasetId *string `pulumi:"datasetId"` - // (Computed) The etag of the dataset's IAM policy. - Etag *string `pulumi:"etag"` Members []string `pulumi:"members"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. @@ -273,9 +394,11 @@ type datasetIamBindingState struct { type DatasetIamBindingState struct { Condition DatasetIamBindingConditionPtrInput // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId pulumi.StringPtrInput + // (Computed) The etag of the dataset's IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -283,9 +406,6 @@ type DatasetIamBindingState struct { // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - DatasetId pulumi.StringPtrInput - // (Computed) The etag of the dataset's IAM policy. - Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. @@ -303,9 +423,9 @@ func (DatasetIamBindingState) ElementType() reflect.Type { type datasetIamBindingArgs struct { Condition *DatasetIamBindingCondition `pulumi:"condition"` // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId string `pulumi:"datasetId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -313,8 +433,7 @@ type datasetIamBindingArgs struct { // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - DatasetId string `pulumi:"datasetId"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -328,9 +447,9 @@ type datasetIamBindingArgs struct { type DatasetIamBindingArgs struct { Condition DatasetIamBindingConditionPtrInput // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -338,8 +457,7 @@ type DatasetIamBindingArgs struct { // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - DatasetId pulumi.StringInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -441,16 +559,6 @@ func (o DatasetIamBindingOutput) Condition() DatasetIamBindingConditionPtrOutput } // The dataset ID. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. func (o DatasetIamBindingOutput) DatasetId() pulumi.StringOutput { return o.ApplyT(func(v *DatasetIamBinding) pulumi.StringOutput { return v.DatasetId }).(pulumi.StringOutput) } @@ -460,6 +568,15 @@ func (o DatasetIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *DatasetIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. func (o DatasetIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *DatasetIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/bigquery/datasetIamMember.go b/sdk/go/gcp/bigquery/datasetIamMember.go index aab119512a..0a2ee111a2 100644 --- a/sdk/go/gcp/bigquery/datasetIamMember.go +++ b/sdk/go/gcp/bigquery/datasetIamMember.go @@ -153,6 +153,129 @@ import ( // ``` // // +// ## google\_bigquery\_dataset\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// owner, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigquery.dataOwner", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// datasetDataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{ +// DatasetId: pulumi.String("example_dataset"), +// }) +// if err != nil { +// return err +// } +// _, err = bigquery.NewDatasetIamPolicy(ctx, "dataset", &bigquery.DatasetIamPolicyArgs{ +// DatasetId: datasetDataset.DatasetId, +// PolicyData: pulumi.String(owner.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_dataset\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// dataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{ +// DatasetId: pulumi.String("example_dataset"), +// }) +// if err != nil { +// return err +// } +// _, err = bigquery.NewDatasetIamBinding(ctx, "reader", &bigquery.DatasetIamBindingArgs{ +// DatasetId: dataset.DatasetId, +// Role: pulumi.String("roles/bigquery.dataViewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_dataset\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// dataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{ +// DatasetId: pulumi.String("example_dataset"), +// }) +// if err != nil { +// return err +// } +// _, err = bigquery.NewDatasetIamMember(ctx, "editor", &bigquery.DatasetIamMemberArgs{ +// DatasetId: dataset.DatasetId, +// Role: pulumi.String("roles/bigquery.dataEditor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -183,9 +306,11 @@ type DatasetIamMember struct { Condition DatasetIamMemberConditionPtrOutput `pulumi:"condition"` // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId pulumi.StringOutput `pulumi:"datasetId"` + // (Computed) The etag of the dataset's IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -193,9 +318,6 @@ type DatasetIamMember struct { // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - DatasetId pulumi.StringOutput `pulumi:"datasetId"` - // (Computed) The etag of the dataset's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. @@ -247,9 +369,11 @@ func GetDatasetIamMember(ctx *pulumi.Context, type datasetIamMemberState struct { Condition *DatasetIamMemberCondition `pulumi:"condition"` // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId *string `pulumi:"datasetId"` + // (Computed) The etag of the dataset's IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -257,9 +381,6 @@ type datasetIamMemberState struct { // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - DatasetId *string `pulumi:"datasetId"` - // (Computed) The etag of the dataset's IAM policy. - Etag *string `pulumi:"etag"` Member *string `pulumi:"member"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. @@ -273,9 +394,11 @@ type datasetIamMemberState struct { type DatasetIamMemberState struct { Condition DatasetIamMemberConditionPtrInput // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId pulumi.StringPtrInput + // (Computed) The etag of the dataset's IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -283,9 +406,6 @@ type DatasetIamMemberState struct { // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - DatasetId pulumi.StringPtrInput - // (Computed) The etag of the dataset's IAM policy. - Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. @@ -303,9 +423,9 @@ func (DatasetIamMemberState) ElementType() reflect.Type { type datasetIamMemberArgs struct { Condition *DatasetIamMemberCondition `pulumi:"condition"` // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId string `pulumi:"datasetId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -313,8 +433,7 @@ type datasetIamMemberArgs struct { // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - DatasetId string `pulumi:"datasetId"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -328,9 +447,9 @@ type datasetIamMemberArgs struct { type DatasetIamMemberArgs struct { Condition DatasetIamMemberConditionPtrInput // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -338,8 +457,7 @@ type DatasetIamMemberArgs struct { // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - DatasetId pulumi.StringInput - Member pulumi.StringInput + Member pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -441,16 +559,6 @@ func (o DatasetIamMemberOutput) Condition() DatasetIamMemberConditionPtrOutput { } // The dataset ID. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. func (o DatasetIamMemberOutput) DatasetId() pulumi.StringOutput { return o.ApplyT(func(v *DatasetIamMember) pulumi.StringOutput { return v.DatasetId }).(pulumi.StringOutput) } @@ -460,6 +568,15 @@ func (o DatasetIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *DatasetIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. func (o DatasetIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *DatasetIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigquery/datasetIamPolicy.go b/sdk/go/gcp/bigquery/datasetIamPolicy.go index a8ff1f282a..c5d71fdf60 100644 --- a/sdk/go/gcp/bigquery/datasetIamPolicy.go +++ b/sdk/go/gcp/bigquery/datasetIamPolicy.go @@ -153,6 +153,129 @@ import ( // ``` // // +// ## google\_bigquery\_dataset\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// owner, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigquery.dataOwner", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// datasetDataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{ +// DatasetId: pulumi.String("example_dataset"), +// }) +// if err != nil { +// return err +// } +// _, err = bigquery.NewDatasetIamPolicy(ctx, "dataset", &bigquery.DatasetIamPolicyArgs{ +// DatasetId: datasetDataset.DatasetId, +// PolicyData: pulumi.String(owner.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_dataset\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// dataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{ +// DatasetId: pulumi.String("example_dataset"), +// }) +// if err != nil { +// return err +// } +// _, err = bigquery.NewDatasetIamBinding(ctx, "reader", &bigquery.DatasetIamBindingArgs{ +// DatasetId: dataset.DatasetId, +// Role: pulumi.String("roles/bigquery.dataViewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_dataset\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// dataset, err := bigquery.NewDataset(ctx, "dataset", &bigquery.DatasetArgs{ +// DatasetId: pulumi.String("example_dataset"), +// }) +// if err != nil { +// return err +// } +// _, err = bigquery.NewDatasetIamMember(ctx, "editor", &bigquery.DatasetIamMemberArgs{ +// DatasetId: dataset.DatasetId, +// Role: pulumi.String("roles/bigquery.dataEditor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -182,16 +305,6 @@ type DatasetIamPolicy struct { pulumi.CustomResourceState // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. DatasetId pulumi.StringOutput `pulumi:"datasetId"` // (Computed) The etag of the dataset's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` @@ -240,16 +353,6 @@ func GetDatasetIamPolicy(ctx *pulumi.Context, // Input properties used for looking up and filtering DatasetIamPolicy resources. type datasetIamPolicyState struct { // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. DatasetId *string `pulumi:"datasetId"` // (Computed) The etag of the dataset's IAM policy. Etag *string `pulumi:"etag"` @@ -263,16 +366,6 @@ type datasetIamPolicyState struct { type DatasetIamPolicyState struct { // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. DatasetId pulumi.StringPtrInput // (Computed) The etag of the dataset's IAM policy. Etag pulumi.StringPtrInput @@ -290,16 +383,6 @@ func (DatasetIamPolicyState) ElementType() reflect.Type { type datasetIamPolicyArgs struct { // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. DatasetId string `pulumi:"datasetId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -312,16 +395,6 @@ type datasetIamPolicyArgs struct { // The set of arguments for constructing a DatasetIamPolicy resource. type DatasetIamPolicyArgs struct { // The dataset ID. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. DatasetId pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -419,16 +492,6 @@ func (o DatasetIamPolicyOutput) ToDatasetIamPolicyOutputWithContext(ctx context. } // The dataset ID. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. func (o DatasetIamPolicyOutput) DatasetId() pulumi.StringOutput { return o.ApplyT(func(v *DatasetIamPolicy) pulumi.StringOutput { return v.DatasetId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigquery/iamBinding.go b/sdk/go/gcp/bigquery/iamBinding.go index 20669f57ff..65b5a780ed 100644 --- a/sdk/go/gcp/bigquery/iamBinding.go +++ b/sdk/go/gcp/bigquery/iamBinding.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_bigquery\_table\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigquery.dataOwner", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigquery.NewIamPolicy(ctx, "policy", &bigquery.IamPolicyArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigquery.dataOwner", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigquery.NewIamPolicy(ctx, "policy", &bigquery.IamPolicyArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_bigquery\_table\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewIamBinding(ctx, "binding", &bigquery.IamBindingArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// Role: pulumi.String("roles/bigquery.dataOwner"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewIamBinding(ctx, "binding", &bigquery.IamBindingArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// Role: pulumi.String("roles/bigquery.dataOwner"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &bigquery.IamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_bigquery\_table\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewIamMember(ctx, "member", &bigquery.IamMemberArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// Role: pulumi.String("roles/bigquery.dataOwner"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewIamMember(ctx, "member", &bigquery.IamMemberArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// Role: pulumi.String("roles/bigquery.dataOwner"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &bigquery.IamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -308,13 +543,9 @@ type IamBinding struct { Condition IamBindingConditionPtrOutput `pulumi:"condition"` DatasetId pulumi.StringOutput `pulumi:"datasetId"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -324,6 +555,9 @@ type IamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format @@ -379,13 +613,9 @@ type iamBindingState struct { Condition *IamBindingCondition `pulumi:"condition"` DatasetId *string `pulumi:"datasetId"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -395,6 +625,9 @@ type iamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format @@ -409,13 +642,9 @@ type IamBindingState struct { Condition IamBindingConditionPtrInput DatasetId pulumi.StringPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -425,6 +654,9 @@ type IamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format @@ -442,12 +674,8 @@ type iamBindingArgs struct { // Structure is documented below. Condition *IamBindingCondition `pulumi:"condition"` DatasetId string `pulumi:"datasetId"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -457,6 +685,9 @@ type iamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format @@ -471,12 +702,8 @@ type IamBindingArgs struct { // Structure is documented below. Condition IamBindingConditionPtrInput DatasetId pulumi.StringInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -486,6 +713,9 @@ type IamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format @@ -596,24 +826,23 @@ func (o IamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *IamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o IamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *IamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o IamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *IamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigquery/iamMember.go b/sdk/go/gcp/bigquery/iamMember.go index eea23ec3ae..7752862578 100644 --- a/sdk/go/gcp/bigquery/iamMember.go +++ b/sdk/go/gcp/bigquery/iamMember.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_bigquery\_table\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigquery.dataOwner", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigquery.NewIamPolicy(ctx, "policy", &bigquery.IamPolicyArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigquery.dataOwner", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigquery.NewIamPolicy(ctx, "policy", &bigquery.IamPolicyArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_bigquery\_table\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewIamBinding(ctx, "binding", &bigquery.IamBindingArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// Role: pulumi.String("roles/bigquery.dataOwner"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewIamBinding(ctx, "binding", &bigquery.IamBindingArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// Role: pulumi.String("roles/bigquery.dataOwner"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &bigquery.IamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_bigquery\_table\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewIamMember(ctx, "member", &bigquery.IamMemberArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// Role: pulumi.String("roles/bigquery.dataOwner"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewIamMember(ctx, "member", &bigquery.IamMemberArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// Role: pulumi.String("roles/bigquery.dataOwner"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &bigquery.IamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -308,13 +543,9 @@ type IamMember struct { Condition IamMemberConditionPtrOutput `pulumi:"condition"` DatasetId pulumi.StringOutput `pulumi:"datasetId"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -324,6 +555,9 @@ type IamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format @@ -379,13 +613,9 @@ type iamMemberState struct { Condition *IamMemberCondition `pulumi:"condition"` DatasetId *string `pulumi:"datasetId"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -395,6 +625,9 @@ type iamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format @@ -409,13 +642,9 @@ type IamMemberState struct { Condition IamMemberConditionPtrInput DatasetId pulumi.StringPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -425,6 +654,9 @@ type IamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format @@ -442,12 +674,8 @@ type iamMemberArgs struct { // Structure is documented below. Condition *IamMemberCondition `pulumi:"condition"` DatasetId string `pulumi:"datasetId"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -457,6 +685,9 @@ type iamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format @@ -471,12 +702,8 @@ type IamMemberArgs struct { // Structure is documented below. Condition IamMemberConditionPtrInput DatasetId pulumi.StringInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -486,6 +713,9 @@ type IamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format @@ -596,24 +826,23 @@ func (o IamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *IamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o IamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *IamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o IamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *IamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigquery/iamPolicy.go b/sdk/go/gcp/bigquery/iamPolicy.go index 0b8087d042..5ca23d790b 100644 --- a/sdk/go/gcp/bigquery/iamPolicy.go +++ b/sdk/go/gcp/bigquery/iamPolicy.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_bigquery\_table\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigquery.dataOwner", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigquery.NewIamPolicy(ctx, "policy", &bigquery.IamPolicyArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigquery.dataOwner", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigquery.NewIamPolicy(ctx, "policy", &bigquery.IamPolicyArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_bigquery\_table\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewIamBinding(ctx, "binding", &bigquery.IamBindingArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// Role: pulumi.String("roles/bigquery.dataOwner"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewIamBinding(ctx, "binding", &bigquery.IamBindingArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// Role: pulumi.String("roles/bigquery.dataOwner"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &bigquery.IamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_bigquery\_table\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewIamMember(ctx, "member", &bigquery.IamMemberArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// Role: pulumi.String("roles/bigquery.dataOwner"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquery" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquery.NewIamMember(ctx, "member", &bigquery.IamMemberArgs{ +// Project: pulumi.Any(test.Project), +// DatasetId: pulumi.Any(test.DatasetId), +// TableId: pulumi.Any(test.TableId), +// Role: pulumi.String("roles/bigquery.dataOwner"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &bigquery.IamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -311,18 +546,6 @@ type IamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` TableId pulumi.StringOutput `pulumi:"tableId"` } @@ -374,18 +597,6 @@ type iamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` TableId *string `pulumi:"tableId"` } @@ -399,18 +610,6 @@ type IamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput TableId pulumi.StringPtrInput } @@ -426,18 +625,6 @@ type iamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` TableId string `pulumi:"tableId"` } @@ -450,18 +637,6 @@ type IamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput TableId pulumi.StringInput } @@ -570,18 +745,6 @@ func (o IamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o IamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *IamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigqueryanalyticshub/dataExchangeIamBinding.go b/sdk/go/gcp/bigqueryanalyticshub/dataExchangeIamBinding.go index 7fd47f9700..7bef6b0fa8 100644 --- a/sdk/go/gcp/bigqueryanalyticshub/dataExchangeIamBinding.go +++ b/sdk/go/gcp/bigqueryanalyticshub/dataExchangeIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, "policy", &bigqueryanalyticshub.DataExchangeIamPolicyArgs{ +// Project: pulumi.Any(dataExchange.Project), +// Location: pulumi.Any(dataExchange.Location), +// DataExchangeId: pulumi.Any(dataExchange.DataExchangeId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, "binding", &bigqueryanalyticshub.DataExchangeIamBindingArgs{ +// Project: pulumi.Any(dataExchange.Project), +// Location: pulumi.Any(dataExchange.Location), +// DataExchangeId: pulumi.Any(dataExchange.DataExchangeId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, "member", &bigqueryanalyticshub.DataExchangeIamMemberArgs{ +// Project: pulumi.Any(dataExchange.Project), +// Location: pulumi.Any(dataExchange.Location), +// DataExchangeId: pulumi.Any(dataExchange.DataExchangeId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -184,13 +295,9 @@ type DataExchangeIamBinding struct { Etag pulumi.StringOutput `pulumi:"etag"` // The name of the location this data exchange. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -200,6 +307,9 @@ type DataExchangeIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format @@ -253,13 +363,9 @@ type dataExchangeIamBindingState struct { Etag *string `pulumi:"etag"` // The name of the location this data exchange. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,6 +375,9 @@ type dataExchangeIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format @@ -285,12 +394,8 @@ type DataExchangeIamBindingState struct { // The name of the location this data exchange. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -300,6 +405,9 @@ type DataExchangeIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format @@ -317,13 +425,9 @@ type dataExchangeIamBindingArgs struct { DataExchangeId string `pulumi:"dataExchangeId"` // The name of the location this data exchange. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -333,6 +437,9 @@ type dataExchangeIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format @@ -348,12 +455,8 @@ type DataExchangeIamBindingArgs struct { // The name of the location this data exchange. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -363,6 +466,9 @@ type DataExchangeIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format @@ -477,24 +583,23 @@ func (o DataExchangeIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *DataExchangeIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DataExchangeIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *DataExchangeIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DataExchangeIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DataExchangeIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigqueryanalyticshub/dataExchangeIamMember.go b/sdk/go/gcp/bigqueryanalyticshub/dataExchangeIamMember.go index be41f643b1..449765c4d1 100644 --- a/sdk/go/gcp/bigqueryanalyticshub/dataExchangeIamMember.go +++ b/sdk/go/gcp/bigqueryanalyticshub/dataExchangeIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, "policy", &bigqueryanalyticshub.DataExchangeIamPolicyArgs{ +// Project: pulumi.Any(dataExchange.Project), +// Location: pulumi.Any(dataExchange.Location), +// DataExchangeId: pulumi.Any(dataExchange.DataExchangeId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, "binding", &bigqueryanalyticshub.DataExchangeIamBindingArgs{ +// Project: pulumi.Any(dataExchange.Project), +// Location: pulumi.Any(dataExchange.Location), +// DataExchangeId: pulumi.Any(dataExchange.DataExchangeId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, "member", &bigqueryanalyticshub.DataExchangeIamMemberArgs{ +// Project: pulumi.Any(dataExchange.Project), +// Location: pulumi.Any(dataExchange.Location), +// DataExchangeId: pulumi.Any(dataExchange.DataExchangeId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -185,12 +296,8 @@ type DataExchangeIamMember struct { // The name of the location this data exchange. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -200,6 +307,9 @@ type DataExchangeIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format @@ -254,12 +364,8 @@ type dataExchangeIamMemberState struct { // The name of the location this data exchange. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,6 +375,9 @@ type dataExchangeIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format @@ -285,12 +394,8 @@ type DataExchangeIamMemberState struct { // The name of the location this data exchange. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -300,6 +405,9 @@ type DataExchangeIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format @@ -318,12 +426,8 @@ type dataExchangeIamMemberArgs struct { // The name of the location this data exchange. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -333,6 +437,9 @@ type dataExchangeIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format @@ -348,12 +455,8 @@ type DataExchangeIamMemberArgs struct { // The name of the location this data exchange. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -363,6 +466,9 @@ type DataExchangeIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format @@ -477,24 +583,23 @@ func (o DataExchangeIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *DataExchangeIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DataExchangeIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *DataExchangeIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DataExchangeIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DataExchangeIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigqueryanalyticshub/dataExchangeIamPolicy.go b/sdk/go/gcp/bigqueryanalyticshub/dataExchangeIamPolicy.go index 9f7e835cdb..e970d05d91 100644 --- a/sdk/go/gcp/bigqueryanalyticshub/dataExchangeIamPolicy.go +++ b/sdk/go/gcp/bigqueryanalyticshub/dataExchangeIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigqueryanalyticshub.NewDataExchangeIamPolicy(ctx, "policy", &bigqueryanalyticshub.DataExchangeIamPolicyArgs{ +// Project: pulumi.Any(dataExchange.Project), +// Location: pulumi.Any(dataExchange.Location), +// DataExchangeId: pulumi.Any(dataExchange.DataExchangeId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigqueryanalyticshub.NewDataExchangeIamBinding(ctx, "binding", &bigqueryanalyticshub.DataExchangeIamBindingArgs{ +// Project: pulumi.Any(dataExchange.Project), +// Location: pulumi.Any(dataExchange.Location), +// DataExchangeId: pulumi.Any(dataExchange.DataExchangeId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigqueryanalyticshub.NewDataExchangeIamMember(ctx, "member", &bigqueryanalyticshub.DataExchangeIamMemberArgs{ +// Project: pulumi.Any(dataExchange.Project), +// Location: pulumi.Any(dataExchange.Location), +// DataExchangeId: pulumi.Any(dataExchange.DataExchangeId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -189,18 +300,6 @@ type DataExchangeIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -252,18 +351,6 @@ type dataExchangeIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -280,18 +367,6 @@ type DataExchangeIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -310,18 +385,6 @@ type dataExchangeIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -337,18 +400,6 @@ type DataExchangeIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -463,18 +514,6 @@ func (o DataExchangeIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DataExchangeIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DataExchangeIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigqueryanalyticshub/listingIamBinding.go b/sdk/go/gcp/bigqueryanalyticshub/listingIamBinding.go index fec48b0182..553bb50459 100644 --- a/sdk/go/gcp/bigqueryanalyticshub/listingIamBinding.go +++ b/sdk/go/gcp/bigqueryanalyticshub/listingIamBinding.go @@ -140,6 +140,120 @@ import ( // ``` // // +// ## google\_bigquery\_analytics\_hub\_listing\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, "policy", &bigqueryanalyticshub.ListingIamPolicyArgs{ +// Project: pulumi.Any(listing.Project), +// Location: pulumi.Any(listing.Location), +// DataExchangeId: pulumi.Any(listing.DataExchangeId), +// ListingId: pulumi.Any(listing.ListingId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_analytics\_hub\_listing\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigqueryanalyticshub.NewListingIamBinding(ctx, "binding", &bigqueryanalyticshub.ListingIamBindingArgs{ +// Project: pulumi.Any(listing.Project), +// Location: pulumi.Any(listing.Location), +// DataExchangeId: pulumi.Any(listing.DataExchangeId), +// ListingId: pulumi.Any(listing.ListingId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_analytics\_hub\_listing\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigqueryanalyticshub.NewListingIamMember(ctx, "member", &bigqueryanalyticshub.ListingIamMemberArgs{ +// Project: pulumi.Any(listing.Project), +// Location: pulumi.Any(listing.Location), +// DataExchangeId: pulumi.Any(listing.DataExchangeId), +// ListingId: pulumi.Any(listing.ListingId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -189,13 +303,9 @@ type ListingIamBinding struct { ListingId pulumi.StringOutput `pulumi:"listingId"` // The name of the location this data exchange listing. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -205,6 +315,9 @@ type ListingIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format @@ -263,13 +376,9 @@ type listingIamBindingState struct { ListingId *string `pulumi:"listingId"` // The name of the location this data exchange listing. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -279,6 +388,9 @@ type listingIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format @@ -297,12 +409,8 @@ type ListingIamBindingState struct { // The name of the location this data exchange listing. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -312,6 +420,9 @@ type ListingIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format @@ -331,13 +442,9 @@ type listingIamBindingArgs struct { ListingId string `pulumi:"listingId"` // The name of the location this data exchange listing. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -347,6 +454,9 @@ type listingIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format @@ -364,12 +474,8 @@ type ListingIamBindingArgs struct { // The name of the location this data exchange listing. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -379,6 +485,9 @@ type ListingIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format @@ -498,24 +607,23 @@ func (o ListingIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *ListingIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ListingIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ListingIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ListingIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ListingIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigqueryanalyticshub/listingIamMember.go b/sdk/go/gcp/bigqueryanalyticshub/listingIamMember.go index 73fcb08388..6f896f2b53 100644 --- a/sdk/go/gcp/bigqueryanalyticshub/listingIamMember.go +++ b/sdk/go/gcp/bigqueryanalyticshub/listingIamMember.go @@ -140,6 +140,120 @@ import ( // ``` // // +// ## google\_bigquery\_analytics\_hub\_listing\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, "policy", &bigqueryanalyticshub.ListingIamPolicyArgs{ +// Project: pulumi.Any(listing.Project), +// Location: pulumi.Any(listing.Location), +// DataExchangeId: pulumi.Any(listing.DataExchangeId), +// ListingId: pulumi.Any(listing.ListingId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_analytics\_hub\_listing\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigqueryanalyticshub.NewListingIamBinding(ctx, "binding", &bigqueryanalyticshub.ListingIamBindingArgs{ +// Project: pulumi.Any(listing.Project), +// Location: pulumi.Any(listing.Location), +// DataExchangeId: pulumi.Any(listing.DataExchangeId), +// ListingId: pulumi.Any(listing.ListingId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_analytics\_hub\_listing\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigqueryanalyticshub.NewListingIamMember(ctx, "member", &bigqueryanalyticshub.ListingIamMemberArgs{ +// Project: pulumi.Any(listing.Project), +// Location: pulumi.Any(listing.Location), +// DataExchangeId: pulumi.Any(listing.DataExchangeId), +// ListingId: pulumi.Any(listing.ListingId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -190,12 +304,8 @@ type ListingIamMember struct { // The name of the location this data exchange listing. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -205,6 +315,9 @@ type ListingIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format @@ -264,12 +377,8 @@ type listingIamMemberState struct { // The name of the location this data exchange listing. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -279,6 +388,9 @@ type listingIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format @@ -297,12 +409,8 @@ type ListingIamMemberState struct { // The name of the location this data exchange listing. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -312,6 +420,9 @@ type ListingIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format @@ -332,12 +443,8 @@ type listingIamMemberArgs struct { // The name of the location this data exchange listing. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -347,6 +454,9 @@ type listingIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format @@ -364,12 +474,8 @@ type ListingIamMemberArgs struct { // The name of the location this data exchange listing. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -379,6 +485,9 @@ type ListingIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format @@ -498,24 +607,23 @@ func (o ListingIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *ListingIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ListingIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ListingIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ListingIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ListingIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigqueryanalyticshub/listingIamPolicy.go b/sdk/go/gcp/bigqueryanalyticshub/listingIamPolicy.go index 6f25500a5a..995cd71571 100644 --- a/sdk/go/gcp/bigqueryanalyticshub/listingIamPolicy.go +++ b/sdk/go/gcp/bigqueryanalyticshub/listingIamPolicy.go @@ -140,6 +140,120 @@ import ( // ``` // // +// ## google\_bigquery\_analytics\_hub\_listing\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigqueryanalyticshub.NewListingIamPolicy(ctx, "policy", &bigqueryanalyticshub.ListingIamPolicyArgs{ +// Project: pulumi.Any(listing.Project), +// Location: pulumi.Any(listing.Location), +// DataExchangeId: pulumi.Any(listing.DataExchangeId), +// ListingId: pulumi.Any(listing.ListingId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_analytics\_hub\_listing\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigqueryanalyticshub.NewListingIamBinding(ctx, "binding", &bigqueryanalyticshub.ListingIamBindingArgs{ +// Project: pulumi.Any(listing.Project), +// Location: pulumi.Any(listing.Location), +// DataExchangeId: pulumi.Any(listing.DataExchangeId), +// ListingId: pulumi.Any(listing.ListingId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_analytics\_hub\_listing\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigqueryanalyticshub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigqueryanalyticshub.NewListingIamMember(ctx, "member", &bigqueryanalyticshub.ListingIamMemberArgs{ +// Project: pulumi.Any(listing.Project), +// Location: pulumi.Any(listing.Location), +// DataExchangeId: pulumi.Any(listing.DataExchangeId), +// ListingId: pulumi.Any(listing.ListingId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -194,18 +308,6 @@ type ListingIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -262,18 +364,6 @@ type listingIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -292,18 +382,6 @@ type ListingIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -324,18 +402,6 @@ type listingIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -353,18 +419,6 @@ type ListingIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -484,18 +538,6 @@ func (o ListingIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ListingIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ListingIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigquerydatapolicy/dataPolicyIamBinding.go b/sdk/go/gcp/bigquerydatapolicy/dataPolicyIamBinding.go index fb0426080e..55d0384731 100644 --- a/sdk/go/gcp/bigquerydatapolicy/dataPolicyIamBinding.go +++ b/sdk/go/gcp/bigquerydatapolicy/dataPolicyIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, "policy", &bigquerydatapolicy.DataPolicyIamPolicyArgs{ +// Project: pulumi.Any(dataPolicy.Project), +// Location: pulumi.Any(dataPolicy.Location), +// DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, "binding", &bigquerydatapolicy.DataPolicyIamBindingArgs{ +// Project: pulumi.Any(dataPolicy.Project), +// Location: pulumi.Any(dataPolicy.Location), +// DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, "member", &bigquerydatapolicy.DataPolicyIamMemberArgs{ +// Project: pulumi.Any(dataPolicy.Project), +// Location: pulumi.Any(dataPolicy.Location), +// DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,13 +294,9 @@ type DataPolicyIamBinding struct { Etag pulumi.StringOutput `pulumi:"etag"` // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +306,9 @@ type DataPolicyIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -251,13 +361,9 @@ type dataPolicyIamBindingState struct { Etag *string `pulumi:"etag"` // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +373,9 @@ type dataPolicyIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -282,12 +391,8 @@ type DataPolicyIamBindingState struct { // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +402,9 @@ type DataPolicyIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -313,13 +421,9 @@ type dataPolicyIamBindingArgs struct { DataPolicyId string `pulumi:"dataPolicyId"` // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -329,6 +433,9 @@ type dataPolicyIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -343,12 +450,8 @@ type DataPolicyIamBindingArgs struct { // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -358,6 +461,9 @@ type DataPolicyIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -471,24 +577,23 @@ func (o DataPolicyIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *DataPolicyIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DataPolicyIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *DataPolicyIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DataPolicyIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DataPolicyIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigquerydatapolicy/dataPolicyIamMember.go b/sdk/go/gcp/bigquerydatapolicy/dataPolicyIamMember.go index 1516fa2e39..a089d5ddfc 100644 --- a/sdk/go/gcp/bigquerydatapolicy/dataPolicyIamMember.go +++ b/sdk/go/gcp/bigquerydatapolicy/dataPolicyIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, "policy", &bigquerydatapolicy.DataPolicyIamPolicyArgs{ +// Project: pulumi.Any(dataPolicy.Project), +// Location: pulumi.Any(dataPolicy.Location), +// DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, "binding", &bigquerydatapolicy.DataPolicyIamBindingArgs{ +// Project: pulumi.Any(dataPolicy.Project), +// Location: pulumi.Any(dataPolicy.Location), +// DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, "member", &bigquerydatapolicy.DataPolicyIamMemberArgs{ +// Project: pulumi.Any(dataPolicy.Project), +// Location: pulumi.Any(dataPolicy.Location), +// DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -184,12 +295,8 @@ type DataPolicyIamMember struct { // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +306,9 @@ type DataPolicyIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -252,12 +362,8 @@ type dataPolicyIamMemberState struct { // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +373,9 @@ type dataPolicyIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -282,12 +391,8 @@ type DataPolicyIamMemberState struct { // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +402,9 @@ type DataPolicyIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -314,12 +422,8 @@ type dataPolicyIamMemberArgs struct { // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -329,6 +433,9 @@ type dataPolicyIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -343,12 +450,8 @@ type DataPolicyIamMemberArgs struct { // The name of the location of the data policy. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -358,6 +461,9 @@ type DataPolicyIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -471,24 +577,23 @@ func (o DataPolicyIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *DataPolicyIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DataPolicyIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *DataPolicyIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DataPolicyIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DataPolicyIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigquerydatapolicy/dataPolicyIamPolicy.go b/sdk/go/gcp/bigquerydatapolicy/dataPolicyIamPolicy.go index ef01900584..40d9913865 100644 --- a/sdk/go/gcp/bigquerydatapolicy/dataPolicyIamPolicy.go +++ b/sdk/go/gcp/bigquerydatapolicy/dataPolicyIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigquerydatapolicy.NewDataPolicyIamPolicy(ctx, "policy", &bigquerydatapolicy.DataPolicyIamPolicyArgs{ +// Project: pulumi.Any(dataPolicy.Project), +// Location: pulumi.Any(dataPolicy.Location), +// DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquerydatapolicy.NewDataPolicyIamBinding(ctx, "binding", &bigquerydatapolicy.DataPolicyIamBindingArgs{ +// Project: pulumi.Any(dataPolicy.Project), +// Location: pulumi.Any(dataPolicy.Location), +// DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigquery\_datapolicy\_data\_policy\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigquerydatapolicy" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigquerydatapolicy.NewDataPolicyIamMember(ctx, "member", &bigquerydatapolicy.DataPolicyIamMemberArgs{ +// Project: pulumi.Any(dataPolicy.Project), +// Location: pulumi.Any(dataPolicy.Location), +// DataPolicyId: pulumi.Any(dataPolicy.DataPolicyId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -188,18 +299,6 @@ type DataPolicyIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -250,18 +349,6 @@ type dataPolicyIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -277,18 +364,6 @@ type DataPolicyIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -306,18 +381,6 @@ type dataPolicyIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -332,18 +395,6 @@ type DataPolicyIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -457,18 +508,6 @@ func (o DataPolicyIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DataPolicyIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DataPolicyIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigtable/instanceIamBinding.go b/sdk/go/gcp/bigtable/instanceIamBinding.go index 8153b7f408..91cfda15c6 100644 --- a/sdk/go/gcp/bigtable/instanceIamBinding.go +++ b/sdk/go/gcp/bigtable/instanceIamBinding.go @@ -128,6 +128,112 @@ import ( // ``` // // +// ## google\_bigtable\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigtable.user", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigtable.NewInstanceIamPolicy(ctx, "editor", &bigtable.InstanceIamPolicyArgs{ +// Project: pulumi.String("your-project"), +// Instance: pulumi.String("your-bigtable-instance"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigtable\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigtable.NewInstanceIamBinding(ctx, "editor", &bigtable.InstanceIamBindingArgs{ +// Instance: pulumi.String("your-bigtable-instance"), +// Role: pulumi.String("roles/bigtable.user"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigtable\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigtable.NewInstanceIamMember(ctx, "editor", &bigtable.InstanceIamMemberArgs{ +// Instance: pulumi.String("your-bigtable-instance"), +// Role: pulumi.String("roles/bigtable.user"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -162,17 +268,16 @@ type InstanceIamBinding struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringOutput `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringOutput `pulumi:"instance"` - Members pulumi.StringArrayOutput `pulumi:"members"` + Members pulumi.StringArrayOutput `pulumi:"members"` // The project in which the instance belongs. If it // is not provided, a default will be supplied. Project pulumi.StringOutput `pulumi:"project"` @@ -229,17 +334,16 @@ type instanceIamBindingState struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance *string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance *string `pulumi:"instance"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The project in which the instance belongs. If it // is not provided, a default will be supplied. Project *string `pulumi:"project"` @@ -258,17 +362,16 @@ type InstanceIamBindingState struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringPtrInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The project in which the instance belongs. If it // is not provided, a default will be supplied. Project pulumi.StringPtrInput @@ -289,17 +392,16 @@ type instanceIamBindingArgs struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance string `pulumi:"instance"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The project in which the instance belongs. If it // is not provided, a default will be supplied. Project *string `pulumi:"project"` @@ -317,17 +419,16 @@ type InstanceIamBindingArgs struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The project in which the instance belongs. If it // is not provided, a default will be supplied. Project pulumi.StringPtrInput @@ -438,19 +539,18 @@ func (o InstanceIamBindingOutput) Etag() pulumi.StringOutput { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o InstanceIamBindingOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIamBinding) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o InstanceIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *InstanceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/bigtable/instanceIamMember.go b/sdk/go/gcp/bigtable/instanceIamMember.go index b00d6b51ac..03655e4d51 100644 --- a/sdk/go/gcp/bigtable/instanceIamMember.go +++ b/sdk/go/gcp/bigtable/instanceIamMember.go @@ -128,6 +128,112 @@ import ( // ``` // // +// ## google\_bigtable\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigtable.user", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigtable.NewInstanceIamPolicy(ctx, "editor", &bigtable.InstanceIamPolicyArgs{ +// Project: pulumi.String("your-project"), +// Instance: pulumi.String("your-bigtable-instance"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigtable\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigtable.NewInstanceIamBinding(ctx, "editor", &bigtable.InstanceIamBindingArgs{ +// Instance: pulumi.String("your-bigtable-instance"), +// Role: pulumi.String("roles/bigtable.user"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigtable\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigtable.NewInstanceIamMember(ctx, "editor", &bigtable.InstanceIamMemberArgs{ +// Instance: pulumi.String("your-bigtable-instance"), +// Role: pulumi.String("roles/bigtable.user"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -162,17 +268,16 @@ type InstanceIamMember struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringOutput `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringOutput `pulumi:"instance"` - Member pulumi.StringOutput `pulumi:"member"` + Member pulumi.StringOutput `pulumi:"member"` // The project in which the instance belongs. If it // is not provided, a default will be supplied. Project pulumi.StringOutput `pulumi:"project"` @@ -229,17 +334,16 @@ type instanceIamMemberState struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance *string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance *string `pulumi:"instance"` - Member *string `pulumi:"member"` + Member *string `pulumi:"member"` // The project in which the instance belongs. If it // is not provided, a default will be supplied. Project *string `pulumi:"project"` @@ -258,17 +362,16 @@ type InstanceIamMemberState struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringPtrInput - Member pulumi.StringPtrInput + Member pulumi.StringPtrInput // The project in which the instance belongs. If it // is not provided, a default will be supplied. Project pulumi.StringPtrInput @@ -289,17 +392,16 @@ type instanceIamMemberArgs struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance string `pulumi:"instance"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The project in which the instance belongs. If it // is not provided, a default will be supplied. Project *string `pulumi:"project"` @@ -317,17 +419,16 @@ type InstanceIamMemberArgs struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringInput - Member pulumi.StringInput + Member pulumi.StringInput // The project in which the instance belongs. If it // is not provided, a default will be supplied. Project pulumi.StringPtrInput @@ -438,19 +539,18 @@ func (o InstanceIamMemberOutput) Etag() pulumi.StringOutput { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o InstanceIamMemberOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIamMember) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o InstanceIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigtable/instanceIamPolicy.go b/sdk/go/gcp/bigtable/instanceIamPolicy.go index 408c337194..1517f9a89b 100644 --- a/sdk/go/gcp/bigtable/instanceIamPolicy.go +++ b/sdk/go/gcp/bigtable/instanceIamPolicy.go @@ -128,6 +128,112 @@ import ( // ``` // // +// ## google\_bigtable\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigtable.user", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigtable.NewInstanceIamPolicy(ctx, "editor", &bigtable.InstanceIamPolicyArgs{ +// Project: pulumi.String("your-project"), +// Instance: pulumi.String("your-bigtable-instance"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigtable\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigtable.NewInstanceIamBinding(ctx, "editor", &bigtable.InstanceIamBindingArgs{ +// Instance: pulumi.String("your-bigtable-instance"), +// Role: pulumi.String("roles/bigtable.user"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigtable\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigtable.NewInstanceIamMember(ctx, "editor", &bigtable.InstanceIamMemberArgs{ +// Instance: pulumi.String("your-bigtable-instance"), +// Role: pulumi.String("roles/bigtable.user"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -161,15 +267,6 @@ type InstanceIamPolicy struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance pulumi.StringOutput `pulumi:"instance"` // The policy data generated by a `organizations.getIAMPolicy` data source. // @@ -221,15 +318,6 @@ type instanceIamPolicyState struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance *string `pulumi:"instance"` // The policy data generated by a `organizations.getIAMPolicy` data source. // @@ -246,15 +334,6 @@ type InstanceIamPolicyState struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance pulumi.StringPtrInput // The policy data generated by a `organizations.getIAMPolicy` data source. // @@ -273,15 +352,6 @@ type instanceIamPolicyArgs struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance string `pulumi:"instance"` // The policy data generated by a `organizations.getIAMPolicy` data source. // @@ -297,15 +367,6 @@ type InstanceIamPolicyArgs struct { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance pulumi.StringInput // The policy data generated by a `organizations.getIAMPolicy` data source. // @@ -411,15 +472,6 @@ func (o InstanceIamPolicyOutput) Etag() pulumi.StringOutput { // The name or relative resource id of the instance to manage IAM policies for. // // For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o InstanceIamPolicyOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIamPolicy) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigtable/tableIamBinding.go b/sdk/go/gcp/bigtable/tableIamBinding.go index a805e0c06c..562777ffc6 100644 --- a/sdk/go/gcp/bigtable/tableIamBinding.go +++ b/sdk/go/gcp/bigtable/tableIamBinding.go @@ -131,6 +131,115 @@ import ( // ``` // // +// ## google\_bigtable\_table\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigtable.user", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigtable.NewTableIamPolicy(ctx, "editor", &bigtable.TableIamPolicyArgs{ +// Project: pulumi.String("your-project"), +// Instance: pulumi.String("your-bigtable-instance"), +// Table: pulumi.String("your-bigtable-table"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigtable\_table\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigtable.NewTableIamBinding(ctx, "editor", &bigtable.TableIamBindingArgs{ +// Table: pulumi.String("your-bigtable-table"), +// Instance: pulumi.String("your-bigtable-instance"), +// Role: pulumi.String("roles/bigtable.user"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigtable\_table\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigtable.NewTableIamMember(ctx, "editor", &bigtable.TableIamMemberArgs{ +// Table: pulumi.String("your-bigtable-table"), +// Instance: pulumi.String("your-bigtable-instance"), +// Role: pulumi.String("roles/bigtable.user"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -163,8 +272,16 @@ type TableIamBinding struct { // (Computed) The etag of the tables's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name or relative resource id of the instance that owns the table. - Instance pulumi.StringOutput `pulumi:"instance"` - Members pulumi.StringArrayOutput `pulumi:"members"` + Instance pulumi.StringOutput `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members pulumi.StringArrayOutput `pulumi:"members"` // The project in which the table belongs. If it // is not provided, this provider will use the provider default. Project pulumi.StringOutput `pulumi:"project"` @@ -177,15 +294,6 @@ type TableIamBinding struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table pulumi.StringOutput `pulumi:"table"` } @@ -235,8 +343,16 @@ type tableIamBindingState struct { // (Computed) The etag of the tables's IAM policy. Etag *string `pulumi:"etag"` // The name or relative resource id of the instance that owns the table. - Instance *string `pulumi:"instance"` - Members []string `pulumi:"members"` + Instance *string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members []string `pulumi:"members"` // The project in which the table belongs. If it // is not provided, this provider will use the provider default. Project *string `pulumi:"project"` @@ -249,15 +365,6 @@ type tableIamBindingState struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table *string `pulumi:"table"` } @@ -267,7 +374,15 @@ type TableIamBindingState struct { Etag pulumi.StringPtrInput // The name or relative resource id of the instance that owns the table. Instance pulumi.StringPtrInput - Members pulumi.StringArrayInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members pulumi.StringArrayInput // The project in which the table belongs. If it // is not provided, this provider will use the provider default. Project pulumi.StringPtrInput @@ -280,15 +395,6 @@ type TableIamBindingState struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table pulumi.StringPtrInput } @@ -299,8 +405,16 @@ func (TableIamBindingState) ElementType() reflect.Type { type tableIamBindingArgs struct { Condition *TableIamBindingCondition `pulumi:"condition"` // The name or relative resource id of the instance that owns the table. - Instance string `pulumi:"instance"` - Members []string `pulumi:"members"` + Instance string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members []string `pulumi:"members"` // The project in which the table belongs. If it // is not provided, this provider will use the provider default. Project *string `pulumi:"project"` @@ -313,15 +427,6 @@ type tableIamBindingArgs struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table string `pulumi:"table"` } @@ -330,7 +435,15 @@ type TableIamBindingArgs struct { Condition TableIamBindingConditionPtrInput // The name or relative resource id of the instance that owns the table. Instance pulumi.StringInput - Members pulumi.StringArrayInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members pulumi.StringArrayInput // The project in which the table belongs. If it // is not provided, this provider will use the provider default. Project pulumi.StringPtrInput @@ -343,15 +456,6 @@ type TableIamBindingArgs struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table pulumi.StringInput } @@ -456,6 +560,14 @@ func (o TableIamBindingOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *TableIamBinding) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o TableIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *TableIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -478,15 +590,6 @@ func (o TableIamBindingOutput) Role() pulumi.StringOutput { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o TableIamBindingOutput) Table() pulumi.StringOutput { return o.ApplyT(func(v *TableIamBinding) pulumi.StringOutput { return v.Table }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigtable/tableIamMember.go b/sdk/go/gcp/bigtable/tableIamMember.go index 6fe48a35e3..f38b82d766 100644 --- a/sdk/go/gcp/bigtable/tableIamMember.go +++ b/sdk/go/gcp/bigtable/tableIamMember.go @@ -131,6 +131,115 @@ import ( // ``` // // +// ## google\_bigtable\_table\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigtable.user", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigtable.NewTableIamPolicy(ctx, "editor", &bigtable.TableIamPolicyArgs{ +// Project: pulumi.String("your-project"), +// Instance: pulumi.String("your-bigtable-instance"), +// Table: pulumi.String("your-bigtable-table"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigtable\_table\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigtable.NewTableIamBinding(ctx, "editor", &bigtable.TableIamBindingArgs{ +// Table: pulumi.String("your-bigtable-table"), +// Instance: pulumi.String("your-bigtable-instance"), +// Role: pulumi.String("roles/bigtable.user"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigtable\_table\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigtable.NewTableIamMember(ctx, "editor", &bigtable.TableIamMemberArgs{ +// Table: pulumi.String("your-bigtable-table"), +// Instance: pulumi.String("your-bigtable-instance"), +// Role: pulumi.String("roles/bigtable.user"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -164,7 +273,15 @@ type TableIamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // The name or relative resource id of the instance that owns the table. Instance pulumi.StringOutput `pulumi:"instance"` - Member pulumi.StringOutput `pulumi:"member"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member pulumi.StringOutput `pulumi:"member"` // The project in which the table belongs. If it // is not provided, this provider will use the provider default. Project pulumi.StringOutput `pulumi:"project"` @@ -177,15 +294,6 @@ type TableIamMember struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table pulumi.StringOutput `pulumi:"table"` } @@ -236,7 +344,15 @@ type tableIamMemberState struct { Etag *string `pulumi:"etag"` // The name or relative resource id of the instance that owns the table. Instance *string `pulumi:"instance"` - Member *string `pulumi:"member"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member *string `pulumi:"member"` // The project in which the table belongs. If it // is not provided, this provider will use the provider default. Project *string `pulumi:"project"` @@ -249,15 +365,6 @@ type tableIamMemberState struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table *string `pulumi:"table"` } @@ -267,7 +374,15 @@ type TableIamMemberState struct { Etag pulumi.StringPtrInput // The name or relative resource id of the instance that owns the table. Instance pulumi.StringPtrInput - Member pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member pulumi.StringPtrInput // The project in which the table belongs. If it // is not provided, this provider will use the provider default. Project pulumi.StringPtrInput @@ -280,15 +395,6 @@ type TableIamMemberState struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table pulumi.StringPtrInput } @@ -300,7 +406,15 @@ type tableIamMemberArgs struct { Condition *TableIamMemberCondition `pulumi:"condition"` // The name or relative resource id of the instance that owns the table. Instance string `pulumi:"instance"` - Member string `pulumi:"member"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member string `pulumi:"member"` // The project in which the table belongs. If it // is not provided, this provider will use the provider default. Project *string `pulumi:"project"` @@ -313,15 +427,6 @@ type tableIamMemberArgs struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table string `pulumi:"table"` } @@ -330,7 +435,15 @@ type TableIamMemberArgs struct { Condition TableIamMemberConditionPtrInput // The name or relative resource id of the instance that owns the table. Instance pulumi.StringInput - Member pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member pulumi.StringInput // The project in which the table belongs. If it // is not provided, this provider will use the provider default. Project pulumi.StringPtrInput @@ -343,15 +456,6 @@ type TableIamMemberArgs struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table pulumi.StringInput } @@ -456,6 +560,14 @@ func (o TableIamMemberOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *TableIamMember) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o TableIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *TableIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -478,15 +590,6 @@ func (o TableIamMemberOutput) Role() pulumi.StringOutput { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o TableIamMemberOutput) Table() pulumi.StringOutput { return o.ApplyT(func(v *TableIamMember) pulumi.StringOutput { return v.Table }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/bigtable/tableIamPolicy.go b/sdk/go/gcp/bigtable/tableIamPolicy.go index 7ff69a1b9e..a1576d7779 100644 --- a/sdk/go/gcp/bigtable/tableIamPolicy.go +++ b/sdk/go/gcp/bigtable/tableIamPolicy.go @@ -131,6 +131,115 @@ import ( // ``` // // +// ## google\_bigtable\_table\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/bigtable.user", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = bigtable.NewTableIamPolicy(ctx, "editor", &bigtable.TableIamPolicyArgs{ +// Project: pulumi.String("your-project"), +// Instance: pulumi.String("your-bigtable-instance"), +// Table: pulumi.String("your-bigtable-table"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigtable\_table\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigtable.NewTableIamBinding(ctx, "editor", &bigtable.TableIamBindingArgs{ +// Table: pulumi.String("your-bigtable-table"), +// Instance: pulumi.String("your-bigtable-instance"), +// Role: pulumi.String("roles/bigtable.user"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_bigtable\_table\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/bigtable" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := bigtable.NewTableIamMember(ctx, "editor", &bigtable.TableIamMemberArgs{ +// Table: pulumi.String("your-bigtable-table"), +// Instance: pulumi.String("your-bigtable-instance"), +// Role: pulumi.String("roles/bigtable.user"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -173,15 +282,6 @@ type TableIamPolicy struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table pulumi.StringOutput `pulumi:"table"` } @@ -238,15 +338,6 @@ type tableIamPolicyState struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table *string `pulumi:"table"` } @@ -265,15 +356,6 @@ type TableIamPolicyState struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table pulumi.StringPtrInput } @@ -294,15 +376,6 @@ type tableIamPolicyArgs struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table string `pulumi:"table"` } @@ -320,15 +393,6 @@ type TableIamPolicyArgs struct { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Table pulumi.StringInput } @@ -445,15 +509,6 @@ func (o TableIamPolicyOutput) Project() pulumi.StringOutput { // The name or relative resource id of the table to manage IAM policies for. // // For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o TableIamPolicyOutput) Table() pulumi.StringOutput { return o.ApplyT(func(v *TableIamPolicy) pulumi.StringOutput { return v.Table }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/billing/accountIamBinding.go b/sdk/go/gcp/billing/accountIamBinding.go index 0af216bc81..ffb5f8abb8 100644 --- a/sdk/go/gcp/billing/accountIamBinding.go +++ b/sdk/go/gcp/billing/accountIamBinding.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_billing\_account\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/billing.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = billing.NewAccountIamPolicy(ctx, "editor", &billing.AccountIamPolicyArgs{ +// BillingAccountId: pulumi.String("00AA00-000AAA-00AA0A"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_billing\_account\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := billing.NewAccountIamBinding(ctx, "editor", &billing.AccountIamBindingArgs{ +// BillingAccountId: pulumi.String("00AA00-000AAA-00AA0A"), +// Role: pulumi.String("roles/billing.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_billing\_account\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := billing.NewAccountIamMember(ctx, "editor", &billing.AccountIamMemberArgs{ +// BillingAccountId: pulumi.String("00AA00-000AAA-00AA0A"), +// Role: pulumi.String("roles/billing.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -158,17 +263,16 @@ type AccountIamBinding struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + BillingAccountId pulumi.StringOutput `pulumi:"billingAccountId"` + Condition AccountIamBindingConditionPtrOutput `pulumi:"condition"` + // (Computed) The etag of the billing account's IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - BillingAccountId pulumi.StringOutput `pulumi:"billingAccountId"` - Condition AccountIamBindingConditionPtrOutput `pulumi:"condition"` - // (Computed) The etag of the billing account's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format @@ -220,17 +324,16 @@ type accountIamBindingState struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + BillingAccountId *string `pulumi:"billingAccountId"` + Condition *AccountIamBindingCondition `pulumi:"condition"` + // (Computed) The etag of the billing account's IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - BillingAccountId *string `pulumi:"billingAccountId"` - Condition *AccountIamBindingCondition `pulumi:"condition"` - // (Computed) The etag of the billing account's IAM policy. - Etag *string `pulumi:"etag"` Members []string `pulumi:"members"` // The role that should be applied. Only one // `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format @@ -244,17 +347,16 @@ type AccountIamBindingState struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + BillingAccountId pulumi.StringPtrInput + Condition AccountIamBindingConditionPtrInput + // (Computed) The etag of the billing account's IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - BillingAccountId pulumi.StringPtrInput - Condition AccountIamBindingConditionPtrInput - // (Computed) The etag of the billing account's IAM policy. - Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The role that should be applied. Only one // `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format @@ -272,16 +374,15 @@ type accountIamBindingArgs struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + BillingAccountId string `pulumi:"billingAccountId"` + Condition *AccountIamBindingCondition `pulumi:"condition"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - BillingAccountId string `pulumi:"billingAccountId"` - Condition *AccountIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Only one // `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles). @@ -295,16 +396,15 @@ type AccountIamBindingArgs struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + BillingAccountId pulumi.StringInput + Condition AccountIamBindingConditionPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - BillingAccountId pulumi.StringInput - Condition AccountIamBindingConditionPtrInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Only one // `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles). @@ -403,13 +503,6 @@ func (o AccountIamBindingOutput) ToAccountIamBindingOutputWithContext(ctx contex // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o AccountIamBindingOutput) BillingAccountId() pulumi.StringOutput { return o.ApplyT(func(v *AccountIamBinding) pulumi.StringOutput { return v.BillingAccountId }).(pulumi.StringOutput) } @@ -423,6 +516,12 @@ func (o AccountIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *AccountIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o AccountIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *AccountIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/billing/accountIamMember.go b/sdk/go/gcp/billing/accountIamMember.go index 8e2fc3141c..e06c2004ef 100644 --- a/sdk/go/gcp/billing/accountIamMember.go +++ b/sdk/go/gcp/billing/accountIamMember.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_billing\_account\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/billing.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = billing.NewAccountIamPolicy(ctx, "editor", &billing.AccountIamPolicyArgs{ +// BillingAccountId: pulumi.String("00AA00-000AAA-00AA0A"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_billing\_account\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := billing.NewAccountIamBinding(ctx, "editor", &billing.AccountIamBindingArgs{ +// BillingAccountId: pulumi.String("00AA00-000AAA-00AA0A"), +// Role: pulumi.String("roles/billing.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_billing\_account\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := billing.NewAccountIamMember(ctx, "editor", &billing.AccountIamMemberArgs{ +// BillingAccountId: pulumi.String("00AA00-000AAA-00AA0A"), +// Role: pulumi.String("roles/billing.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -158,17 +263,16 @@ type AccountIamMember struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + BillingAccountId pulumi.StringOutput `pulumi:"billingAccountId"` + Condition AccountIamMemberConditionPtrOutput `pulumi:"condition"` + // (Computed) The etag of the billing account's IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - BillingAccountId pulumi.StringOutput `pulumi:"billingAccountId"` - Condition AccountIamMemberConditionPtrOutput `pulumi:"condition"` - // (Computed) The etag of the billing account's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format @@ -220,17 +324,16 @@ type accountIamMemberState struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + BillingAccountId *string `pulumi:"billingAccountId"` + Condition *AccountIamMemberCondition `pulumi:"condition"` + // (Computed) The etag of the billing account's IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - BillingAccountId *string `pulumi:"billingAccountId"` - Condition *AccountIamMemberCondition `pulumi:"condition"` - // (Computed) The etag of the billing account's IAM policy. - Etag *string `pulumi:"etag"` Member *string `pulumi:"member"` // The role that should be applied. Only one // `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format @@ -244,17 +347,16 @@ type AccountIamMemberState struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + BillingAccountId pulumi.StringPtrInput + Condition AccountIamMemberConditionPtrInput + // (Computed) The etag of the billing account's IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - BillingAccountId pulumi.StringPtrInput - Condition AccountIamMemberConditionPtrInput - // (Computed) The etag of the billing account's IAM policy. - Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The role that should be applied. Only one // `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format @@ -272,16 +374,15 @@ type accountIamMemberArgs struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + BillingAccountId string `pulumi:"billingAccountId"` + Condition *AccountIamMemberCondition `pulumi:"condition"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - BillingAccountId string `pulumi:"billingAccountId"` - Condition *AccountIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The role that should be applied. Only one // `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles). @@ -295,16 +396,15 @@ type AccountIamMemberArgs struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + BillingAccountId pulumi.StringInput + Condition AccountIamMemberConditionPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - BillingAccountId pulumi.StringInput - Condition AccountIamMemberConditionPtrInput - Member pulumi.StringInput + Member pulumi.StringInput // The role that should be applied. Only one // `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles). @@ -403,13 +503,6 @@ func (o AccountIamMemberOutput) ToAccountIamMemberOutputWithContext(ctx context. // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o AccountIamMemberOutput) BillingAccountId() pulumi.StringOutput { return o.ApplyT(func(v *AccountIamMember) pulumi.StringOutput { return v.BillingAccountId }).(pulumi.StringOutput) } @@ -423,6 +516,12 @@ func (o AccountIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *AccountIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o AccountIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *AccountIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/billing/accountIamPolicy.go b/sdk/go/gcp/billing/accountIamPolicy.go index 4c9b10a8d4..a8ffd06c38 100644 --- a/sdk/go/gcp/billing/accountIamPolicy.go +++ b/sdk/go/gcp/billing/accountIamPolicy.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_billing\_account\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/billing.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = billing.NewAccountIamPolicy(ctx, "editor", &billing.AccountIamPolicyArgs{ +// BillingAccountId: pulumi.String("00AA00-000AAA-00AA0A"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_billing\_account\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := billing.NewAccountIamBinding(ctx, "editor", &billing.AccountIamBindingArgs{ +// BillingAccountId: pulumi.String("00AA00-000AAA-00AA0A"), +// Role: pulumi.String("roles/billing.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_billing\_account\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/billing" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := billing.NewAccountIamMember(ctx, "editor", &billing.AccountIamMemberArgs{ +// BillingAccountId: pulumi.String("00AA00-000AAA-00AA0A"), +// Role: pulumi.String("roles/billing.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -158,13 +263,6 @@ type AccountIamPolicy struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. BillingAccountId pulumi.StringOutput `pulumi:"billingAccountId"` // (Computed) The etag of the billing account's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` @@ -213,13 +311,6 @@ type accountIamPolicyState struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. BillingAccountId *string `pulumi:"billingAccountId"` // (Computed) The etag of the billing account's IAM policy. Etag *string `pulumi:"etag"` @@ -233,13 +324,6 @@ type AccountIamPolicyState struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. BillingAccountId pulumi.StringPtrInput // (Computed) The etag of the billing account's IAM policy. Etag pulumi.StringPtrInput @@ -257,13 +341,6 @@ type accountIamPolicyArgs struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. BillingAccountId string `pulumi:"billingAccountId"` // The policy data generated by a `organizations.getIAMPolicy` data source. // @@ -276,13 +353,6 @@ type AccountIamPolicyArgs struct { // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. BillingAccountId pulumi.StringInput // The policy data generated by a `organizations.getIAMPolicy` data source. // @@ -380,13 +450,6 @@ func (o AccountIamPolicyOutput) ToAccountIamPolicyOutputWithContext(ctx context. // The billing account id. // // For `billing.AccountIamMember` or `billing.AccountIamBinding`: -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o AccountIamPolicyOutput) BillingAccountId() pulumi.StringOutput { return o.ApplyT(func(v *AccountIamPolicy) pulumi.StringOutput { return v.BillingAccountId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/binaryauthorization/attestorIamBinding.go b/sdk/go/gcp/binaryauthorization/attestorIamBinding.go index b205c0ceb7..d958d2b144 100644 --- a/sdk/go/gcp/binaryauthorization/attestorIamBinding.go +++ b/sdk/go/gcp/binaryauthorization/attestorIamBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_binary\_authorization\_attestor\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = binaryauthorization.NewAttestorIamPolicy(ctx, "policy", &binaryauthorization.AttestorIamPolicyArgs{ +// Project: pulumi.Any(attestor.Project), +// Attestor: pulumi.Any(attestor.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_binary\_authorization\_attestor\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := binaryauthorization.NewAttestorIamBinding(ctx, "binding", &binaryauthorization.AttestorIamBindingArgs{ +// Project: pulumi.Any(attestor.Project), +// Attestor: pulumi.Any(attestor.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_binary\_authorization\_attestor\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := binaryauthorization.NewAttestorIamMember(ctx, "member", &binaryauthorization.AttestorIamMemberArgs{ +// Project: pulumi.Any(attestor.Project), +// Attestor: pulumi.Any(attestor.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -176,13 +284,9 @@ type AttestorIamBinding struct { Attestor pulumi.StringOutput `pulumi:"attestor"` Condition AttestorIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,6 +296,9 @@ type AttestorIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format @@ -242,13 +349,9 @@ type attestorIamBindingState struct { Attestor *string `pulumi:"attestor"` Condition *AttestorIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,6 +361,9 @@ type attestorIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format @@ -270,13 +376,9 @@ type AttestorIamBindingState struct { Attestor pulumi.StringPtrInput Condition AttestorIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -286,6 +388,9 @@ type AttestorIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format @@ -301,12 +406,8 @@ type attestorIamBindingArgs struct { // Used to find the parent resource to bind the IAM policy to Attestor string `pulumi:"attestor"` Condition *AttestorIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -316,6 +417,9 @@ type attestorIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format @@ -328,12 +432,8 @@ type AttestorIamBindingArgs struct { // Used to find the parent resource to bind the IAM policy to Attestor pulumi.StringInput Condition AttestorIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -343,6 +443,9 @@ type AttestorIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format @@ -451,24 +554,23 @@ func (o AttestorIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *AttestorIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AttestorIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *AttestorIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AttestorIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AttestorIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/binaryauthorization/attestorIamMember.go b/sdk/go/gcp/binaryauthorization/attestorIamMember.go index a499c093e0..b8efb24c96 100644 --- a/sdk/go/gcp/binaryauthorization/attestorIamMember.go +++ b/sdk/go/gcp/binaryauthorization/attestorIamMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_binary\_authorization\_attestor\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = binaryauthorization.NewAttestorIamPolicy(ctx, "policy", &binaryauthorization.AttestorIamPolicyArgs{ +// Project: pulumi.Any(attestor.Project), +// Attestor: pulumi.Any(attestor.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_binary\_authorization\_attestor\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := binaryauthorization.NewAttestorIamBinding(ctx, "binding", &binaryauthorization.AttestorIamBindingArgs{ +// Project: pulumi.Any(attestor.Project), +// Attestor: pulumi.Any(attestor.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_binary\_authorization\_attestor\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := binaryauthorization.NewAttestorIamMember(ctx, "member", &binaryauthorization.AttestorIamMemberArgs{ +// Project: pulumi.Any(attestor.Project), +// Attestor: pulumi.Any(attestor.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -176,13 +284,9 @@ type AttestorIamMember struct { Attestor pulumi.StringOutput `pulumi:"attestor"` Condition AttestorIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,6 +296,9 @@ type AttestorIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format @@ -242,13 +349,9 @@ type attestorIamMemberState struct { Attestor *string `pulumi:"attestor"` Condition *AttestorIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,6 +361,9 @@ type attestorIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format @@ -270,13 +376,9 @@ type AttestorIamMemberState struct { Attestor pulumi.StringPtrInput Condition AttestorIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -286,6 +388,9 @@ type AttestorIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format @@ -301,12 +406,8 @@ type attestorIamMemberArgs struct { // Used to find the parent resource to bind the IAM policy to Attestor string `pulumi:"attestor"` Condition *AttestorIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -316,6 +417,9 @@ type attestorIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format @@ -328,12 +432,8 @@ type AttestorIamMemberArgs struct { // Used to find the parent resource to bind the IAM policy to Attestor pulumi.StringInput Condition AttestorIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -343,6 +443,9 @@ type AttestorIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format @@ -451,24 +554,23 @@ func (o AttestorIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *AttestorIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AttestorIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *AttestorIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AttestorIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AttestorIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/binaryauthorization/attestorIamPolicy.go b/sdk/go/gcp/binaryauthorization/attestorIamPolicy.go index 103f3dfb7e..66e4a5a3a2 100644 --- a/sdk/go/gcp/binaryauthorization/attestorIamPolicy.go +++ b/sdk/go/gcp/binaryauthorization/attestorIamPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_binary\_authorization\_attestor\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = binaryauthorization.NewAttestorIamPolicy(ctx, "policy", &binaryauthorization.AttestorIamPolicyArgs{ +// Project: pulumi.Any(attestor.Project), +// Attestor: pulumi.Any(attestor.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_binary\_authorization\_attestor\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := binaryauthorization.NewAttestorIamBinding(ctx, "binding", &binaryauthorization.AttestorIamBindingArgs{ +// Project: pulumi.Any(attestor.Project), +// Attestor: pulumi.Any(attestor.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_binary\_authorization\_attestor\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := binaryauthorization.NewAttestorIamMember(ctx, "member", &binaryauthorization.AttestorIamMemberArgs{ +// Project: pulumi.Any(attestor.Project), +// Attestor: pulumi.Any(attestor.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,18 +289,6 @@ type AttestorIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -241,18 +337,6 @@ type attestorIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -266,18 +350,6 @@ type AttestorIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -293,18 +365,6 @@ type attestorIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -317,18 +377,6 @@ type AttestorIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -437,18 +485,6 @@ func (o AttestorIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AttestorIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AttestorIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/certificateauthority/caPoolIamBinding.go b/sdk/go/gcp/certificateauthority/caPoolIamBinding.go index aaac8ad208..4f0942e939 100644 --- a/sdk/go/gcp/certificateauthority/caPoolIamBinding.go +++ b/sdk/go/gcp/certificateauthority/caPoolIamBinding.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_privateca\_ca\_pool\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/privateca.certificateManager", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = certificateauthority.NewCaPoolIamPolicy(ctx, "policy", &certificateauthority.CaPoolIamPolicyArgs{ +// CaPool: pulumi.Any(_default.Id), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/privateca.certificateManager", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = certificateauthority.NewCaPoolIamPolicy(ctx, "policy", &certificateauthority.CaPoolIamPolicyArgs{ +// CaPool: pulumi.Any(_default.Id), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_privateca\_ca\_pool\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCaPoolIamBinding(ctx, "binding", &certificateauthority.CaPoolIamBindingArgs{ +// CaPool: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.certificateManager"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCaPoolIamBinding(ctx, "binding", &certificateauthority.CaPoolIamBindingArgs{ +// CaPool: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.certificateManager"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &certificateauthority.CaPoolIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_privateca\_ca\_pool\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCaPoolIamMember(ctx, "member", &certificateauthority.CaPoolIamMemberArgs{ +// CaPool: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.certificateManager"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCaPoolIamMember(ctx, "member", &certificateauthority.CaPoolIamMemberArgs{ +// CaPool: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.certificateManager"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &certificateauthority.CaPoolIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -299,13 +522,9 @@ type CaPoolIamBinding struct { // Location of the CaPool. A full list of valid locations can be found by // running `gcloud privateca locations list`. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -315,6 +534,9 @@ type CaPoolIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format @@ -371,13 +593,9 @@ type caPoolIamBindingState struct { // Location of the CaPool. A full list of valid locations can be found by // running `gcloud privateca locations list`. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -387,6 +605,9 @@ type caPoolIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format @@ -406,12 +627,8 @@ type CaPoolIamBindingState struct { // running `gcloud privateca locations list`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -421,6 +638,9 @@ type CaPoolIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format @@ -441,13 +661,9 @@ type caPoolIamBindingArgs struct { // Location of the CaPool. A full list of valid locations can be found by // running `gcloud privateca locations list`. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -457,6 +673,9 @@ type caPoolIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format @@ -475,12 +694,8 @@ type CaPoolIamBindingArgs struct { // running `gcloud privateca locations list`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -490,6 +705,9 @@ type CaPoolIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format @@ -607,24 +825,23 @@ func (o CaPoolIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *CaPoolIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o CaPoolIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *CaPoolIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o CaPoolIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *CaPoolIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/certificateauthority/caPoolIamMember.go b/sdk/go/gcp/certificateauthority/caPoolIamMember.go index 53e9c9b0e9..34da8d4092 100644 --- a/sdk/go/gcp/certificateauthority/caPoolIamMember.go +++ b/sdk/go/gcp/certificateauthority/caPoolIamMember.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_privateca\_ca\_pool\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/privateca.certificateManager", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = certificateauthority.NewCaPoolIamPolicy(ctx, "policy", &certificateauthority.CaPoolIamPolicyArgs{ +// CaPool: pulumi.Any(_default.Id), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/privateca.certificateManager", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = certificateauthority.NewCaPoolIamPolicy(ctx, "policy", &certificateauthority.CaPoolIamPolicyArgs{ +// CaPool: pulumi.Any(_default.Id), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_privateca\_ca\_pool\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCaPoolIamBinding(ctx, "binding", &certificateauthority.CaPoolIamBindingArgs{ +// CaPool: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.certificateManager"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCaPoolIamBinding(ctx, "binding", &certificateauthority.CaPoolIamBindingArgs{ +// CaPool: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.certificateManager"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &certificateauthority.CaPoolIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_privateca\_ca\_pool\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCaPoolIamMember(ctx, "member", &certificateauthority.CaPoolIamMemberArgs{ +// CaPool: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.certificateManager"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCaPoolIamMember(ctx, "member", &certificateauthority.CaPoolIamMemberArgs{ +// CaPool: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.certificateManager"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &certificateauthority.CaPoolIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -300,12 +523,8 @@ type CaPoolIamMember struct { // running `gcloud privateca locations list`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -315,6 +534,9 @@ type CaPoolIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format @@ -372,12 +594,8 @@ type caPoolIamMemberState struct { // running `gcloud privateca locations list`. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -387,6 +605,9 @@ type caPoolIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format @@ -406,12 +627,8 @@ type CaPoolIamMemberState struct { // running `gcloud privateca locations list`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -421,6 +638,9 @@ type CaPoolIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format @@ -442,12 +662,8 @@ type caPoolIamMemberArgs struct { // running `gcloud privateca locations list`. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -457,6 +673,9 @@ type caPoolIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format @@ -475,12 +694,8 @@ type CaPoolIamMemberArgs struct { // running `gcloud privateca locations list`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -490,6 +705,9 @@ type CaPoolIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format @@ -607,24 +825,23 @@ func (o CaPoolIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *CaPoolIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o CaPoolIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *CaPoolIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o CaPoolIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *CaPoolIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/certificateauthority/caPoolIamPolicy.go b/sdk/go/gcp/certificateauthority/caPoolIamPolicy.go index a65cf6379f..76c1428792 100644 --- a/sdk/go/gcp/certificateauthority/caPoolIamPolicy.go +++ b/sdk/go/gcp/certificateauthority/caPoolIamPolicy.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_privateca\_ca\_pool\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/privateca.certificateManager", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = certificateauthority.NewCaPoolIamPolicy(ctx, "policy", &certificateauthority.CaPoolIamPolicyArgs{ +// CaPool: pulumi.Any(_default.Id), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/privateca.certificateManager", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = certificateauthority.NewCaPoolIamPolicy(ctx, "policy", &certificateauthority.CaPoolIamPolicyArgs{ +// CaPool: pulumi.Any(_default.Id), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_privateca\_ca\_pool\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCaPoolIamBinding(ctx, "binding", &certificateauthority.CaPoolIamBindingArgs{ +// CaPool: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.certificateManager"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCaPoolIamBinding(ctx, "binding", &certificateauthority.CaPoolIamBindingArgs{ +// CaPool: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.certificateManager"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &certificateauthority.CaPoolIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_privateca\_ca\_pool\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCaPoolIamMember(ctx, "member", &certificateauthority.CaPoolIamMemberArgs{ +// CaPool: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.certificateManager"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCaPoolIamMember(ctx, "member", &certificateauthority.CaPoolIamMemberArgs{ +// CaPool: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.certificateManager"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &certificateauthority.CaPoolIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -302,18 +525,6 @@ type CaPoolIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -366,18 +577,6 @@ type caPoolIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -395,18 +594,6 @@ type CaPoolIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -426,18 +613,6 @@ type caPoolIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -454,18 +629,6 @@ type CaPoolIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -581,18 +744,6 @@ func (o CaPoolIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o CaPoolIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *CaPoolIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/certificateauthority/certificateTemplateIamBinding.go b/sdk/go/gcp/certificateauthority/certificateTemplateIamBinding.go index f4b1a8e204..41e1a1e23b 100644 --- a/sdk/go/gcp/certificateauthority/certificateTemplateIamBinding.go +++ b/sdk/go/gcp/certificateauthority/certificateTemplateIamBinding.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_privateca\_certificate\_template\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/privateca.templateUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, "policy", &certificateauthority.CertificateTemplateIamPolicyArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/privateca.templateUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, "policy", &certificateauthority.CertificateTemplateIamPolicyArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_privateca\_certificate\_template\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, "binding", &certificateauthority.CertificateTemplateIamBindingArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.templateUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, "binding", &certificateauthority.CertificateTemplateIamBindingArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.templateUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &certificateauthority.CertificateTemplateIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_privateca\_certificate\_template\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCertificateTemplateIamMember(ctx, "member", &certificateauthority.CertificateTemplateIamMemberArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.templateUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCertificateTemplateIamMember(ctx, "member", &certificateauthority.CertificateTemplateIamMemberArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.templateUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &certificateauthority.CertificateTemplateIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -295,14 +518,10 @@ type CertificateTemplateIamBinding struct { // Structure is documented below. Condition CertificateTemplateIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -312,6 +531,9 @@ type CertificateTemplateIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format @@ -364,14 +586,10 @@ type certificateTemplateIamBindingState struct { // Structure is documented below. Condition *CertificateTemplateIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -381,6 +599,9 @@ type certificateTemplateIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format @@ -397,12 +618,8 @@ type CertificateTemplateIamBindingState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -412,6 +629,9 @@ type CertificateTemplateIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format @@ -430,12 +650,8 @@ type certificateTemplateIamBindingArgs struct { // Structure is documented below. Condition *CertificateTemplateIamBindingCondition `pulumi:"condition"` Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -445,6 +661,9 @@ type certificateTemplateIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format @@ -460,12 +679,8 @@ type CertificateTemplateIamBindingArgs struct { // Structure is documented below. Condition CertificateTemplateIamBindingConditionPtrInput Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -475,6 +690,9 @@ type CertificateTemplateIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format @@ -591,24 +809,23 @@ func (o CertificateTemplateIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *CertificateTemplateIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o CertificateTemplateIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *CertificateTemplateIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o CertificateTemplateIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *CertificateTemplateIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/certificateauthority/certificateTemplateIamMember.go b/sdk/go/gcp/certificateauthority/certificateTemplateIamMember.go index 133db6531b..cfa2033c7a 100644 --- a/sdk/go/gcp/certificateauthority/certificateTemplateIamMember.go +++ b/sdk/go/gcp/certificateauthority/certificateTemplateIamMember.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_privateca\_certificate\_template\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/privateca.templateUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, "policy", &certificateauthority.CertificateTemplateIamPolicyArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/privateca.templateUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, "policy", &certificateauthority.CertificateTemplateIamPolicyArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_privateca\_certificate\_template\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, "binding", &certificateauthority.CertificateTemplateIamBindingArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.templateUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, "binding", &certificateauthority.CertificateTemplateIamBindingArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.templateUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &certificateauthority.CertificateTemplateIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_privateca\_certificate\_template\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCertificateTemplateIamMember(ctx, "member", &certificateauthority.CertificateTemplateIamMemberArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.templateUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCertificateTemplateIamMember(ctx, "member", &certificateauthority.CertificateTemplateIamMemberArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.templateUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &certificateauthority.CertificateTemplateIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -297,12 +520,8 @@ type CertificateTemplateIamMember struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -312,6 +531,9 @@ type CertificateTemplateIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format @@ -366,12 +588,8 @@ type certificateTemplateIamMemberState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -381,6 +599,9 @@ type certificateTemplateIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format @@ -397,12 +618,8 @@ type CertificateTemplateIamMemberState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -412,6 +629,9 @@ type CertificateTemplateIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format @@ -430,12 +650,8 @@ type certificateTemplateIamMemberArgs struct { // Structure is documented below. Condition *CertificateTemplateIamMemberCondition `pulumi:"condition"` Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -445,6 +661,9 @@ type certificateTemplateIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format @@ -460,12 +679,8 @@ type CertificateTemplateIamMemberArgs struct { // Structure is documented below. Condition CertificateTemplateIamMemberConditionPtrInput Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -475,6 +690,9 @@ type CertificateTemplateIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format @@ -591,24 +809,23 @@ func (o CertificateTemplateIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *CertificateTemplateIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o CertificateTemplateIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *CertificateTemplateIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o CertificateTemplateIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *CertificateTemplateIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/certificateauthority/certificateTemplateIamPolicy.go b/sdk/go/gcp/certificateauthority/certificateTemplateIamPolicy.go index ed8c9ec64b..07799075da 100644 --- a/sdk/go/gcp/certificateauthority/certificateTemplateIamPolicy.go +++ b/sdk/go/gcp/certificateauthority/certificateTemplateIamPolicy.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_privateca\_certificate\_template\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/privateca.templateUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, "policy", &certificateauthority.CertificateTemplateIamPolicyArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/privateca.templateUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = certificateauthority.NewCertificateTemplateIamPolicy(ctx, "policy", &certificateauthority.CertificateTemplateIamPolicyArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_privateca\_certificate\_template\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, "binding", &certificateauthority.CertificateTemplateIamBindingArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.templateUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCertificateTemplateIamBinding(ctx, "binding", &certificateauthority.CertificateTemplateIamBindingArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.templateUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &certificateauthority.CertificateTemplateIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_privateca\_certificate\_template\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCertificateTemplateIamMember(ctx, "member", &certificateauthority.CertificateTemplateIamMemberArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.templateUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/certificateauthority" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := certificateauthority.NewCertificateTemplateIamMember(ctx, "member", &certificateauthority.CertificateTemplateIamMemberArgs{ +// CertificateTemplate: pulumi.Any(_default.Id), +// Role: pulumi.String("roles/privateca.templateUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &certificateauthority.CertificateTemplateIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -299,18 +522,6 @@ type CertificateTemplateIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -360,18 +571,6 @@ type certificateTemplateIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -386,18 +585,6 @@ type CertificateTemplateIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -414,18 +601,6 @@ type certificateTemplateIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -439,18 +614,6 @@ type CertificateTemplateIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -563,18 +726,6 @@ func (o CertificateTemplateIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o CertificateTemplateIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *CertificateTemplateIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudbuildv2/connectionIAMBinding.go b/sdk/go/gcp/cloudbuildv2/connectionIAMBinding.go index 35344cca19..6b3e785574 100644 --- a/sdk/go/gcp/cloudbuildv2/connectionIAMBinding.go +++ b/sdk/go/gcp/cloudbuildv2/connectionIAMBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloudbuildv2\_connection\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/cloudbuild.connectionViewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, "policy", &cloudbuildv2.ConnectionIAMPolicyArgs{ +// Project: pulumi.Any(my_connection.Project), +// Location: pulumi.Any(my_connection.Location), +// Name: pulumi.Any(my_connection.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudbuildv2\_connection\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudbuildv2.NewConnectionIAMBinding(ctx, "binding", &cloudbuildv2.ConnectionIAMBindingArgs{ +// Project: pulumi.Any(my_connection.Project), +// Location: pulumi.Any(my_connection.Location), +// Name: pulumi.Any(my_connection.Name), +// Role: pulumi.String("roles/cloudbuild.connectionViewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudbuildv2\_connection\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudbuildv2.NewConnectionIAMMember(ctx, "member", &cloudbuildv2.ConnectionIAMMemberArgs{ +// Project: pulumi.Any(my_connection.Project), +// Location: pulumi.Any(my_connection.Location), +// Name: pulumi.Any(my_connection.Name), +// Role: pulumi.String("roles/cloudbuild.connectionViewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,15 +292,9 @@ type ConnectionIAMBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The location for the resource Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +304,11 @@ type ConnectionIAMBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format @@ -246,15 +356,9 @@ type connectionIAMBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // The location for the resource Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +368,11 @@ type connectionIAMBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format @@ -277,14 +386,8 @@ type ConnectionIAMBindingState struct { Etag pulumi.StringPtrInput // The location for the resource Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +397,11 @@ type ConnectionIAMBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format @@ -308,15 +416,9 @@ func (ConnectionIAMBindingState) ElementType() reflect.Type { type connectionIAMBindingArgs struct { Condition *ConnectionIAMBindingCondition `pulumi:"condition"` // The location for the resource Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +428,11 @@ type connectionIAMBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format @@ -338,14 +445,8 @@ type ConnectionIAMBindingArgs struct { Condition ConnectionIAMBindingConditionPtrInput // The location for the resource Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -355,6 +456,11 @@ type ConnectionIAMBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format @@ -463,6 +569,17 @@ func (o ConnectionIAMBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *ConnectionIAMBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConnectionIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ConnectionIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -474,18 +591,6 @@ func (o ConnectionIAMBindingOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConnectionIAMBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ConnectionIAMBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudbuildv2/connectionIAMMember.go b/sdk/go/gcp/cloudbuildv2/connectionIAMMember.go index f46cab6cff..0b3f4cc90e 100644 --- a/sdk/go/gcp/cloudbuildv2/connectionIAMMember.go +++ b/sdk/go/gcp/cloudbuildv2/connectionIAMMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloudbuildv2\_connection\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/cloudbuild.connectionViewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, "policy", &cloudbuildv2.ConnectionIAMPolicyArgs{ +// Project: pulumi.Any(my_connection.Project), +// Location: pulumi.Any(my_connection.Location), +// Name: pulumi.Any(my_connection.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudbuildv2\_connection\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudbuildv2.NewConnectionIAMBinding(ctx, "binding", &cloudbuildv2.ConnectionIAMBindingArgs{ +// Project: pulumi.Any(my_connection.Project), +// Location: pulumi.Any(my_connection.Location), +// Name: pulumi.Any(my_connection.Name), +// Role: pulumi.String("roles/cloudbuild.connectionViewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudbuildv2\_connection\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudbuildv2.NewConnectionIAMMember(ctx, "member", &cloudbuildv2.ConnectionIAMMemberArgs{ +// Project: pulumi.Any(my_connection.Project), +// Location: pulumi.Any(my_connection.Location), +// Name: pulumi.Any(my_connection.Name), +// Role: pulumi.String("roles/cloudbuild.connectionViewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,14 +293,8 @@ type ConnectionIAMMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // The location for the resource Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +304,11 @@ type ConnectionIAMMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format @@ -247,14 +357,8 @@ type connectionIAMMemberState struct { Etag *string `pulumi:"etag"` // The location for the resource Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +368,11 @@ type connectionIAMMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format @@ -277,14 +386,8 @@ type ConnectionIAMMemberState struct { Etag pulumi.StringPtrInput // The location for the resource Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +397,11 @@ type ConnectionIAMMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format @@ -309,14 +417,8 @@ type connectionIAMMemberArgs struct { Condition *ConnectionIAMMemberCondition `pulumi:"condition"` // The location for the resource Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +428,11 @@ type connectionIAMMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format @@ -338,14 +445,8 @@ type ConnectionIAMMemberArgs struct { Condition ConnectionIAMMemberConditionPtrInput // The location for the resource Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -355,6 +456,11 @@ type ConnectionIAMMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format @@ -463,6 +569,17 @@ func (o ConnectionIAMMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *ConnectionIAMMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConnectionIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ConnectionIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -474,18 +591,6 @@ func (o ConnectionIAMMemberOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConnectionIAMMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ConnectionIAMMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudbuildv2/connectionIAMPolicy.go b/sdk/go/gcp/cloudbuildv2/connectionIAMPolicy.go index 4192d0c2e9..ff22fe3cd8 100644 --- a/sdk/go/gcp/cloudbuildv2/connectionIAMPolicy.go +++ b/sdk/go/gcp/cloudbuildv2/connectionIAMPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloudbuildv2\_connection\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/cloudbuild.connectionViewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudbuildv2.NewConnectionIAMPolicy(ctx, "policy", &cloudbuildv2.ConnectionIAMPolicyArgs{ +// Project: pulumi.Any(my_connection.Project), +// Location: pulumi.Any(my_connection.Location), +// Name: pulumi.Any(my_connection.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudbuildv2\_connection\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudbuildv2.NewConnectionIAMBinding(ctx, "binding", &cloudbuildv2.ConnectionIAMBindingArgs{ +// Project: pulumi.Any(my_connection.Project), +// Location: pulumi.Any(my_connection.Location), +// Name: pulumi.Any(my_connection.Name), +// Role: pulumi.String("roles/cloudbuild.connectionViewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudbuildv2\_connection\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudbuildv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudbuildv2.NewConnectionIAMMember(ctx, "member", &cloudbuildv2.ConnectionIAMMemberArgs{ +// Project: pulumi.Any(my_connection.Project), +// Location: pulumi.Any(my_connection.Location), +// Name: pulumi.Any(my_connection.Name), +// Role: pulumi.String("roles/cloudbuild.connectionViewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -188,18 +299,6 @@ type ConnectionIAMPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -247,18 +346,6 @@ type connectionIAMPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -274,18 +361,6 @@ type ConnectionIAMPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -303,18 +378,6 @@ type connectionIAMPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -329,18 +392,6 @@ type ConnectionIAMPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -454,18 +505,6 @@ func (o ConnectionIAMPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConnectionIAMPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ConnectionIAMPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudfunctions/functionIamBinding.go b/sdk/go/gcp/cloudfunctions/functionIamBinding.go index 1189b64e85..cebcb592c5 100644 --- a/sdk/go/gcp/cloudfunctions/functionIamBinding.go +++ b/sdk/go/gcp/cloudfunctions/functionIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloudfunctions\_function\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudfunctions.NewFunctionIamPolicy(ctx, "policy", &cloudfunctions.FunctionIamPolicyArgs{ +// Project: pulumi.Any(function.Project), +// Region: pulumi.Any(function.Region), +// CloudFunction: pulumi.Any(function.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudfunctions\_function\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudfunctions.NewFunctionIamBinding(ctx, "binding", &cloudfunctions.FunctionIamBindingArgs{ +// Project: pulumi.Any(function.Project), +// Region: pulumi.Any(function.Region), +// CloudFunction: pulumi.Any(function.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudfunctions\_function\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudfunctions.NewFunctionIamMember(ctx, "member", &cloudfunctions.FunctionIamMemberArgs{ +// Project: pulumi.Any(function.Project), +// Region: pulumi.Any(function.Region), +// CloudFunction: pulumi.Any(function.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,13 +292,9 @@ type FunctionIamBinding struct { CloudFunction pulumi.StringOutput `pulumi:"cloudFunction"` Condition FunctionIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,6 +304,9 @@ type FunctionIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -251,13 +361,9 @@ type functionIamBindingState struct { CloudFunction *string `pulumi:"cloudFunction"` Condition *FunctionIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +373,9 @@ type functionIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -283,13 +392,9 @@ type FunctionIamBindingState struct { CloudFunction pulumi.StringPtrInput Condition FunctionIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -299,6 +404,9 @@ type FunctionIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -318,12 +426,8 @@ type functionIamBindingArgs struct { // Used to find the parent resource to bind the IAM policy to CloudFunction string `pulumi:"cloudFunction"` Condition *FunctionIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -333,6 +437,9 @@ type functionIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -349,12 +456,8 @@ type FunctionIamBindingArgs struct { // Used to find the parent resource to bind the IAM policy to CloudFunction pulumi.StringInput Condition FunctionIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -364,6 +467,9 @@ type FunctionIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -476,24 +582,23 @@ func (o FunctionIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *FunctionIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FunctionIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *FunctionIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FunctionIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *FunctionIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudfunctions/functionIamMember.go b/sdk/go/gcp/cloudfunctions/functionIamMember.go index 5d81e93a85..3a4e8e548b 100644 --- a/sdk/go/gcp/cloudfunctions/functionIamMember.go +++ b/sdk/go/gcp/cloudfunctions/functionIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloudfunctions\_function\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudfunctions.NewFunctionIamPolicy(ctx, "policy", &cloudfunctions.FunctionIamPolicyArgs{ +// Project: pulumi.Any(function.Project), +// Region: pulumi.Any(function.Region), +// CloudFunction: pulumi.Any(function.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudfunctions\_function\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudfunctions.NewFunctionIamBinding(ctx, "binding", &cloudfunctions.FunctionIamBindingArgs{ +// Project: pulumi.Any(function.Project), +// Region: pulumi.Any(function.Region), +// CloudFunction: pulumi.Any(function.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudfunctions\_function\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudfunctions.NewFunctionIamMember(ctx, "member", &cloudfunctions.FunctionIamMemberArgs{ +// Project: pulumi.Any(function.Project), +// Region: pulumi.Any(function.Region), +// CloudFunction: pulumi.Any(function.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,13 +292,9 @@ type FunctionIamMember struct { CloudFunction pulumi.StringOutput `pulumi:"cloudFunction"` Condition FunctionIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,6 +304,9 @@ type FunctionIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -251,13 +361,9 @@ type functionIamMemberState struct { CloudFunction *string `pulumi:"cloudFunction"` Condition *FunctionIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +373,9 @@ type functionIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -283,13 +392,9 @@ type FunctionIamMemberState struct { CloudFunction pulumi.StringPtrInput Condition FunctionIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -299,6 +404,9 @@ type FunctionIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -318,12 +426,8 @@ type functionIamMemberArgs struct { // Used to find the parent resource to bind the IAM policy to CloudFunction string `pulumi:"cloudFunction"` Condition *FunctionIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -333,6 +437,9 @@ type functionIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -349,12 +456,8 @@ type FunctionIamMemberArgs struct { // Used to find the parent resource to bind the IAM policy to CloudFunction pulumi.StringInput Condition FunctionIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -364,6 +467,9 @@ type FunctionIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -476,24 +582,23 @@ func (o FunctionIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *FunctionIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FunctionIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *FunctionIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FunctionIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *FunctionIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudfunctions/functionIamPolicy.go b/sdk/go/gcp/cloudfunctions/functionIamPolicy.go index 1ec0d58dc8..9fa96a5887 100644 --- a/sdk/go/gcp/cloudfunctions/functionIamPolicy.go +++ b/sdk/go/gcp/cloudfunctions/functionIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloudfunctions\_function\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudfunctions.NewFunctionIamPolicy(ctx, "policy", &cloudfunctions.FunctionIamPolicyArgs{ +// Project: pulumi.Any(function.Project), +// Region: pulumi.Any(function.Region), +// CloudFunction: pulumi.Any(function.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudfunctions\_function\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudfunctions.NewFunctionIamBinding(ctx, "binding", &cloudfunctions.FunctionIamBindingArgs{ +// Project: pulumi.Any(function.Project), +// Region: pulumi.Any(function.Region), +// CloudFunction: pulumi.Any(function.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudfunctions\_function\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctions" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudfunctions.NewFunctionIamMember(ctx, "member", &cloudfunctions.FunctionIamMemberArgs{ +// Project: pulumi.Any(function.Project), +// Region: pulumi.Any(function.Region), +// CloudFunction: pulumi.Any(function.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -186,18 +297,6 @@ type FunctionIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -250,18 +349,6 @@ type functionIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -279,18 +366,6 @@ type FunctionIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -310,18 +385,6 @@ type functionIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -338,18 +401,6 @@ type FunctionIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -462,18 +513,6 @@ func (o FunctionIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FunctionIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *FunctionIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudfunctionsv2/functionIamBinding.go b/sdk/go/gcp/cloudfunctionsv2/functionIamBinding.go index 5df939ce47..e9a394807a 100644 --- a/sdk/go/gcp/cloudfunctionsv2/functionIamBinding.go +++ b/sdk/go/gcp/cloudfunctionsv2/functionIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloudfunctions2\_function\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, "policy", &cloudfunctionsv2.FunctionIamPolicyArgs{ +// Project: pulumi.Any(function.Project), +// Location: pulumi.Any(function.Location), +// CloudFunction: pulumi.Any(function.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudfunctions2\_function\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, "binding", &cloudfunctionsv2.FunctionIamBindingArgs{ +// Project: pulumi.Any(function.Project), +// Location: pulumi.Any(function.Location), +// CloudFunction: pulumi.Any(function.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudfunctions2\_function\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudfunctionsv2.NewFunctionIamMember(ctx, "member", &cloudfunctionsv2.FunctionIamMemberArgs{ +// Project: pulumi.Any(function.Project), +// Location: pulumi.Any(function.Location), +// CloudFunction: pulumi.Any(function.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,13 +294,9 @@ type FunctionIamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +306,9 @@ type FunctionIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format @@ -251,13 +361,9 @@ type functionIamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +373,9 @@ type functionIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format @@ -282,12 +391,8 @@ type FunctionIamBindingState struct { Etag pulumi.StringPtrInput // The location of this cloud function. Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +402,9 @@ type FunctionIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format @@ -313,13 +421,9 @@ type functionIamBindingArgs struct { CloudFunction string `pulumi:"cloudFunction"` Condition *FunctionIamBindingCondition `pulumi:"condition"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -329,6 +433,9 @@ type functionIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format @@ -343,12 +450,8 @@ type FunctionIamBindingArgs struct { Condition FunctionIamBindingConditionPtrInput // The location of this cloud function. Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -358,6 +461,9 @@ type FunctionIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format @@ -471,24 +577,23 @@ func (o FunctionIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *FunctionIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FunctionIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *FunctionIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FunctionIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *FunctionIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudfunctionsv2/functionIamMember.go b/sdk/go/gcp/cloudfunctionsv2/functionIamMember.go index 94b23f6bc1..0749355ca2 100644 --- a/sdk/go/gcp/cloudfunctionsv2/functionIamMember.go +++ b/sdk/go/gcp/cloudfunctionsv2/functionIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloudfunctions2\_function\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, "policy", &cloudfunctionsv2.FunctionIamPolicyArgs{ +// Project: pulumi.Any(function.Project), +// Location: pulumi.Any(function.Location), +// CloudFunction: pulumi.Any(function.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudfunctions2\_function\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, "binding", &cloudfunctionsv2.FunctionIamBindingArgs{ +// Project: pulumi.Any(function.Project), +// Location: pulumi.Any(function.Location), +// CloudFunction: pulumi.Any(function.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudfunctions2\_function\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudfunctionsv2.NewFunctionIamMember(ctx, "member", &cloudfunctionsv2.FunctionIamMemberArgs{ +// Project: pulumi.Any(function.Project), +// Location: pulumi.Any(function.Location), +// CloudFunction: pulumi.Any(function.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -184,12 +295,8 @@ type FunctionIamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +306,9 @@ type FunctionIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format @@ -252,12 +362,8 @@ type functionIamMemberState struct { Etag *string `pulumi:"etag"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +373,9 @@ type functionIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format @@ -282,12 +391,8 @@ type FunctionIamMemberState struct { Etag pulumi.StringPtrInput // The location of this cloud function. Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +402,9 @@ type FunctionIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format @@ -314,12 +422,8 @@ type functionIamMemberArgs struct { Condition *FunctionIamMemberCondition `pulumi:"condition"` // The location of this cloud function. Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -329,6 +433,9 @@ type functionIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format @@ -343,12 +450,8 @@ type FunctionIamMemberArgs struct { Condition FunctionIamMemberConditionPtrInput // The location of this cloud function. Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -358,6 +461,9 @@ type FunctionIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format @@ -471,24 +577,23 @@ func (o FunctionIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *FunctionIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FunctionIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *FunctionIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FunctionIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *FunctionIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudfunctionsv2/functionIamPolicy.go b/sdk/go/gcp/cloudfunctionsv2/functionIamPolicy.go index be9c793f0e..40f3486ccc 100644 --- a/sdk/go/gcp/cloudfunctionsv2/functionIamPolicy.go +++ b/sdk/go/gcp/cloudfunctionsv2/functionIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloudfunctions2\_function\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudfunctionsv2.NewFunctionIamPolicy(ctx, "policy", &cloudfunctionsv2.FunctionIamPolicyArgs{ +// Project: pulumi.Any(function.Project), +// Location: pulumi.Any(function.Location), +// CloudFunction: pulumi.Any(function.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudfunctions2\_function\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudfunctionsv2.NewFunctionIamBinding(ctx, "binding", &cloudfunctionsv2.FunctionIamBindingArgs{ +// Project: pulumi.Any(function.Project), +// Location: pulumi.Any(function.Location), +// CloudFunction: pulumi.Any(function.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloudfunctions2\_function\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudfunctionsv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudfunctionsv2.NewFunctionIamMember(ctx, "member", &cloudfunctionsv2.FunctionIamMemberArgs{ +// Project: pulumi.Any(function.Project), +// Location: pulumi.Any(function.Location), +// CloudFunction: pulumi.Any(function.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -188,18 +299,6 @@ type FunctionIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -250,18 +349,6 @@ type functionIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -277,18 +364,6 @@ type FunctionIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -306,18 +381,6 @@ type functionIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -332,18 +395,6 @@ type FunctionIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -457,18 +508,6 @@ func (o FunctionIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FunctionIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *FunctionIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudrun/iamBinding.go b/sdk/go/gcp/cloudrun/iamBinding.go index b727252ad4..fa26ed2a88 100644 --- a/sdk/go/gcp/cloudrun/iamBinding.go +++ b/sdk/go/gcp/cloudrun/iamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloud\_run\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudrun.NewIamPolicy(ctx, "policy", &cloudrun.IamPolicyArgs{ +// Location: pulumi.Any(_default.Location), +// Project: pulumi.Any(_default.Project), +// Service: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrun.NewIamBinding(ctx, "binding", &cloudrun.IamBindingArgs{ +// Location: pulumi.Any(_default.Location), +// Project: pulumi.Any(_default.Project), +// Service: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrun.NewIamMember(ctx, "member", &cloudrun.IamMemberArgs{ +// Location: pulumi.Any(_default.Location), +// Project: pulumi.Any(_default.Project), +// Service: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,13 +292,9 @@ type IamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,6 +304,9 @@ type IamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format @@ -249,13 +359,9 @@ type iamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -265,6 +371,9 @@ type iamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format @@ -280,12 +389,8 @@ type IamBindingState struct { Etag pulumi.StringPtrInput // The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -295,6 +400,9 @@ type IamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format @@ -311,13 +419,9 @@ func (IamBindingState) ElementType() reflect.Type { type iamBindingArgs struct { Condition *IamBindingCondition `pulumi:"condition"` // The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -327,6 +431,9 @@ type iamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format @@ -341,12 +448,8 @@ type IamBindingArgs struct { Condition IamBindingConditionPtrInput // The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -356,6 +459,9 @@ type IamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format @@ -466,24 +572,23 @@ func (o IamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *IamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o IamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *IamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o IamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *IamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudrun/iamMember.go b/sdk/go/gcp/cloudrun/iamMember.go index 4c1797691d..6a5dad3244 100644 --- a/sdk/go/gcp/cloudrun/iamMember.go +++ b/sdk/go/gcp/cloudrun/iamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloud\_run\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudrun.NewIamPolicy(ctx, "policy", &cloudrun.IamPolicyArgs{ +// Location: pulumi.Any(_default.Location), +// Project: pulumi.Any(_default.Project), +// Service: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrun.NewIamBinding(ctx, "binding", &cloudrun.IamBindingArgs{ +// Location: pulumi.Any(_default.Location), +// Project: pulumi.Any(_default.Project), +// Service: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrun.NewIamMember(ctx, "member", &cloudrun.IamMemberArgs{ +// Location: pulumi.Any(_default.Location), +// Project: pulumi.Any(_default.Project), +// Service: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,12 +293,8 @@ type IamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,6 +304,9 @@ type IamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format @@ -250,12 +360,8 @@ type iamMemberState struct { Etag *string `pulumi:"etag"` // The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -265,6 +371,9 @@ type iamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format @@ -280,12 +389,8 @@ type IamMemberState struct { Etag pulumi.StringPtrInput // The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -295,6 +400,9 @@ type IamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format @@ -312,12 +420,8 @@ type iamMemberArgs struct { Condition *IamMemberCondition `pulumi:"condition"` // The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -327,6 +431,9 @@ type iamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format @@ -341,12 +448,8 @@ type IamMemberArgs struct { Condition IamMemberConditionPtrInput // The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -356,6 +459,9 @@ type IamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format @@ -466,24 +572,23 @@ func (o IamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *IamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o IamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *IamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o IamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *IamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudrun/iamPolicy.go b/sdk/go/gcp/cloudrun/iamPolicy.go index 54b06e8146..f0c4ac2097 100644 --- a/sdk/go/gcp/cloudrun/iamPolicy.go +++ b/sdk/go/gcp/cloudrun/iamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloud\_run\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudrun.NewIamPolicy(ctx, "policy", &cloudrun.IamPolicyArgs{ +// Location: pulumi.Any(_default.Location), +// Project: pulumi.Any(_default.Project), +// Service: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrun.NewIamBinding(ctx, "binding", &cloudrun.IamBindingArgs{ +// Location: pulumi.Any(_default.Location), +// Project: pulumi.Any(_default.Project), +// Service: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrun" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrun.NewIamMember(ctx, "member", &cloudrun.IamMemberArgs{ +// Location: pulumi.Any(_default.Location), +// Project: pulumi.Any(_default.Project), +// Service: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -186,18 +297,6 @@ type IamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Service pulumi.StringOutput `pulumi:"service"` @@ -248,18 +347,6 @@ type iamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Service *string `pulumi:"service"` @@ -275,18 +362,6 @@ type IamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Service pulumi.StringPtrInput @@ -304,18 +379,6 @@ type iamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Service string `pulumi:"service"` @@ -330,18 +393,6 @@ type IamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Service pulumi.StringInput @@ -452,18 +503,6 @@ func (o IamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o IamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *IamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudrunv2/jobIamBinding.go b/sdk/go/gcp/cloudrunv2/jobIamBinding.go index 23c811d047..d935365857 100644 --- a/sdk/go/gcp/cloudrunv2/jobIamBinding.go +++ b/sdk/go/gcp/cloudrunv2/jobIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloud\_run\_v2\_job\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudrunv2.NewJobIamPolicy(ctx, "policy", &cloudrunv2.JobIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_v2\_job\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrunv2.NewJobIamBinding(ctx, "binding", &cloudrunv2.JobIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_v2\_job\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrunv2.NewJobIamMember(ctx, "member", &cloudrunv2.JobIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,15 +292,9 @@ type JobIamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The location of the cloud run job Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +304,11 @@ type JobIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format @@ -246,15 +356,9 @@ type jobIamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // The location of the cloud run job Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +368,11 @@ type jobIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format @@ -277,14 +386,8 @@ type JobIamBindingState struct { Etag pulumi.StringPtrInput // The location of the cloud run job Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +397,11 @@ type JobIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format @@ -308,15 +416,9 @@ func (JobIamBindingState) ElementType() reflect.Type { type jobIamBindingArgs struct { Condition *JobIamBindingCondition `pulumi:"condition"` // The location of the cloud run job Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +428,11 @@ type jobIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format @@ -338,14 +445,8 @@ type JobIamBindingArgs struct { Condition JobIamBindingConditionPtrInput // The location of the cloud run job Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -355,6 +456,11 @@ type JobIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format @@ -463,6 +569,17 @@ func (o JobIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *JobIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o JobIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *JobIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -474,18 +591,6 @@ func (o JobIamBindingOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o JobIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *JobIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudrunv2/jobIamMember.go b/sdk/go/gcp/cloudrunv2/jobIamMember.go index 6ac9df6a56..87ea80edc0 100644 --- a/sdk/go/gcp/cloudrunv2/jobIamMember.go +++ b/sdk/go/gcp/cloudrunv2/jobIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloud\_run\_v2\_job\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudrunv2.NewJobIamPolicy(ctx, "policy", &cloudrunv2.JobIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_v2\_job\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrunv2.NewJobIamBinding(ctx, "binding", &cloudrunv2.JobIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_v2\_job\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrunv2.NewJobIamMember(ctx, "member", &cloudrunv2.JobIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,14 +293,8 @@ type JobIamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // The location of the cloud run job Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +304,11 @@ type JobIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format @@ -247,14 +357,8 @@ type jobIamMemberState struct { Etag *string `pulumi:"etag"` // The location of the cloud run job Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +368,11 @@ type jobIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format @@ -277,14 +386,8 @@ type JobIamMemberState struct { Etag pulumi.StringPtrInput // The location of the cloud run job Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +397,11 @@ type JobIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format @@ -309,14 +417,8 @@ type jobIamMemberArgs struct { Condition *JobIamMemberCondition `pulumi:"condition"` // The location of the cloud run job Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +428,11 @@ type jobIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format @@ -338,14 +445,8 @@ type JobIamMemberArgs struct { Condition JobIamMemberConditionPtrInput // The location of the cloud run job Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -355,6 +456,11 @@ type JobIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format @@ -463,6 +569,17 @@ func (o JobIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *JobIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o JobIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *JobIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -474,18 +591,6 @@ func (o JobIamMemberOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o JobIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *JobIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudrunv2/jobIamPolicy.go b/sdk/go/gcp/cloudrunv2/jobIamPolicy.go index f63296bde9..3e0bc7b50e 100644 --- a/sdk/go/gcp/cloudrunv2/jobIamPolicy.go +++ b/sdk/go/gcp/cloudrunv2/jobIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloud\_run\_v2\_job\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudrunv2.NewJobIamPolicy(ctx, "policy", &cloudrunv2.JobIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_v2\_job\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrunv2.NewJobIamBinding(ctx, "binding", &cloudrunv2.JobIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_v2\_job\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrunv2.NewJobIamMember(ctx, "member", &cloudrunv2.JobIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -188,18 +299,6 @@ type JobIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -247,18 +346,6 @@ type jobIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -274,18 +361,6 @@ type JobIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -303,18 +378,6 @@ type jobIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -329,18 +392,6 @@ type JobIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -454,18 +505,6 @@ func (o JobIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o JobIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *JobIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudrunv2/serviceIamBinding.go b/sdk/go/gcp/cloudrunv2/serviceIamBinding.go index 8eaf4afe93..fc834aafec 100644 --- a/sdk/go/gcp/cloudrunv2/serviceIamBinding.go +++ b/sdk/go/gcp/cloudrunv2/serviceIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloud\_run\_v2\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudrunv2.NewServiceIamPolicy(ctx, "policy", &cloudrunv2.ServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_v2\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrunv2.NewServiceIamBinding(ctx, "binding", &cloudrunv2.ServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_v2\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrunv2.NewServiceIamMember(ctx, "member", &cloudrunv2.ServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,15 +292,9 @@ type ServiceIamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The location of the cloud run service Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +304,11 @@ type ServiceIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -246,15 +356,9 @@ type serviceIamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // The location of the cloud run service Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +368,11 @@ type serviceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -277,14 +386,8 @@ type ServiceIamBindingState struct { Etag pulumi.StringPtrInput // The location of the cloud run service Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +397,11 @@ type ServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -308,15 +416,9 @@ func (ServiceIamBindingState) ElementType() reflect.Type { type serviceIamBindingArgs struct { Condition *ServiceIamBindingCondition `pulumi:"condition"` // The location of the cloud run service Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +428,11 @@ type serviceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -338,14 +445,8 @@ type ServiceIamBindingArgs struct { Condition ServiceIamBindingConditionPtrInput // The location of the cloud run service Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -355,6 +456,11 @@ type ServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -463,6 +569,17 @@ func (o ServiceIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ServiceIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ServiceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -474,18 +591,6 @@ func (o ServiceIamBindingOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ServiceIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudrunv2/serviceIamMember.go b/sdk/go/gcp/cloudrunv2/serviceIamMember.go index d38f5126f5..7507eb4f54 100644 --- a/sdk/go/gcp/cloudrunv2/serviceIamMember.go +++ b/sdk/go/gcp/cloudrunv2/serviceIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloud\_run\_v2\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudrunv2.NewServiceIamPolicy(ctx, "policy", &cloudrunv2.ServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_v2\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrunv2.NewServiceIamBinding(ctx, "binding", &cloudrunv2.ServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_v2\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrunv2.NewServiceIamMember(ctx, "member", &cloudrunv2.ServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,14 +293,8 @@ type ServiceIamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // The location of the cloud run service Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +304,11 @@ type ServiceIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -247,14 +357,8 @@ type serviceIamMemberState struct { Etag *string `pulumi:"etag"` // The location of the cloud run service Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +368,11 @@ type serviceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -277,14 +386,8 @@ type ServiceIamMemberState struct { Etag pulumi.StringPtrInput // The location of the cloud run service Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +397,11 @@ type ServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -309,14 +417,8 @@ type serviceIamMemberArgs struct { Condition *ServiceIamMemberCondition `pulumi:"condition"` // The location of the cloud run service Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +428,11 @@ type serviceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -338,14 +445,8 @@ type ServiceIamMemberArgs struct { Condition ServiceIamMemberConditionPtrInput // The location of the cloud run service Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -355,6 +456,11 @@ type ServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -463,6 +569,17 @@ func (o ServiceIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ServiceIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -474,18 +591,6 @@ func (o ServiceIamMemberOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ServiceIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudrunv2/serviceIamPolicy.go b/sdk/go/gcp/cloudrunv2/serviceIamPolicy.go index d936ce60f5..f205d2d724 100644 --- a/sdk/go/gcp/cloudrunv2/serviceIamPolicy.go +++ b/sdk/go/gcp/cloudrunv2/serviceIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloud\_run\_v2\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudrunv2.NewServiceIamPolicy(ctx, "policy", &cloudrunv2.ServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_v2\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrunv2.NewServiceIamBinding(ctx, "binding", &cloudrunv2.ServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_run\_v2\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudrunv2" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudrunv2.NewServiceIamMember(ctx, "member", &cloudrunv2.ServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -188,18 +299,6 @@ type ServiceIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -247,18 +346,6 @@ type serviceIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -274,18 +361,6 @@ type ServiceIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -303,18 +378,6 @@ type serviceIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -329,18 +392,6 @@ type ServiceIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -454,18 +505,6 @@ func (o ServiceIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ServiceIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudtasks/queueIamBinding.go b/sdk/go/gcp/cloudtasks/queueIamBinding.go index 2b005e3694..b18ddc16fe 100644 --- a/sdk/go/gcp/cloudtasks/queueIamBinding.go +++ b/sdk/go/gcp/cloudtasks/queueIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloud\_tasks\_queue\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudtasks.NewQueueIamPolicy(ctx, "policy", &cloudtasks.QueueIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_tasks\_queue\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudtasks.NewQueueIamBinding(ctx, "binding", &cloudtasks.QueueIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_tasks\_queue\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudtasks.NewQueueIamMember(ctx, "member", &cloudtasks.QueueIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,15 +292,9 @@ type QueueIamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The location of the queue Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +304,11 @@ type QueueIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format @@ -246,15 +356,9 @@ type queueIamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // The location of the queue Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +368,11 @@ type queueIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format @@ -277,14 +386,8 @@ type QueueIamBindingState struct { Etag pulumi.StringPtrInput // The location of the queue Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +397,11 @@ type QueueIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format @@ -308,15 +416,9 @@ func (QueueIamBindingState) ElementType() reflect.Type { type queueIamBindingArgs struct { Condition *QueueIamBindingCondition `pulumi:"condition"` // The location of the queue Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +428,11 @@ type queueIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format @@ -338,14 +445,8 @@ type QueueIamBindingArgs struct { Condition QueueIamBindingConditionPtrInput // The location of the queue Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -355,6 +456,11 @@ type QueueIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format @@ -463,6 +569,17 @@ func (o QueueIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *QueueIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o QueueIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *QueueIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -474,18 +591,6 @@ func (o QueueIamBindingOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o QueueIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *QueueIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudtasks/queueIamMember.go b/sdk/go/gcp/cloudtasks/queueIamMember.go index 64c561f846..1ec6a2115e 100644 --- a/sdk/go/gcp/cloudtasks/queueIamMember.go +++ b/sdk/go/gcp/cloudtasks/queueIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloud\_tasks\_queue\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudtasks.NewQueueIamPolicy(ctx, "policy", &cloudtasks.QueueIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_tasks\_queue\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudtasks.NewQueueIamBinding(ctx, "binding", &cloudtasks.QueueIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_tasks\_queue\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudtasks.NewQueueIamMember(ctx, "member", &cloudtasks.QueueIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,14 +293,8 @@ type QueueIamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // The location of the queue Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +304,11 @@ type QueueIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format @@ -247,14 +357,8 @@ type queueIamMemberState struct { Etag *string `pulumi:"etag"` // The location of the queue Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +368,11 @@ type queueIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format @@ -277,14 +386,8 @@ type QueueIamMemberState struct { Etag pulumi.StringPtrInput // The location of the queue Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +397,11 @@ type QueueIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format @@ -309,14 +417,8 @@ type queueIamMemberArgs struct { Condition *QueueIamMemberCondition `pulumi:"condition"` // The location of the queue Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +428,11 @@ type queueIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format @@ -338,14 +445,8 @@ type QueueIamMemberArgs struct { Condition QueueIamMemberConditionPtrInput // The location of the queue Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -355,6 +456,11 @@ type QueueIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format @@ -463,6 +569,17 @@ func (o QueueIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *QueueIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o QueueIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *QueueIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -474,18 +591,6 @@ func (o QueueIamMemberOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o QueueIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *QueueIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/cloudtasks/queueIamPolicy.go b/sdk/go/gcp/cloudtasks/queueIamPolicy.go index f902f952ae..9b250e4b46 100644 --- a/sdk/go/gcp/cloudtasks/queueIamPolicy.go +++ b/sdk/go/gcp/cloudtasks/queueIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_cloud\_tasks\_queue\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = cloudtasks.NewQueueIamPolicy(ctx, "policy", &cloudtasks.QueueIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_tasks\_queue\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudtasks.NewQueueIamBinding(ctx, "binding", &cloudtasks.QueueIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_cloud\_tasks\_queue\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/cloudtasks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := cloudtasks.NewQueueIamMember(ctx, "member", &cloudtasks.QueueIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -188,18 +299,6 @@ type QueueIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -247,18 +346,6 @@ type queueIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -274,18 +361,6 @@ type QueueIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -303,18 +378,6 @@ type queueIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -329,18 +392,6 @@ type QueueIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -454,18 +505,6 @@ func (o QueueIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o QueueIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *QueueIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/backendBucketIamBinding.go b/sdk/go/gcp/compute/backendBucketIamBinding.go index 927c32876b..8e4948485d 100644 --- a/sdk/go/gcp/compute/backendBucketIamBinding.go +++ b/sdk/go/gcp/compute/backendBucketIamBinding.go @@ -52,15 +52,9 @@ type BackendBucketIamBinding struct { Condition BackendBucketIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -70,6 +64,11 @@ type BackendBucketIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format @@ -115,15 +114,9 @@ func GetBackendBucketIamBinding(ctx *pulumi.Context, type backendBucketIamBindingState struct { Condition *BackendBucketIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -133,6 +126,11 @@ type backendBucketIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format @@ -143,15 +141,9 @@ type backendBucketIamBindingState struct { type BackendBucketIamBindingState struct { Condition BackendBucketIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -161,6 +153,11 @@ type BackendBucketIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format @@ -174,14 +171,8 @@ func (BackendBucketIamBindingState) ElementType() reflect.Type { type backendBucketIamBindingArgs struct { Condition *BackendBucketIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -191,6 +182,11 @@ type backendBucketIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format @@ -201,14 +197,8 @@ type backendBucketIamBindingArgs struct { // The set of arguments for constructing a BackendBucketIamBinding resource. type BackendBucketIamBindingArgs struct { Condition BackendBucketIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -218,6 +208,11 @@ type BackendBucketIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format @@ -321,6 +316,17 @@ func (o BackendBucketIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *BackendBucketIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackendBucketIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *BackendBucketIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -332,18 +338,6 @@ func (o BackendBucketIamBindingOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackendBucketIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *BackendBucketIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/backendBucketIamMember.go b/sdk/go/gcp/compute/backendBucketIamMember.go index fe39375899..bef3e848a6 100644 --- a/sdk/go/gcp/compute/backendBucketIamMember.go +++ b/sdk/go/gcp/compute/backendBucketIamMember.go @@ -52,15 +52,9 @@ type BackendBucketIamMember struct { Condition BackendBucketIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -70,6 +64,11 @@ type BackendBucketIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format @@ -115,15 +114,9 @@ func GetBackendBucketIamMember(ctx *pulumi.Context, type backendBucketIamMemberState struct { Condition *BackendBucketIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -133,6 +126,11 @@ type backendBucketIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format @@ -143,15 +141,9 @@ type backendBucketIamMemberState struct { type BackendBucketIamMemberState struct { Condition BackendBucketIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -161,6 +153,11 @@ type BackendBucketIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format @@ -174,14 +171,8 @@ func (BackendBucketIamMemberState) ElementType() reflect.Type { type backendBucketIamMemberArgs struct { Condition *BackendBucketIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -191,6 +182,11 @@ type backendBucketIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format @@ -201,14 +197,8 @@ type backendBucketIamMemberArgs struct { // The set of arguments for constructing a BackendBucketIamMember resource. type BackendBucketIamMemberArgs struct { Condition BackendBucketIamMemberConditionPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -218,6 +208,11 @@ type BackendBucketIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format @@ -321,6 +316,17 @@ func (o BackendBucketIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *BackendBucketIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackendBucketIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *BackendBucketIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -332,18 +338,6 @@ func (o BackendBucketIamMemberOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackendBucketIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *BackendBucketIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/backendBucketIamPolicy.go b/sdk/go/gcp/compute/backendBucketIamPolicy.go index c96e873cdf..930275e61b 100644 --- a/sdk/go/gcp/compute/backendBucketIamPolicy.go +++ b/sdk/go/gcp/compute/backendBucketIamPolicy.go @@ -59,18 +59,6 @@ type BackendBucketIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -116,18 +104,6 @@ type backendBucketIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -141,18 +117,6 @@ type BackendBucketIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -168,18 +132,6 @@ type backendBucketIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -192,18 +144,6 @@ type BackendBucketIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -312,18 +252,6 @@ func (o BackendBucketIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackendBucketIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *BackendBucketIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/backendServiceIamBinding.go b/sdk/go/gcp/compute/backendServiceIamBinding.go index ecaaaa36f8..aeb31fd42a 100644 --- a/sdk/go/gcp/compute/backendServiceIamBinding.go +++ b/sdk/go/gcp/compute/backendServiceIamBinding.go @@ -54,15 +54,9 @@ type BackendServiceIamBinding struct { // Structure is documented below. Condition BackendServiceIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,6 +66,11 @@ type BackendServiceIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -119,15 +118,9 @@ type backendServiceIamBindingState struct { // Structure is documented below. Condition *BackendServiceIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -137,6 +130,11 @@ type backendServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -149,15 +147,9 @@ type BackendServiceIamBindingState struct { // Structure is documented below. Condition BackendServiceIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -167,6 +159,11 @@ type BackendServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -182,14 +179,8 @@ type backendServiceIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *BackendServiceIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +190,11 @@ type backendServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -211,14 +207,8 @@ type BackendServiceIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition BackendServiceIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,6 +218,11 @@ type BackendServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -333,6 +328,17 @@ func (o BackendServiceIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *BackendServiceIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackendServiceIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *BackendServiceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -344,18 +350,6 @@ func (o BackendServiceIamBindingOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackendServiceIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *BackendServiceIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/backendServiceIamMember.go b/sdk/go/gcp/compute/backendServiceIamMember.go index 8f1f12e5b8..c47189a998 100644 --- a/sdk/go/gcp/compute/backendServiceIamMember.go +++ b/sdk/go/gcp/compute/backendServiceIamMember.go @@ -54,15 +54,9 @@ type BackendServiceIamMember struct { // Structure is documented below. Condition BackendServiceIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,6 +66,11 @@ type BackendServiceIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -119,15 +118,9 @@ type backendServiceIamMemberState struct { // Structure is documented below. Condition *BackendServiceIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -137,6 +130,11 @@ type backendServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -149,15 +147,9 @@ type BackendServiceIamMemberState struct { // Structure is documented below. Condition BackendServiceIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -167,6 +159,11 @@ type BackendServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -182,14 +179,8 @@ type backendServiceIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *BackendServiceIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +190,11 @@ type backendServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -211,14 +207,8 @@ type BackendServiceIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition BackendServiceIamMemberConditionPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,6 +218,11 @@ type BackendServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -333,6 +328,17 @@ func (o BackendServiceIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *BackendServiceIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackendServiceIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *BackendServiceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -344,18 +350,6 @@ func (o BackendServiceIamMemberOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackendServiceIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *BackendServiceIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/backendServiceIamPolicy.go b/sdk/go/gcp/compute/backendServiceIamPolicy.go index f7f33432d3..0869b7fea9 100644 --- a/sdk/go/gcp/compute/backendServiceIamPolicy.go +++ b/sdk/go/gcp/compute/backendServiceIamPolicy.go @@ -59,18 +59,6 @@ type BackendServiceIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -116,18 +104,6 @@ type backendServiceIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -141,18 +117,6 @@ type BackendServiceIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -168,18 +132,6 @@ type backendServiceIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -192,18 +144,6 @@ type BackendServiceIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -312,18 +252,6 @@ func (o BackendServiceIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackendServiceIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *BackendServiceIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/diskIamBinding.go b/sdk/go/gcp/compute/diskIamBinding.go index be2efb3007..3aff8fdc93 100644 --- a/sdk/go/gcp/compute/diskIamBinding.go +++ b/sdk/go/gcp/compute/diskIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_compute\_disk\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewDiskIamPolicy(ctx, "policy", &compute.DiskIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_disk\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewDiskIamBinding(ctx, "binding", &compute.DiskIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_disk\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewDiskIamMember(ctx, "member", &compute.DiskIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -179,15 +290,9 @@ type DiskIamBinding struct { Condition DiskIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,6 +302,11 @@ type DiskIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format @@ -246,15 +356,9 @@ func GetDiskIamBinding(ctx *pulumi.Context, type diskIamBindingState struct { Condition *DiskIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +368,11 @@ type diskIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format @@ -278,15 +387,9 @@ type diskIamBindingState struct { type DiskIamBindingState struct { Condition DiskIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -296,6 +399,11 @@ type DiskIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format @@ -313,14 +421,8 @@ func (DiskIamBindingState) ElementType() reflect.Type { type diskIamBindingArgs struct { Condition *DiskIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -330,6 +432,11 @@ type diskIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format @@ -344,14 +451,8 @@ type diskIamBindingArgs struct { // The set of arguments for constructing a DiskIamBinding resource. type DiskIamBindingArgs struct { Condition DiskIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -361,6 +462,11 @@ type DiskIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format @@ -468,6 +574,17 @@ func (o DiskIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *DiskIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DiskIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *DiskIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -479,18 +596,6 @@ func (o DiskIamBindingOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DiskIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DiskIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/diskIamMember.go b/sdk/go/gcp/compute/diskIamMember.go index dfa2eb4e04..1aef3277f0 100644 --- a/sdk/go/gcp/compute/diskIamMember.go +++ b/sdk/go/gcp/compute/diskIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_compute\_disk\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewDiskIamPolicy(ctx, "policy", &compute.DiskIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_disk\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewDiskIamBinding(ctx, "binding", &compute.DiskIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_disk\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewDiskIamMember(ctx, "member", &compute.DiskIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -179,15 +290,9 @@ type DiskIamMember struct { Condition DiskIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,6 +302,11 @@ type DiskIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format @@ -246,15 +356,9 @@ func GetDiskIamMember(ctx *pulumi.Context, type diskIamMemberState struct { Condition *DiskIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +368,11 @@ type diskIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format @@ -278,15 +387,9 @@ type diskIamMemberState struct { type DiskIamMemberState struct { Condition DiskIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -296,6 +399,11 @@ type DiskIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format @@ -313,14 +421,8 @@ func (DiskIamMemberState) ElementType() reflect.Type { type diskIamMemberArgs struct { Condition *DiskIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -330,6 +432,11 @@ type diskIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format @@ -344,14 +451,8 @@ type diskIamMemberArgs struct { // The set of arguments for constructing a DiskIamMember resource. type DiskIamMemberArgs struct { Condition DiskIamMemberConditionPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -361,6 +462,11 @@ type DiskIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format @@ -468,6 +574,17 @@ func (o DiskIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *DiskIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DiskIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *DiskIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -479,18 +596,6 @@ func (o DiskIamMemberOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DiskIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DiskIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/diskIamPolicy.go b/sdk/go/gcp/compute/diskIamPolicy.go index ca838a3a0a..b5165d3f6f 100644 --- a/sdk/go/gcp/compute/diskIamPolicy.go +++ b/sdk/go/gcp/compute/diskIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_compute\_disk\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewDiskIamPolicy(ctx, "policy", &compute.DiskIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_disk\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewDiskIamBinding(ctx, "binding", &compute.DiskIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_disk\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewDiskIamMember(ctx, "member", &compute.DiskIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -186,18 +297,6 @@ type DiskIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // A reference to the zone where the disk resides. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no @@ -247,18 +346,6 @@ type diskIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // A reference to the zone where the disk resides. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no @@ -276,18 +363,6 @@ type DiskIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // A reference to the zone where the disk resides. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no @@ -307,18 +382,6 @@ type diskIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // A reference to the zone where the disk resides. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no @@ -335,18 +398,6 @@ type DiskIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // A reference to the zone where the disk resides. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no @@ -459,18 +510,6 @@ func (o DiskIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DiskIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DiskIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/imageIamBinding.go b/sdk/go/gcp/compute/imageIamBinding.go index 06df27aadf..5b9c9810f5 100644 --- a/sdk/go/gcp/compute/imageIamBinding.go +++ b/sdk/go/gcp/compute/imageIamBinding.go @@ -257,6 +257,235 @@ import ( // ``` // // +// ## google\_compute\_image\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.imageUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewImageIamPolicy(ctx, "policy", &compute.ImageIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.imageUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewImageIamPolicy(ctx, "policy", &compute.ImageIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_image\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewImageIamBinding(ctx, "binding", &compute.ImageIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// Role: pulumi.String("roles/compute.imageUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewImageIamBinding(ctx, "binding", &compute.ImageIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// Role: pulumi.String("roles/compute.imageUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &compute.ImageIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_image\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewImageIamMember(ctx, "member", &compute.ImageIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// Role: pulumi.String("roles/compute.imageUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewImageIamMember(ctx, "member", &compute.ImageIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// Role: pulumi.String("roles/compute.imageUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &compute.ImageIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -301,13 +530,9 @@ type ImageIamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - Image pulumi.StringOutput `pulumi:"image"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Image pulumi.StringOutput `pulumi:"image"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -317,6 +542,9 @@ type ImageIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -369,13 +597,9 @@ type imageIamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - Image *string `pulumi:"image"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Image *string `pulumi:"image"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -385,6 +609,9 @@ type imageIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -399,13 +626,9 @@ type ImageIamBindingState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to - Image pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Image pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -415,6 +638,9 @@ type ImageIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -431,13 +657,9 @@ type imageIamBindingArgs struct { // Structure is documented below. Condition *ImageIamBindingCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - Image string `pulumi:"image"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Image string `pulumi:"image"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -447,6 +669,9 @@ type imageIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -460,13 +685,9 @@ type ImageIamBindingArgs struct { // Structure is documented below. Condition ImageIamBindingConditionPtrInput // Used to find the parent resource to bind the IAM policy to - Image pulumi.StringInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Image pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -476,6 +697,9 @@ type ImageIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -586,24 +810,23 @@ func (o ImageIamBindingOutput) Image() pulumi.StringOutput { return o.ApplyT(func(v *ImageIamBinding) pulumi.StringOutput { return v.Image }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ImageIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ImageIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ImageIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ImageIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/imageIamMember.go b/sdk/go/gcp/compute/imageIamMember.go index 31606ef0e6..a9e3c2db1f 100644 --- a/sdk/go/gcp/compute/imageIamMember.go +++ b/sdk/go/gcp/compute/imageIamMember.go @@ -257,6 +257,235 @@ import ( // ``` // // +// ## google\_compute\_image\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.imageUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewImageIamPolicy(ctx, "policy", &compute.ImageIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.imageUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewImageIamPolicy(ctx, "policy", &compute.ImageIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_image\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewImageIamBinding(ctx, "binding", &compute.ImageIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// Role: pulumi.String("roles/compute.imageUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewImageIamBinding(ctx, "binding", &compute.ImageIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// Role: pulumi.String("roles/compute.imageUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &compute.ImageIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_image\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewImageIamMember(ctx, "member", &compute.ImageIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// Role: pulumi.String("roles/compute.imageUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewImageIamMember(ctx, "member", &compute.ImageIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// Role: pulumi.String("roles/compute.imageUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &compute.ImageIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -301,13 +530,9 @@ type ImageIamMember struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - Image pulumi.StringOutput `pulumi:"image"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Image pulumi.StringOutput `pulumi:"image"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -317,6 +542,9 @@ type ImageIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -369,13 +597,9 @@ type imageIamMemberState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - Image *string `pulumi:"image"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Image *string `pulumi:"image"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -385,6 +609,9 @@ type imageIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -399,13 +626,9 @@ type ImageIamMemberState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to - Image pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Image pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -415,6 +638,9 @@ type ImageIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -431,13 +657,9 @@ type imageIamMemberArgs struct { // Structure is documented below. Condition *ImageIamMemberCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - Image string `pulumi:"image"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Image string `pulumi:"image"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -447,6 +669,9 @@ type imageIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -460,13 +685,9 @@ type ImageIamMemberArgs struct { // Structure is documented below. Condition ImageIamMemberConditionPtrInput // Used to find the parent resource to bind the IAM policy to - Image pulumi.StringInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Image pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -476,6 +697,9 @@ type ImageIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -586,24 +810,23 @@ func (o ImageIamMemberOutput) Image() pulumi.StringOutput { return o.ApplyT(func(v *ImageIamMember) pulumi.StringOutput { return v.Image }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ImageIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ImageIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ImageIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ImageIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/imageIamPolicy.go b/sdk/go/gcp/compute/imageIamPolicy.go index 6409c84753..ad44398af1 100644 --- a/sdk/go/gcp/compute/imageIamPolicy.go +++ b/sdk/go/gcp/compute/imageIamPolicy.go @@ -257,6 +257,235 @@ import ( // ``` // // +// ## google\_compute\_image\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.imageUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewImageIamPolicy(ctx, "policy", &compute.ImageIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.imageUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewImageIamPolicy(ctx, "policy", &compute.ImageIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_image\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewImageIamBinding(ctx, "binding", &compute.ImageIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// Role: pulumi.String("roles/compute.imageUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewImageIamBinding(ctx, "binding", &compute.ImageIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// Role: pulumi.String("roles/compute.imageUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &compute.ImageIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_image\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewImageIamMember(ctx, "member", &compute.ImageIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// Role: pulumi.String("roles/compute.imageUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewImageIamMember(ctx, "member", &compute.ImageIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Image: pulumi.Any(example.Name), +// Role: pulumi.String("roles/compute.imageUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &compute.ImageIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -304,18 +533,6 @@ type ImageIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -364,18 +581,6 @@ type imageIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -389,18 +594,6 @@ type ImageIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -416,18 +609,6 @@ type imageIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -440,18 +621,6 @@ type ImageIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -560,18 +729,6 @@ func (o ImageIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ImageIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ImageIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/instanceIAMBinding.go b/sdk/go/gcp/compute/instanceIAMBinding.go index 2b02b92df2..fc81862330 100644 --- a/sdk/go/gcp/compute/instanceIAMBinding.go +++ b/sdk/go/gcp/compute/instanceIAMBinding.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_compute\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.osLogin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewInstanceIAMPolicy(ctx, "policy", &compute.InstanceIAMPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.osLogin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewInstanceIAMPolicy(ctx, "policy", &compute.InstanceIAMPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewInstanceIAMBinding(ctx, "binding", &compute.InstanceIAMBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/compute.osLogin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewInstanceIAMBinding(ctx, "binding", &compute.InstanceIAMBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/compute.osLogin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &compute.InstanceIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewInstanceIAMMember(ctx, "member", &compute.InstanceIAMMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/compute.osLogin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewInstanceIAMMember(ctx, "member", &compute.InstanceIAMMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/compute.osLogin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &compute.InstanceIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -309,13 +544,9 @@ type InstanceIAMBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - InstanceName pulumi.StringOutput `pulumi:"instanceName"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + InstanceName pulumi.StringOutput `pulumi:"instanceName"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -325,6 +556,9 @@ type InstanceIAMBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -381,13 +615,9 @@ type instanceIAMBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - InstanceName *string `pulumi:"instanceName"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + InstanceName *string `pulumi:"instanceName"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -397,6 +627,9 @@ type instanceIAMBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -416,12 +649,8 @@ type InstanceIAMBindingState struct { Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to InstanceName pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -431,6 +660,9 @@ type InstanceIAMBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -451,13 +683,9 @@ type instanceIAMBindingArgs struct { // Structure is documented below. Condition *InstanceIAMBindingCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - InstanceName string `pulumi:"instanceName"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + InstanceName string `pulumi:"instanceName"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -467,6 +695,9 @@ type instanceIAMBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -485,12 +716,8 @@ type InstanceIAMBindingArgs struct { Condition InstanceIAMBindingConditionPtrInput // Used to find the parent resource to bind the IAM policy to InstanceName pulumi.StringInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -500,6 +727,9 @@ type InstanceIAMBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -614,24 +844,23 @@ func (o InstanceIAMBindingOutput) InstanceName() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIAMBinding) pulumi.StringOutput { return v.InstanceName }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o InstanceIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *InstanceIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o InstanceIAMBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIAMBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/instanceIAMMember.go b/sdk/go/gcp/compute/instanceIAMMember.go index 30ed0d59dd..0bf9ae2343 100644 --- a/sdk/go/gcp/compute/instanceIAMMember.go +++ b/sdk/go/gcp/compute/instanceIAMMember.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_compute\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.osLogin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewInstanceIAMPolicy(ctx, "policy", &compute.InstanceIAMPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.osLogin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewInstanceIAMPolicy(ctx, "policy", &compute.InstanceIAMPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewInstanceIAMBinding(ctx, "binding", &compute.InstanceIAMBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/compute.osLogin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewInstanceIAMBinding(ctx, "binding", &compute.InstanceIAMBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/compute.osLogin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &compute.InstanceIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewInstanceIAMMember(ctx, "member", &compute.InstanceIAMMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/compute.osLogin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewInstanceIAMMember(ctx, "member", &compute.InstanceIAMMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/compute.osLogin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &compute.InstanceIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -310,12 +545,8 @@ type InstanceIAMMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to InstanceName pulumi.StringOutput `pulumi:"instanceName"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -325,6 +556,9 @@ type InstanceIAMMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -382,12 +616,8 @@ type instanceIAMMemberState struct { Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to InstanceName *string `pulumi:"instanceName"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -397,6 +627,9 @@ type instanceIAMMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -416,12 +649,8 @@ type InstanceIAMMemberState struct { Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to InstanceName pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -431,6 +660,9 @@ type InstanceIAMMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -452,12 +684,8 @@ type instanceIAMMemberArgs struct { Condition *InstanceIAMMemberCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to InstanceName string `pulumi:"instanceName"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -467,6 +695,9 @@ type instanceIAMMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -485,12 +716,8 @@ type InstanceIAMMemberArgs struct { Condition InstanceIAMMemberConditionPtrInput // Used to find the parent resource to bind the IAM policy to InstanceName pulumi.StringInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -500,6 +727,9 @@ type InstanceIAMMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -614,24 +844,23 @@ func (o InstanceIAMMemberOutput) InstanceName() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIAMMember) pulumi.StringOutput { return v.InstanceName }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o InstanceIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o InstanceIAMMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIAMMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/instanceIAMPolicy.go b/sdk/go/gcp/compute/instanceIAMPolicy.go index ce40115c44..d8dd580e74 100644 --- a/sdk/go/gcp/compute/instanceIAMPolicy.go +++ b/sdk/go/gcp/compute/instanceIAMPolicy.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_compute\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.osLogin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewInstanceIAMPolicy(ctx, "policy", &compute.InstanceIAMPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.osLogin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewInstanceIAMPolicy(ctx, "policy", &compute.InstanceIAMPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewInstanceIAMBinding(ctx, "binding", &compute.InstanceIAMBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/compute.osLogin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewInstanceIAMBinding(ctx, "binding", &compute.InstanceIAMBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/compute.osLogin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &compute.InstanceIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewInstanceIAMMember(ctx, "member", &compute.InstanceIAMMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/compute.osLogin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewInstanceIAMMember(ctx, "member", &compute.InstanceIAMMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// InstanceName: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/compute.osLogin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &compute.InstanceIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -312,18 +547,6 @@ type InstanceIAMPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no @@ -376,18 +599,6 @@ type instanceIAMPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no @@ -405,18 +616,6 @@ type InstanceIAMPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no @@ -436,18 +635,6 @@ type instanceIAMPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no @@ -464,18 +651,6 @@ type InstanceIAMPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no @@ -588,18 +763,6 @@ func (o InstanceIAMPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o InstanceIAMPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIAMPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/machineImageIamBinding.go b/sdk/go/gcp/compute/machineImageIamBinding.go index 06931eae41..3ccf50cbe1 100644 --- a/sdk/go/gcp/compute/machineImageIamBinding.go +++ b/sdk/go/gcp/compute/machineImageIamBinding.go @@ -256,6 +256,235 @@ import ( // ``` // // +// ## google\_compute\_machine\_image\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewMachineImageIamPolicy(ctx, "policy", &compute.MachineImageIamPolicyArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewMachineImageIamPolicy(ctx, "policy", &compute.MachineImageIamPolicyArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_machine\_image\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewMachineImageIamBinding(ctx, "binding", &compute.MachineImageIamBindingArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// Role: pulumi.String("roles/compute.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewMachineImageIamBinding(ctx, "binding", &compute.MachineImageIamBindingArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// Role: pulumi.String("roles/compute.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &compute.MachineImageIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_machine\_image\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewMachineImageIamMember(ctx, "member", &compute.MachineImageIamMemberArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// Role: pulumi.String("roles/compute.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewMachineImageIamMember(ctx, "member", &compute.MachineImageIamMemberArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// Role: pulumi.String("roles/compute.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &compute.MachineImageIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -300,13 +529,9 @@ type MachineImageIamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - MachineImage pulumi.StringOutput `pulumi:"machineImage"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + MachineImage pulumi.StringOutput `pulumi:"machineImage"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -316,6 +541,9 @@ type MachineImageIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -368,13 +596,9 @@ type machineImageIamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - MachineImage *string `pulumi:"machineImage"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + MachineImage *string `pulumi:"machineImage"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -384,6 +608,9 @@ type machineImageIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -399,12 +626,8 @@ type MachineImageIamBindingState struct { Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to MachineImage pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -414,6 +637,9 @@ type MachineImageIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -430,13 +656,9 @@ type machineImageIamBindingArgs struct { // Structure is documented below. Condition *MachineImageIamBindingCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - MachineImage string `pulumi:"machineImage"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + MachineImage string `pulumi:"machineImage"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -446,6 +668,9 @@ type machineImageIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -460,12 +685,8 @@ type MachineImageIamBindingArgs struct { Condition MachineImageIamBindingConditionPtrInput // Used to find the parent resource to bind the IAM policy to MachineImage pulumi.StringInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -475,6 +696,9 @@ type MachineImageIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -585,24 +809,23 @@ func (o MachineImageIamBindingOutput) MachineImage() pulumi.StringOutput { return o.ApplyT(func(v *MachineImageIamBinding) pulumi.StringOutput { return v.MachineImage }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MachineImageIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *MachineImageIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MachineImageIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *MachineImageIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/machineImageIamMember.go b/sdk/go/gcp/compute/machineImageIamMember.go index f2496e3a6d..ff420dfc9e 100644 --- a/sdk/go/gcp/compute/machineImageIamMember.go +++ b/sdk/go/gcp/compute/machineImageIamMember.go @@ -256,6 +256,235 @@ import ( // ``` // // +// ## google\_compute\_machine\_image\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewMachineImageIamPolicy(ctx, "policy", &compute.MachineImageIamPolicyArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewMachineImageIamPolicy(ctx, "policy", &compute.MachineImageIamPolicyArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_machine\_image\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewMachineImageIamBinding(ctx, "binding", &compute.MachineImageIamBindingArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// Role: pulumi.String("roles/compute.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewMachineImageIamBinding(ctx, "binding", &compute.MachineImageIamBindingArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// Role: pulumi.String("roles/compute.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &compute.MachineImageIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_machine\_image\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewMachineImageIamMember(ctx, "member", &compute.MachineImageIamMemberArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// Role: pulumi.String("roles/compute.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewMachineImageIamMember(ctx, "member", &compute.MachineImageIamMemberArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// Role: pulumi.String("roles/compute.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &compute.MachineImageIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -301,12 +530,8 @@ type MachineImageIamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to MachineImage pulumi.StringOutput `pulumi:"machineImage"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -316,6 +541,9 @@ type MachineImageIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -369,12 +597,8 @@ type machineImageIamMemberState struct { Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to MachineImage *string `pulumi:"machineImage"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -384,6 +608,9 @@ type machineImageIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -399,12 +626,8 @@ type MachineImageIamMemberState struct { Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to MachineImage pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -414,6 +637,9 @@ type MachineImageIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -431,12 +657,8 @@ type machineImageIamMemberArgs struct { Condition *MachineImageIamMemberCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to MachineImage string `pulumi:"machineImage"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -446,6 +668,9 @@ type machineImageIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -460,12 +685,8 @@ type MachineImageIamMemberArgs struct { Condition MachineImageIamMemberConditionPtrInput // Used to find the parent resource to bind the IAM policy to MachineImage pulumi.StringInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -475,6 +696,9 @@ type MachineImageIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format @@ -585,24 +809,23 @@ func (o MachineImageIamMemberOutput) MachineImage() pulumi.StringOutput { return o.ApplyT(func(v *MachineImageIamMember) pulumi.StringOutput { return v.MachineImage }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MachineImageIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *MachineImageIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MachineImageIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *MachineImageIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/machineImageIamPolicy.go b/sdk/go/gcp/compute/machineImageIamPolicy.go index dabd3e3a07..b5cfbfa587 100644 --- a/sdk/go/gcp/compute/machineImageIamPolicy.go +++ b/sdk/go/gcp/compute/machineImageIamPolicy.go @@ -256,6 +256,235 @@ import ( // ``` // // +// ## google\_compute\_machine\_image\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewMachineImageIamPolicy(ctx, "policy", &compute.MachineImageIamPolicyArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewMachineImageIamPolicy(ctx, "policy", &compute.MachineImageIamPolicyArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_machine\_image\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewMachineImageIamBinding(ctx, "binding", &compute.MachineImageIamBindingArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// Role: pulumi.String("roles/compute.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewMachineImageIamBinding(ctx, "binding", &compute.MachineImageIamBindingArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// Role: pulumi.String("roles/compute.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &compute.MachineImageIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_machine\_image\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewMachineImageIamMember(ctx, "member", &compute.MachineImageIamMemberArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// Role: pulumi.String("roles/compute.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewMachineImageIamMember(ctx, "member", &compute.MachineImageIamMemberArgs{ +// Project: pulumi.Any(image.Project), +// MachineImage: pulumi.Any(image.Name), +// Role: pulumi.String("roles/compute.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &compute.MachineImageIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -303,18 +532,6 @@ type MachineImageIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -363,18 +580,6 @@ type machineImageIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -388,18 +593,6 @@ type MachineImageIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -415,18 +608,6 @@ type machineImageIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -439,18 +620,6 @@ type MachineImageIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -559,18 +728,6 @@ func (o MachineImageIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MachineImageIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *MachineImageIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/regionBackendServiceIamBinding.go b/sdk/go/gcp/compute/regionBackendServiceIamBinding.go index adea881279..0f0c3c16c8 100644 --- a/sdk/go/gcp/compute/regionBackendServiceIamBinding.go +++ b/sdk/go/gcp/compute/regionBackendServiceIamBinding.go @@ -56,15 +56,9 @@ type RegionBackendServiceIamBinding struct { // Structure is documented below. Condition RegionBackendServiceIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,6 +68,11 @@ type RegionBackendServiceIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -127,15 +126,9 @@ type regionBackendServiceIamBindingState struct { // Structure is documented below. Condition *RegionBackendServiceIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -145,6 +138,11 @@ type regionBackendServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -163,15 +161,9 @@ type RegionBackendServiceIamBindingState struct { // Structure is documented below. Condition RegionBackendServiceIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -181,6 +173,11 @@ type RegionBackendServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -202,14 +199,8 @@ type regionBackendServiceIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *RegionBackendServiceIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -219,6 +210,11 @@ type regionBackendServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -237,14 +233,8 @@ type RegionBackendServiceIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition RegionBackendServiceIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -254,6 +244,11 @@ type RegionBackendServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -367,6 +362,17 @@ func (o RegionBackendServiceIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *RegionBackendServiceIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RegionBackendServiceIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *RegionBackendServiceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -378,18 +384,6 @@ func (o RegionBackendServiceIamBindingOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RegionBackendServiceIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RegionBackendServiceIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/regionBackendServiceIamMember.go b/sdk/go/gcp/compute/regionBackendServiceIamMember.go index 01cd9df422..e3fc2d09e3 100644 --- a/sdk/go/gcp/compute/regionBackendServiceIamMember.go +++ b/sdk/go/gcp/compute/regionBackendServiceIamMember.go @@ -56,15 +56,9 @@ type RegionBackendServiceIamMember struct { // Structure is documented below. Condition RegionBackendServiceIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,6 +68,11 @@ type RegionBackendServiceIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -127,15 +126,9 @@ type regionBackendServiceIamMemberState struct { // Structure is documented below. Condition *RegionBackendServiceIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -145,6 +138,11 @@ type regionBackendServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -163,15 +161,9 @@ type RegionBackendServiceIamMemberState struct { // Structure is documented below. Condition RegionBackendServiceIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -181,6 +173,11 @@ type RegionBackendServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -202,14 +199,8 @@ type regionBackendServiceIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *RegionBackendServiceIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -219,6 +210,11 @@ type regionBackendServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -237,14 +233,8 @@ type RegionBackendServiceIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition RegionBackendServiceIamMemberConditionPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -254,6 +244,11 @@ type RegionBackendServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -367,6 +362,17 @@ func (o RegionBackendServiceIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *RegionBackendServiceIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RegionBackendServiceIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *RegionBackendServiceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -378,18 +384,6 @@ func (o RegionBackendServiceIamMemberOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RegionBackendServiceIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RegionBackendServiceIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/regionBackendServiceIamPolicy.go b/sdk/go/gcp/compute/regionBackendServiceIamPolicy.go index 5e209d8764..2bf60cffd1 100644 --- a/sdk/go/gcp/compute/regionBackendServiceIamPolicy.go +++ b/sdk/go/gcp/compute/regionBackendServiceIamPolicy.go @@ -61,18 +61,6 @@ type RegionBackendServiceIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -124,18 +112,6 @@ type regionBackendServiceIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -155,18 +131,6 @@ type RegionBackendServiceIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -188,18 +152,6 @@ type regionBackendServiceIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -218,18 +170,6 @@ type RegionBackendServiceIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The Region in which the created backend service should reside. // If it is not provided, the provider region is used. @@ -344,18 +284,6 @@ func (o RegionBackendServiceIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RegionBackendServiceIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RegionBackendServiceIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/regionDiskIamBinding.go b/sdk/go/gcp/compute/regionDiskIamBinding.go index 7eda404a04..5e550e8047 100644 --- a/sdk/go/gcp/compute/regionDiskIamBinding.go +++ b/sdk/go/gcp/compute/regionDiskIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_compute\_disk\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewDiskIamPolicy(ctx, "policy", &compute.DiskIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_disk\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewDiskIamBinding(ctx, "binding", &compute.DiskIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_disk\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewDiskIamMember(ctx, "member", &compute.DiskIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -179,15 +290,9 @@ type RegionDiskIamBinding struct { Condition RegionDiskIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,6 +302,11 @@ type RegionDiskIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // The role that should be applied. Only one @@ -243,15 +353,9 @@ func GetRegionDiskIamBinding(ctx *pulumi.Context, type regionDiskIamBindingState struct { Condition *RegionDiskIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -261,6 +365,11 @@ type regionDiskIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -272,15 +381,9 @@ type regionDiskIamBindingState struct { type RegionDiskIamBindingState struct { Condition RegionDiskIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -290,6 +393,11 @@ type RegionDiskIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -304,14 +412,8 @@ func (RegionDiskIamBindingState) ElementType() reflect.Type { type regionDiskIamBindingArgs struct { Condition *RegionDiskIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -321,6 +423,11 @@ type regionDiskIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -332,14 +439,8 @@ type regionDiskIamBindingArgs struct { // The set of arguments for constructing a RegionDiskIamBinding resource. type RegionDiskIamBindingArgs struct { Condition RegionDiskIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -349,6 +450,11 @@ type RegionDiskIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -453,6 +559,17 @@ func (o RegionDiskIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *RegionDiskIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RegionDiskIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *RegionDiskIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -464,18 +581,6 @@ func (o RegionDiskIamBindingOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RegionDiskIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RegionDiskIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/regionDiskIamMember.go b/sdk/go/gcp/compute/regionDiskIamMember.go index 6c9d58b9d2..90ace62333 100644 --- a/sdk/go/gcp/compute/regionDiskIamMember.go +++ b/sdk/go/gcp/compute/regionDiskIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_compute\_disk\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewDiskIamPolicy(ctx, "policy", &compute.DiskIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_disk\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewDiskIamBinding(ctx, "binding", &compute.DiskIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_disk\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewDiskIamMember(ctx, "member", &compute.DiskIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -179,15 +290,9 @@ type RegionDiskIamMember struct { Condition RegionDiskIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,6 +302,11 @@ type RegionDiskIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // The role that should be applied. Only one @@ -243,15 +353,9 @@ func GetRegionDiskIamMember(ctx *pulumi.Context, type regionDiskIamMemberState struct { Condition *RegionDiskIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -261,6 +365,11 @@ type regionDiskIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -272,15 +381,9 @@ type regionDiskIamMemberState struct { type RegionDiskIamMemberState struct { Condition RegionDiskIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -290,6 +393,11 @@ type RegionDiskIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -304,14 +412,8 @@ func (RegionDiskIamMemberState) ElementType() reflect.Type { type regionDiskIamMemberArgs struct { Condition *RegionDiskIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -321,6 +423,11 @@ type regionDiskIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -332,14 +439,8 @@ type regionDiskIamMemberArgs struct { // The set of arguments for constructing a RegionDiskIamMember resource. type RegionDiskIamMemberArgs struct { Condition RegionDiskIamMemberConditionPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -349,6 +450,11 @@ type RegionDiskIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -453,6 +559,17 @@ func (o RegionDiskIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *RegionDiskIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RegionDiskIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *RegionDiskIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -464,18 +581,6 @@ func (o RegionDiskIamMemberOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RegionDiskIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RegionDiskIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/regionDiskIamPolicy.go b/sdk/go/gcp/compute/regionDiskIamPolicy.go index 3daf13a257..314bb3e821 100644 --- a/sdk/go/gcp/compute/regionDiskIamPolicy.go +++ b/sdk/go/gcp/compute/regionDiskIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_compute\_disk\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewDiskIamPolicy(ctx, "policy", &compute.DiskIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_disk\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewDiskIamBinding(ctx, "binding", &compute.DiskIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_disk\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewDiskIamMember(ctx, "member", &compute.DiskIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Zone: pulumi.Any(_default.Zone), +// Name: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -186,18 +297,6 @@ type RegionDiskIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` } @@ -244,18 +343,6 @@ type regionDiskIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Region *string `pulumi:"region"` } @@ -270,18 +357,6 @@ type RegionDiskIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Region pulumi.StringPtrInput } @@ -298,18 +373,6 @@ type regionDiskIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Region *string `pulumi:"region"` } @@ -323,18 +386,6 @@ type RegionDiskIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Region pulumi.StringPtrInput } @@ -444,18 +495,6 @@ func (o RegionDiskIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RegionDiskIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RegionDiskIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/snapshotIamBinding.go b/sdk/go/gcp/compute/snapshotIamBinding.go index 7de919b6b2..f2c3c4fc6e 100644 --- a/sdk/go/gcp/compute/snapshotIamBinding.go +++ b/sdk/go/gcp/compute/snapshotIamBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_compute\_snapshot\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewSnapshotIamPolicy(ctx, "policy", &compute.SnapshotIamPolicyArgs{ +// Project: pulumi.Any(snapshot.Project), +// Name: pulumi.Any(snapshot.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_snapshot\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSnapshotIamBinding(ctx, "binding", &compute.SnapshotIamBindingArgs{ +// Project: pulumi.Any(snapshot.Project), +// Name: pulumi.Any(snapshot.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_snapshot\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSnapshotIamMember(ctx, "member", &compute.SnapshotIamMemberArgs{ +// Project: pulumi.Any(snapshot.Project), +// Name: pulumi.Any(snapshot.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,15 +282,9 @@ type SnapshotIamBinding struct { Condition SnapshotIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,6 +294,11 @@ type SnapshotIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format @@ -237,15 +344,9 @@ func GetSnapshotIamBinding(ctx *pulumi.Context, type snapshotIamBindingState struct { Condition *SnapshotIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,6 +356,11 @@ type snapshotIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format @@ -265,15 +371,9 @@ type snapshotIamBindingState struct { type SnapshotIamBindingState struct { Condition SnapshotIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -283,6 +383,11 @@ type SnapshotIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format @@ -296,14 +401,8 @@ func (SnapshotIamBindingState) ElementType() reflect.Type { type snapshotIamBindingArgs struct { Condition *SnapshotIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -313,6 +412,11 @@ type snapshotIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format @@ -323,14 +427,8 @@ type snapshotIamBindingArgs struct { // The set of arguments for constructing a SnapshotIamBinding resource. type SnapshotIamBindingArgs struct { Condition SnapshotIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -340,6 +438,11 @@ type SnapshotIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format @@ -443,6 +546,17 @@ func (o SnapshotIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *SnapshotIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SnapshotIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *SnapshotIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -454,18 +568,6 @@ func (o SnapshotIamBindingOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SnapshotIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *SnapshotIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/snapshotIamMember.go b/sdk/go/gcp/compute/snapshotIamMember.go index 7daf69b776..49b483c374 100644 --- a/sdk/go/gcp/compute/snapshotIamMember.go +++ b/sdk/go/gcp/compute/snapshotIamMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_compute\_snapshot\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewSnapshotIamPolicy(ctx, "policy", &compute.SnapshotIamPolicyArgs{ +// Project: pulumi.Any(snapshot.Project), +// Name: pulumi.Any(snapshot.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_snapshot\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSnapshotIamBinding(ctx, "binding", &compute.SnapshotIamBindingArgs{ +// Project: pulumi.Any(snapshot.Project), +// Name: pulumi.Any(snapshot.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_snapshot\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSnapshotIamMember(ctx, "member", &compute.SnapshotIamMemberArgs{ +// Project: pulumi.Any(snapshot.Project), +// Name: pulumi.Any(snapshot.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,15 +282,9 @@ type SnapshotIamMember struct { Condition SnapshotIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,6 +294,11 @@ type SnapshotIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format @@ -237,15 +344,9 @@ func GetSnapshotIamMember(ctx *pulumi.Context, type snapshotIamMemberState struct { Condition *SnapshotIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,6 +356,11 @@ type snapshotIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format @@ -265,15 +371,9 @@ type snapshotIamMemberState struct { type SnapshotIamMemberState struct { Condition SnapshotIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -283,6 +383,11 @@ type SnapshotIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format @@ -296,14 +401,8 @@ func (SnapshotIamMemberState) ElementType() reflect.Type { type snapshotIamMemberArgs struct { Condition *SnapshotIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -313,6 +412,11 @@ type snapshotIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format @@ -323,14 +427,8 @@ type snapshotIamMemberArgs struct { // The set of arguments for constructing a SnapshotIamMember resource. type SnapshotIamMemberArgs struct { Condition SnapshotIamMemberConditionPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -340,6 +438,11 @@ type SnapshotIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format @@ -443,6 +546,17 @@ func (o SnapshotIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *SnapshotIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SnapshotIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *SnapshotIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -454,18 +568,6 @@ func (o SnapshotIamMemberOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SnapshotIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *SnapshotIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/snapshotIamPolicy.go b/sdk/go/gcp/compute/snapshotIamPolicy.go index 93ca265492..803ea78a12 100644 --- a/sdk/go/gcp/compute/snapshotIamPolicy.go +++ b/sdk/go/gcp/compute/snapshotIamPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_compute\_snapshot\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewSnapshotIamPolicy(ctx, "policy", &compute.SnapshotIamPolicyArgs{ +// Project: pulumi.Any(snapshot.Project), +// Name: pulumi.Any(snapshot.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_snapshot\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSnapshotIamBinding(ctx, "binding", &compute.SnapshotIamBindingArgs{ +// Project: pulumi.Any(snapshot.Project), +// Name: pulumi.Any(snapshot.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_compute\_snapshot\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSnapshotIamMember(ctx, "member", &compute.SnapshotIamMemberArgs{ +// Project: pulumi.Any(snapshot.Project), +// Name: pulumi.Any(snapshot.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,18 +289,6 @@ type SnapshotIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -238,18 +334,6 @@ type snapshotIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -263,18 +347,6 @@ type SnapshotIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -290,18 +362,6 @@ type snapshotIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -314,18 +374,6 @@ type SnapshotIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -434,18 +482,6 @@ func (o SnapshotIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SnapshotIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *SnapshotIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/subnetworkIAMBinding.go b/sdk/go/gcp/compute/subnetworkIAMBinding.go index d251f82bca..4d2015bf1d 100644 --- a/sdk/go/gcp/compute/subnetworkIAMBinding.go +++ b/sdk/go/gcp/compute/subnetworkIAMBinding.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_compute\_subnetwork\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.networkUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewSubnetworkIAMPolicy(ctx, "policy", &compute.SubnetworkIAMPolicyArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.networkUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewSubnetworkIAMPolicy(ctx, "policy", &compute.SubnetworkIAMPolicyArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_subnetwork\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSubnetworkIAMBinding(ctx, "binding", &compute.SubnetworkIAMBindingArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// Role: pulumi.String("roles/compute.networkUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSubnetworkIAMBinding(ctx, "binding", &compute.SubnetworkIAMBindingArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// Role: pulumi.String("roles/compute.networkUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &compute.SubnetworkIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_subnetwork\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSubnetworkIAMMember(ctx, "member", &compute.SubnetworkIAMMemberArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// Role: pulumi.String("roles/compute.networkUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSubnetworkIAMMember(ctx, "member", &compute.SubnetworkIAMMemberArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// Role: pulumi.String("roles/compute.networkUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &compute.SubnetworkIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -307,13 +542,9 @@ type SubnetworkIAMBinding struct { // Structure is documented below. Condition SubnetworkIAMBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -323,6 +554,9 @@ type SubnetworkIAMBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -380,13 +614,9 @@ type subnetworkIAMBindingState struct { // Structure is documented below. Condition *SubnetworkIAMBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -396,6 +626,9 @@ type subnetworkIAMBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -415,13 +648,9 @@ type SubnetworkIAMBindingState struct { // Structure is documented below. Condition SubnetworkIAMBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -431,6 +660,9 @@ type SubnetworkIAMBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -453,12 +685,8 @@ type subnetworkIAMBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *SubnetworkIAMBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -468,6 +696,9 @@ type subnetworkIAMBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -487,12 +718,8 @@ type SubnetworkIAMBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition SubnetworkIAMBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -502,6 +729,9 @@ type SubnetworkIAMBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -614,24 +844,23 @@ func (o SubnetworkIAMBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *SubnetworkIAMBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SubnetworkIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *SubnetworkIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SubnetworkIAMBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *SubnetworkIAMBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/subnetworkIAMMember.go b/sdk/go/gcp/compute/subnetworkIAMMember.go index 64e35cdada..1151772714 100644 --- a/sdk/go/gcp/compute/subnetworkIAMMember.go +++ b/sdk/go/gcp/compute/subnetworkIAMMember.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_compute\_subnetwork\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.networkUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewSubnetworkIAMPolicy(ctx, "policy", &compute.SubnetworkIAMPolicyArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.networkUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewSubnetworkIAMPolicy(ctx, "policy", &compute.SubnetworkIAMPolicyArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_subnetwork\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSubnetworkIAMBinding(ctx, "binding", &compute.SubnetworkIAMBindingArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// Role: pulumi.String("roles/compute.networkUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSubnetworkIAMBinding(ctx, "binding", &compute.SubnetworkIAMBindingArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// Role: pulumi.String("roles/compute.networkUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &compute.SubnetworkIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_subnetwork\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSubnetworkIAMMember(ctx, "member", &compute.SubnetworkIAMMemberArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// Role: pulumi.String("roles/compute.networkUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSubnetworkIAMMember(ctx, "member", &compute.SubnetworkIAMMemberArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// Role: pulumi.String("roles/compute.networkUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &compute.SubnetworkIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -307,13 +542,9 @@ type SubnetworkIAMMember struct { // Structure is documented below. Condition SubnetworkIAMMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -323,6 +554,9 @@ type SubnetworkIAMMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -380,13 +614,9 @@ type subnetworkIAMMemberState struct { // Structure is documented below. Condition *SubnetworkIAMMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -396,6 +626,9 @@ type subnetworkIAMMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -415,13 +648,9 @@ type SubnetworkIAMMemberState struct { // Structure is documented below. Condition SubnetworkIAMMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -431,6 +660,9 @@ type SubnetworkIAMMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -453,12 +685,8 @@ type subnetworkIAMMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *SubnetworkIAMMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -468,6 +696,9 @@ type subnetworkIAMMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -487,12 +718,8 @@ type SubnetworkIAMMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition SubnetworkIAMMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -502,6 +729,9 @@ type SubnetworkIAMMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -614,24 +844,23 @@ func (o SubnetworkIAMMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *SubnetworkIAMMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SubnetworkIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *SubnetworkIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SubnetworkIAMMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *SubnetworkIAMMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/compute/subnetworkIAMPolicy.go b/sdk/go/gcp/compute/subnetworkIAMPolicy.go index b0d362397d..5a1dafeaf8 100644 --- a/sdk/go/gcp/compute/subnetworkIAMPolicy.go +++ b/sdk/go/gcp/compute/subnetworkIAMPolicy.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_compute\_subnetwork\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.networkUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewSubnetworkIAMPolicy(ctx, "policy", &compute.SubnetworkIAMPolicyArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.networkUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = compute.NewSubnetworkIAMPolicy(ctx, "policy", &compute.SubnetworkIAMPolicyArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_subnetwork\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSubnetworkIAMBinding(ctx, "binding", &compute.SubnetworkIAMBindingArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// Role: pulumi.String("roles/compute.networkUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSubnetworkIAMBinding(ctx, "binding", &compute.SubnetworkIAMBindingArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// Role: pulumi.String("roles/compute.networkUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &compute.SubnetworkIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_compute\_subnetwork\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSubnetworkIAMMember(ctx, "member", &compute.SubnetworkIAMMemberArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// Role: pulumi.String("roles/compute.networkUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := compute.NewSubnetworkIAMMember(ctx, "member", &compute.SubnetworkIAMMemberArgs{ +// Project: pulumi.Any(network_with_private_secondary_ip_ranges.Project), +// Region: pulumi.Any(network_with_private_secondary_ip_ranges.Region), +// Subnetwork: pulumi.Any(network_with_private_secondary_ip_ranges.Name), +// Role: pulumi.String("roles/compute.networkUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &compute.SubnetworkIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -310,18 +545,6 @@ type SubnetworkIAMPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -375,18 +598,6 @@ type subnetworkIAMPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -405,18 +616,6 @@ type SubnetworkIAMPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -437,18 +636,6 @@ type subnetworkIAMPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -466,18 +653,6 @@ type SubnetworkIAMPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The GCP region for this subnetwork. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -588,18 +763,6 @@ func (o SubnetworkIAMPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SubnetworkIAMPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *SubnetworkIAMPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/containeranalysis/noteIamBinding.go b/sdk/go/gcp/containeranalysis/noteIamBinding.go index 9830cd87d0..b553008e75 100644 --- a/sdk/go/gcp/containeranalysis/noteIamBinding.go +++ b/sdk/go/gcp/containeranalysis/noteIamBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_container\_analysis\_note\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/containeranalysis.notes.occurrences.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = containeranalysis.NewNoteIamPolicy(ctx, "policy", &containeranalysis.NoteIamPolicyArgs{ +// Project: pulumi.Any(note.Project), +// Note: pulumi.Any(note.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_container\_analysis\_note\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := containeranalysis.NewNoteIamBinding(ctx, "binding", &containeranalysis.NoteIamBindingArgs{ +// Project: pulumi.Any(note.Project), +// Note: pulumi.Any(note.Name), +// Role: pulumi.String("roles/containeranalysis.notes.occurrences.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_container\_analysis\_note\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := containeranalysis.NewNoteIamMember(ctx, "member", &containeranalysis.NoteIamMemberArgs{ +// Project: pulumi.Any(note.Project), +// Note: pulumi.Any(note.Name), +// Role: pulumi.String("roles/containeranalysis.notes.occurrences.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,15 +282,9 @@ type NoteIamBinding struct { Condition NoteIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Note pulumi.StringOutput `pulumi:"note"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,6 +294,11 @@ type NoteIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Note pulumi.StringOutput `pulumi:"note"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format @@ -240,15 +347,9 @@ func GetNoteIamBinding(ctx *pulumi.Context, type noteIamBindingState struct { Condition *NoteIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Note *string `pulumi:"note"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,6 +359,11 @@ type noteIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Note *string `pulumi:"note"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format @@ -268,15 +374,9 @@ type noteIamBindingState struct { type NoteIamBindingState struct { Condition NoteIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Note pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -286,6 +386,11 @@ type NoteIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Note pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format @@ -299,14 +404,8 @@ func (NoteIamBindingState) ElementType() reflect.Type { type noteIamBindingArgs struct { Condition *NoteIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Note string `pulumi:"note"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -316,6 +415,11 @@ type noteIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Note string `pulumi:"note"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format @@ -326,14 +430,8 @@ type noteIamBindingArgs struct { // The set of arguments for constructing a NoteIamBinding resource. type NoteIamBindingArgs struct { Condition NoteIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Note pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -343,6 +441,11 @@ type NoteIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Note pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format @@ -446,6 +549,17 @@ func (o NoteIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *NoteIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o NoteIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *NoteIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -457,18 +571,6 @@ func (o NoteIamBindingOutput) Note() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o NoteIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *NoteIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/containeranalysis/noteIamMember.go b/sdk/go/gcp/containeranalysis/noteIamMember.go index 30312d4fea..dcb8444102 100644 --- a/sdk/go/gcp/containeranalysis/noteIamMember.go +++ b/sdk/go/gcp/containeranalysis/noteIamMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_container\_analysis\_note\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/containeranalysis.notes.occurrences.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = containeranalysis.NewNoteIamPolicy(ctx, "policy", &containeranalysis.NoteIamPolicyArgs{ +// Project: pulumi.Any(note.Project), +// Note: pulumi.Any(note.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_container\_analysis\_note\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := containeranalysis.NewNoteIamBinding(ctx, "binding", &containeranalysis.NoteIamBindingArgs{ +// Project: pulumi.Any(note.Project), +// Note: pulumi.Any(note.Name), +// Role: pulumi.String("roles/containeranalysis.notes.occurrences.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_container\_analysis\_note\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := containeranalysis.NewNoteIamMember(ctx, "member", &containeranalysis.NoteIamMemberArgs{ +// Project: pulumi.Any(note.Project), +// Note: pulumi.Any(note.Name), +// Role: pulumi.String("roles/containeranalysis.notes.occurrences.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,15 +282,9 @@ type NoteIamMember struct { Condition NoteIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Note pulumi.StringOutput `pulumi:"note"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,6 +294,11 @@ type NoteIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Note pulumi.StringOutput `pulumi:"note"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format @@ -240,15 +347,9 @@ func GetNoteIamMember(ctx *pulumi.Context, type noteIamMemberState struct { Condition *NoteIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Note *string `pulumi:"note"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,6 +359,11 @@ type noteIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Note *string `pulumi:"note"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format @@ -268,15 +374,9 @@ type noteIamMemberState struct { type NoteIamMemberState struct { Condition NoteIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Note pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -286,6 +386,11 @@ type NoteIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Note pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format @@ -299,14 +404,8 @@ func (NoteIamMemberState) ElementType() reflect.Type { type noteIamMemberArgs struct { Condition *NoteIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Note string `pulumi:"note"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -316,6 +415,11 @@ type noteIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Note string `pulumi:"note"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format @@ -326,14 +430,8 @@ type noteIamMemberArgs struct { // The set of arguments for constructing a NoteIamMember resource. type NoteIamMemberArgs struct { Condition NoteIamMemberConditionPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Note pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -343,6 +441,11 @@ type NoteIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Note pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format @@ -446,6 +549,17 @@ func (o NoteIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *NoteIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o NoteIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *NoteIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -457,18 +571,6 @@ func (o NoteIamMemberOutput) Note() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o NoteIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *NoteIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/containeranalysis/noteIamPolicy.go b/sdk/go/gcp/containeranalysis/noteIamPolicy.go index d357976e98..33f8c584da 100644 --- a/sdk/go/gcp/containeranalysis/noteIamPolicy.go +++ b/sdk/go/gcp/containeranalysis/noteIamPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_container\_analysis\_note\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/containeranalysis.notes.occurrences.viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = containeranalysis.NewNoteIamPolicy(ctx, "policy", &containeranalysis.NoteIamPolicyArgs{ +// Project: pulumi.Any(note.Project), +// Note: pulumi.Any(note.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_container\_analysis\_note\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := containeranalysis.NewNoteIamBinding(ctx, "binding", &containeranalysis.NoteIamBindingArgs{ +// Project: pulumi.Any(note.Project), +// Note: pulumi.Any(note.Name), +// Role: pulumi.String("roles/containeranalysis.notes.occurrences.viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_container\_analysis\_note\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := containeranalysis.NewNoteIamMember(ctx, "member", &containeranalysis.NoteIamMemberArgs{ +// Project: pulumi.Any(note.Project), +// Note: pulumi.Any(note.Name), +// Role: pulumi.String("roles/containeranalysis.notes.occurrences.viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,18 +289,6 @@ type NoteIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -241,18 +337,6 @@ type noteIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -266,18 +350,6 @@ type NoteIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -293,18 +365,6 @@ type noteIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -317,18 +377,6 @@ type NoteIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -437,18 +485,6 @@ func (o NoteIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o NoteIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *NoteIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/datacatalog/entryGroupIamBinding.go b/sdk/go/gcp/datacatalog/entryGroupIamBinding.go index ac06c0a767..14082b3617 100644 --- a/sdk/go/gcp/datacatalog/entryGroupIamBinding.go +++ b/sdk/go/gcp/datacatalog/entryGroupIamBinding.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_data\_catalog\_entry\_group\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = datacatalog.NewEntryGroupIamPolicy(ctx, "policy", &datacatalog.EntryGroupIamPolicyArgs{ +// EntryGroup: pulumi.Any(basicEntryGroup.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_entry\_group\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewEntryGroupIamBinding(ctx, "binding", &datacatalog.EntryGroupIamBindingArgs{ +// EntryGroup: pulumi.Any(basicEntryGroup.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_entry\_group\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewEntryGroupIamMember(ctx, "member", &datacatalog.EntryGroupIamMemberArgs{ +// EntryGroup: pulumi.Any(basicEntryGroup.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -175,13 +280,9 @@ type EntryGroupIamBinding struct { // Used to find the parent resource to bind the IAM policy to EntryGroup pulumi.StringOutput `pulumi:"entryGroup"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -191,6 +292,9 @@ type EntryGroupIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // The role that should be applied. Only one @@ -242,13 +346,9 @@ type entryGroupIamBindingState struct { // Used to find the parent resource to bind the IAM policy to EntryGroup *string `pulumi:"entryGroup"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,6 +358,9 @@ type entryGroupIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -271,13 +374,9 @@ type EntryGroupIamBindingState struct { // Used to find the parent resource to bind the IAM policy to EntryGroup pulumi.StringPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -287,6 +386,9 @@ type EntryGroupIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -302,13 +404,9 @@ func (EntryGroupIamBindingState) ElementType() reflect.Type { type entryGroupIamBindingArgs struct { Condition *EntryGroupIamBindingCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - EntryGroup string `pulumi:"entryGroup"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + EntryGroup string `pulumi:"entryGroup"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -318,6 +416,9 @@ type entryGroupIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -331,12 +432,8 @@ type EntryGroupIamBindingArgs struct { Condition EntryGroupIamBindingConditionPtrInput // Used to find the parent resource to bind the IAM policy to EntryGroup pulumi.StringInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -346,6 +443,9 @@ type EntryGroupIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -455,24 +555,23 @@ func (o EntryGroupIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *EntryGroupIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o EntryGroupIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *EntryGroupIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o EntryGroupIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *EntryGroupIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/datacatalog/entryGroupIamMember.go b/sdk/go/gcp/datacatalog/entryGroupIamMember.go index 5600710f4a..db8ead4129 100644 --- a/sdk/go/gcp/datacatalog/entryGroupIamMember.go +++ b/sdk/go/gcp/datacatalog/entryGroupIamMember.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_data\_catalog\_entry\_group\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = datacatalog.NewEntryGroupIamPolicy(ctx, "policy", &datacatalog.EntryGroupIamPolicyArgs{ +// EntryGroup: pulumi.Any(basicEntryGroup.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_entry\_group\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewEntryGroupIamBinding(ctx, "binding", &datacatalog.EntryGroupIamBindingArgs{ +// EntryGroup: pulumi.Any(basicEntryGroup.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_entry\_group\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewEntryGroupIamMember(ctx, "member", &datacatalog.EntryGroupIamMemberArgs{ +// EntryGroup: pulumi.Any(basicEntryGroup.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -175,13 +280,9 @@ type EntryGroupIamMember struct { // Used to find the parent resource to bind the IAM policy to EntryGroup pulumi.StringOutput `pulumi:"entryGroup"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -191,6 +292,9 @@ type EntryGroupIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // The role that should be applied. Only one @@ -242,13 +346,9 @@ type entryGroupIamMemberState struct { // Used to find the parent resource to bind the IAM policy to EntryGroup *string `pulumi:"entryGroup"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,6 +358,9 @@ type entryGroupIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -271,13 +374,9 @@ type EntryGroupIamMemberState struct { // Used to find the parent resource to bind the IAM policy to EntryGroup pulumi.StringPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -287,6 +386,9 @@ type EntryGroupIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -303,12 +405,8 @@ type entryGroupIamMemberArgs struct { Condition *EntryGroupIamMemberCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to EntryGroup string `pulumi:"entryGroup"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -318,6 +416,9 @@ type entryGroupIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -331,12 +432,8 @@ type EntryGroupIamMemberArgs struct { Condition EntryGroupIamMemberConditionPtrInput // Used to find the parent resource to bind the IAM policy to EntryGroup pulumi.StringInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -346,6 +443,9 @@ type EntryGroupIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -455,24 +555,23 @@ func (o EntryGroupIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *EntryGroupIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o EntryGroupIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *EntryGroupIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o EntryGroupIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *EntryGroupIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/datacatalog/entryGroupIamPolicy.go b/sdk/go/gcp/datacatalog/entryGroupIamPolicy.go index 84fef4dc66..61a367d08f 100644 --- a/sdk/go/gcp/datacatalog/entryGroupIamPolicy.go +++ b/sdk/go/gcp/datacatalog/entryGroupIamPolicy.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_data\_catalog\_entry\_group\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = datacatalog.NewEntryGroupIamPolicy(ctx, "policy", &datacatalog.EntryGroupIamPolicyArgs{ +// EntryGroup: pulumi.Any(basicEntryGroup.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_entry\_group\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewEntryGroupIamBinding(ctx, "binding", &datacatalog.EntryGroupIamBindingArgs{ +// EntryGroup: pulumi.Any(basicEntryGroup.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_entry\_group\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewEntryGroupIamMember(ctx, "member", &datacatalog.EntryGroupIamMemberArgs{ +// EntryGroup: pulumi.Any(basicEntryGroup.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -180,18 +285,6 @@ type EntryGroupIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` } @@ -241,18 +334,6 @@ type entryGroupIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Region *string `pulumi:"region"` } @@ -267,18 +348,6 @@ type EntryGroupIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Region pulumi.StringPtrInput } @@ -295,18 +364,6 @@ type entryGroupIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Region *string `pulumi:"region"` } @@ -320,18 +377,6 @@ type EntryGroupIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Region pulumi.StringPtrInput } @@ -441,18 +486,6 @@ func (o EntryGroupIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o EntryGroupIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *EntryGroupIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/datacatalog/policyTagIamBinding.go b/sdk/go/gcp/datacatalog/policyTagIamBinding.go index a9cff7fee2..546c73e75e 100644 --- a/sdk/go/gcp/datacatalog/policyTagIamBinding.go +++ b/sdk/go/gcp/datacatalog/policyTagIamBinding.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_data\_catalog\_policy\_tag\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = datacatalog.NewPolicyTagIamPolicy(ctx, "policy", &datacatalog.PolicyTagIamPolicyArgs{ +// PolicyTag: pulumi.Any(basicPolicyTag.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_policy\_tag\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewPolicyTagIamBinding(ctx, "binding", &datacatalog.PolicyTagIamBindingArgs{ +// PolicyTag: pulumi.Any(basicPolicyTag.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_policy\_tag\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewPolicyTagIamMember(ctx, "member", &datacatalog.PolicyTagIamMemberArgs{ +// PolicyTag: pulumi.Any(basicPolicyTag.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -167,12 +272,9 @@ type PolicyTagIamBinding struct { Condition PolicyTagIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -182,6 +284,8 @@ type PolicyTagIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to PolicyTag pulumi.StringOutput `pulumi:"policyTag"` // The role that should be applied. Only one // `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format @@ -230,12 +334,9 @@ func GetPolicyTagIamBinding(ctx *pulumi.Context, type policyTagIamBindingState struct { Condition *PolicyTagIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -245,6 +346,8 @@ type policyTagIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to PolicyTag *string `pulumi:"policyTag"` // The role that should be applied. Only one // `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format @@ -255,12 +358,9 @@ type policyTagIamBindingState struct { type PolicyTagIamBindingState struct { Condition PolicyTagIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -270,6 +370,8 @@ type PolicyTagIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to PolicyTag pulumi.StringPtrInput // The role that should be applied. Only one // `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format @@ -283,11 +385,8 @@ func (PolicyTagIamBindingState) ElementType() reflect.Type { type policyTagIamBindingArgs struct { Condition *PolicyTagIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +396,8 @@ type policyTagIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to PolicyTag string `pulumi:"policyTag"` // The role that should be applied. Only one // `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format @@ -307,11 +408,8 @@ type policyTagIamBindingArgs struct { // The set of arguments for constructing a PolicyTagIamBinding resource. type PolicyTagIamBindingArgs struct { Condition PolicyTagIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -321,6 +419,8 @@ type PolicyTagIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to PolicyTag pulumi.StringInput // The role that should be applied. Only one // `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format @@ -424,23 +524,22 @@ func (o PolicyTagIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *PolicyTagIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o PolicyTagIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *PolicyTagIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o PolicyTagIamBindingOutput) PolicyTag() pulumi.StringOutput { return o.ApplyT(func(v *PolicyTagIamBinding) pulumi.StringOutput { return v.PolicyTag }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/datacatalog/policyTagIamMember.go b/sdk/go/gcp/datacatalog/policyTagIamMember.go index b7e9c47911..ab566ea4be 100644 --- a/sdk/go/gcp/datacatalog/policyTagIamMember.go +++ b/sdk/go/gcp/datacatalog/policyTagIamMember.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_data\_catalog\_policy\_tag\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = datacatalog.NewPolicyTagIamPolicy(ctx, "policy", &datacatalog.PolicyTagIamPolicyArgs{ +// PolicyTag: pulumi.Any(basicPolicyTag.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_policy\_tag\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewPolicyTagIamBinding(ctx, "binding", &datacatalog.PolicyTagIamBindingArgs{ +// PolicyTag: pulumi.Any(basicPolicyTag.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_policy\_tag\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewPolicyTagIamMember(ctx, "member", &datacatalog.PolicyTagIamMemberArgs{ +// PolicyTag: pulumi.Any(basicPolicyTag.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -167,12 +272,9 @@ type PolicyTagIamMember struct { Condition PolicyTagIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -182,6 +284,8 @@ type PolicyTagIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to PolicyTag pulumi.StringOutput `pulumi:"policyTag"` // The role that should be applied. Only one // `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format @@ -230,12 +334,9 @@ func GetPolicyTagIamMember(ctx *pulumi.Context, type policyTagIamMemberState struct { Condition *PolicyTagIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -245,6 +346,8 @@ type policyTagIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to PolicyTag *string `pulumi:"policyTag"` // The role that should be applied. Only one // `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format @@ -255,12 +358,9 @@ type policyTagIamMemberState struct { type PolicyTagIamMemberState struct { Condition PolicyTagIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -270,6 +370,8 @@ type PolicyTagIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to PolicyTag pulumi.StringPtrInput // The role that should be applied. Only one // `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format @@ -283,11 +385,8 @@ func (PolicyTagIamMemberState) ElementType() reflect.Type { type policyTagIamMemberArgs struct { Condition *PolicyTagIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +396,8 @@ type policyTagIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to PolicyTag string `pulumi:"policyTag"` // The role that should be applied. Only one // `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format @@ -307,11 +408,8 @@ type policyTagIamMemberArgs struct { // The set of arguments for constructing a PolicyTagIamMember resource. type PolicyTagIamMemberArgs struct { Condition PolicyTagIamMemberConditionPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -321,6 +419,8 @@ type PolicyTagIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to PolicyTag pulumi.StringInput // The role that should be applied. Only one // `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format @@ -424,23 +524,22 @@ func (o PolicyTagIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *PolicyTagIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o PolicyTagIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *PolicyTagIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o PolicyTagIamMemberOutput) PolicyTag() pulumi.StringOutput { return o.ApplyT(func(v *PolicyTagIamMember) pulumi.StringOutput { return v.PolicyTag }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/datacatalog/policyTagIamPolicy.go b/sdk/go/gcp/datacatalog/policyTagIamPolicy.go index 0b9e2cd28a..86a4b5e0d0 100644 --- a/sdk/go/gcp/datacatalog/policyTagIamPolicy.go +++ b/sdk/go/gcp/datacatalog/policyTagIamPolicy.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_data\_catalog\_policy\_tag\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = datacatalog.NewPolicyTagIamPolicy(ctx, "policy", &datacatalog.PolicyTagIamPolicyArgs{ +// PolicyTag: pulumi.Any(basicPolicyTag.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_policy\_tag\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewPolicyTagIamBinding(ctx, "binding", &datacatalog.PolicyTagIamBindingArgs{ +// PolicyTag: pulumi.Any(basicPolicyTag.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_policy\_tag\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewPolicyTagIamMember(ctx, "member", &datacatalog.PolicyTagIamMemberArgs{ +// PolicyTag: pulumi.Any(basicPolicyTag.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,18 +276,6 @@ type PolicyTagIamPolicy struct { // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" PolicyTag pulumi.StringOutput `pulumi:"policyTag"` } @@ -228,18 +321,6 @@ type policyTagIamPolicyState struct { // a `organizations.getIAMPolicy` data source. PolicyData *string `pulumi:"policyData"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" PolicyTag *string `pulumi:"policyTag"` } @@ -250,18 +331,6 @@ type PolicyTagIamPolicyState struct { // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" PolicyTag pulumi.StringPtrInput } @@ -274,18 +343,6 @@ type policyTagIamPolicyArgs struct { // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" PolicyTag string `pulumi:"policyTag"` } @@ -295,18 +352,6 @@ type PolicyTagIamPolicyArgs struct { // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" PolicyTag pulumi.StringInput } @@ -409,18 +454,6 @@ func (o PolicyTagIamPolicyOutput) PolicyData() pulumi.StringOutput { } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o PolicyTagIamPolicyOutput) PolicyTag() pulumi.StringOutput { return o.ApplyT(func(v *PolicyTagIamPolicy) pulumi.StringOutput { return v.PolicyTag }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/datacatalog/tagTemplateIamBinding.go b/sdk/go/gcp/datacatalog/tagTemplateIamBinding.go index a7d7c5511f..68c83de8f6 100644 --- a/sdk/go/gcp/datacatalog/tagTemplateIamBinding.go +++ b/sdk/go/gcp/datacatalog/tagTemplateIamBinding.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_data\_catalog\_tag\_template\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = datacatalog.NewTagTemplateIamPolicy(ctx, "policy", &datacatalog.TagTemplateIamPolicyArgs{ +// TagTemplate: pulumi.Any(basicTagTemplate.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_tag\_template\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewTagTemplateIamBinding(ctx, "binding", &datacatalog.TagTemplateIamBindingArgs{ +// TagTemplate: pulumi.Any(basicTagTemplate.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_tag\_template\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewTagTemplateIamMember(ctx, "member", &datacatalog.TagTemplateIamMemberArgs{ +// TagTemplate: pulumi.Any(basicTagTemplate.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -173,13 +278,9 @@ type TagTemplateIamBinding struct { Condition TagTemplateIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -189,6 +290,9 @@ type TagTemplateIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // The role that should be applied. Only one @@ -240,13 +344,9 @@ func GetTagTemplateIamBinding(ctx *pulumi.Context, type tagTemplateIamBindingState struct { Condition *TagTemplateIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,6 +356,9 @@ type tagTemplateIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -269,13 +372,9 @@ type tagTemplateIamBindingState struct { type TagTemplateIamBindingState struct { Condition TagTemplateIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -285,6 +384,9 @@ type TagTemplateIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -301,12 +403,8 @@ func (TagTemplateIamBindingState) ElementType() reflect.Type { type tagTemplateIamBindingArgs struct { Condition *TagTemplateIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -316,6 +414,9 @@ type tagTemplateIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -329,12 +430,8 @@ type tagTemplateIamBindingArgs struct { // The set of arguments for constructing a TagTemplateIamBinding resource. type TagTemplateIamBindingArgs struct { Condition TagTemplateIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -344,6 +441,9 @@ type TagTemplateIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -450,24 +550,23 @@ func (o TagTemplateIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TagTemplateIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagTemplateIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *TagTemplateIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagTemplateIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TagTemplateIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/datacatalog/tagTemplateIamMember.go b/sdk/go/gcp/datacatalog/tagTemplateIamMember.go index 17c852a9a1..131c1c8e64 100644 --- a/sdk/go/gcp/datacatalog/tagTemplateIamMember.go +++ b/sdk/go/gcp/datacatalog/tagTemplateIamMember.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_data\_catalog\_tag\_template\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = datacatalog.NewTagTemplateIamPolicy(ctx, "policy", &datacatalog.TagTemplateIamPolicyArgs{ +// TagTemplate: pulumi.Any(basicTagTemplate.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_tag\_template\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewTagTemplateIamBinding(ctx, "binding", &datacatalog.TagTemplateIamBindingArgs{ +// TagTemplate: pulumi.Any(basicTagTemplate.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_tag\_template\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewTagTemplateIamMember(ctx, "member", &datacatalog.TagTemplateIamMemberArgs{ +// TagTemplate: pulumi.Any(basicTagTemplate.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -173,13 +278,9 @@ type TagTemplateIamMember struct { Condition TagTemplateIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -189,6 +290,9 @@ type TagTemplateIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // The role that should be applied. Only one @@ -240,13 +344,9 @@ func GetTagTemplateIamMember(ctx *pulumi.Context, type tagTemplateIamMemberState struct { Condition *TagTemplateIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,6 +356,9 @@ type tagTemplateIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -269,13 +372,9 @@ type tagTemplateIamMemberState struct { type TagTemplateIamMemberState struct { Condition TagTemplateIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -285,6 +384,9 @@ type TagTemplateIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -301,12 +403,8 @@ func (TagTemplateIamMemberState) ElementType() reflect.Type { type tagTemplateIamMemberArgs struct { Condition *TagTemplateIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -316,6 +414,9 @@ type tagTemplateIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -329,12 +430,8 @@ type tagTemplateIamMemberArgs struct { // The set of arguments for constructing a TagTemplateIamMember resource. type TagTemplateIamMemberArgs struct { Condition TagTemplateIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -344,6 +441,9 @@ type TagTemplateIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -450,24 +550,23 @@ func (o TagTemplateIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TagTemplateIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagTemplateIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *TagTemplateIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagTemplateIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TagTemplateIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/datacatalog/tagTemplateIamPolicy.go b/sdk/go/gcp/datacatalog/tagTemplateIamPolicy.go index 3a824bf507..5ba3a10331 100644 --- a/sdk/go/gcp/datacatalog/tagTemplateIamPolicy.go +++ b/sdk/go/gcp/datacatalog/tagTemplateIamPolicy.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_data\_catalog\_tag\_template\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = datacatalog.NewTagTemplateIamPolicy(ctx, "policy", &datacatalog.TagTemplateIamPolicyArgs{ +// TagTemplate: pulumi.Any(basicTagTemplate.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_tag\_template\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewTagTemplateIamBinding(ctx, "binding", &datacatalog.TagTemplateIamBindingArgs{ +// TagTemplate: pulumi.Any(basicTagTemplate.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_tag\_template\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewTagTemplateIamMember(ctx, "member", &datacatalog.TagTemplateIamMemberArgs{ +// TagTemplate: pulumi.Any(basicTagTemplate.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -178,18 +283,6 @@ type TagTemplateIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // Used to find the parent resource to bind the IAM policy to @@ -239,18 +332,6 @@ type tagTemplateIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Region *string `pulumi:"region"` // Used to find the parent resource to bind the IAM policy to @@ -265,18 +346,6 @@ type TagTemplateIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Region pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to @@ -293,18 +362,6 @@ type tagTemplateIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Region *string `pulumi:"region"` // Used to find the parent resource to bind the IAM policy to @@ -318,18 +375,6 @@ type TagTemplateIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Region pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to @@ -436,18 +481,6 @@ func (o TagTemplateIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagTemplateIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TagTemplateIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/datacatalog/taxonomyIamBinding.go b/sdk/go/gcp/datacatalog/taxonomyIamBinding.go index 39fa2043e0..32b8563ec5 100644 --- a/sdk/go/gcp/datacatalog/taxonomyIamBinding.go +++ b/sdk/go/gcp/datacatalog/taxonomyIamBinding.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_data\_catalog\_taxonomy\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = datacatalog.NewTaxonomyIamPolicy(ctx, "policy", &datacatalog.TaxonomyIamPolicyArgs{ +// Taxonomy: pulumi.Any(basicTaxonomy.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_taxonomy\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewTaxonomyIamBinding(ctx, "binding", &datacatalog.TaxonomyIamBindingArgs{ +// Taxonomy: pulumi.Any(basicTaxonomy.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_taxonomy\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewTaxonomyIamMember(ctx, "member", &datacatalog.TaxonomyIamMemberArgs{ +// Taxonomy: pulumi.Any(basicTaxonomy.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -173,13 +278,9 @@ type TaxonomyIamBinding struct { Condition TaxonomyIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -189,6 +290,9 @@ type TaxonomyIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // The role that should be applied. Only one @@ -240,13 +344,9 @@ func GetTaxonomyIamBinding(ctx *pulumi.Context, type taxonomyIamBindingState struct { Condition *TaxonomyIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,6 +356,9 @@ type taxonomyIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -269,13 +372,9 @@ type taxonomyIamBindingState struct { type TaxonomyIamBindingState struct { Condition TaxonomyIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -285,6 +384,9 @@ type TaxonomyIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -301,12 +403,8 @@ func (TaxonomyIamBindingState) ElementType() reflect.Type { type taxonomyIamBindingArgs struct { Condition *TaxonomyIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -316,6 +414,9 @@ type taxonomyIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -329,12 +430,8 @@ type taxonomyIamBindingArgs struct { // The set of arguments for constructing a TaxonomyIamBinding resource. type TaxonomyIamBindingArgs struct { Condition TaxonomyIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -344,6 +441,9 @@ type TaxonomyIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -450,24 +550,23 @@ func (o TaxonomyIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TaxonomyIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TaxonomyIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *TaxonomyIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TaxonomyIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TaxonomyIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/datacatalog/taxonomyIamMember.go b/sdk/go/gcp/datacatalog/taxonomyIamMember.go index 5c41798d8f..ec90e148f2 100644 --- a/sdk/go/gcp/datacatalog/taxonomyIamMember.go +++ b/sdk/go/gcp/datacatalog/taxonomyIamMember.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_data\_catalog\_taxonomy\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = datacatalog.NewTaxonomyIamPolicy(ctx, "policy", &datacatalog.TaxonomyIamPolicyArgs{ +// Taxonomy: pulumi.Any(basicTaxonomy.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_taxonomy\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewTaxonomyIamBinding(ctx, "binding", &datacatalog.TaxonomyIamBindingArgs{ +// Taxonomy: pulumi.Any(basicTaxonomy.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_taxonomy\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewTaxonomyIamMember(ctx, "member", &datacatalog.TaxonomyIamMemberArgs{ +// Taxonomy: pulumi.Any(basicTaxonomy.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -173,13 +278,9 @@ type TaxonomyIamMember struct { Condition TaxonomyIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -189,6 +290,9 @@ type TaxonomyIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // The role that should be applied. Only one @@ -240,13 +344,9 @@ func GetTaxonomyIamMember(ctx *pulumi.Context, type taxonomyIamMemberState struct { Condition *TaxonomyIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,6 +356,9 @@ type taxonomyIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -269,13 +372,9 @@ type taxonomyIamMemberState struct { type TaxonomyIamMemberState struct { Condition TaxonomyIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -285,6 +384,9 @@ type TaxonomyIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -301,12 +403,8 @@ func (TaxonomyIamMemberState) ElementType() reflect.Type { type taxonomyIamMemberArgs struct { Condition *TaxonomyIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -316,6 +414,9 @@ type taxonomyIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -329,12 +430,8 @@ type taxonomyIamMemberArgs struct { // The set of arguments for constructing a TaxonomyIamMember resource. type TaxonomyIamMemberArgs struct { Condition TaxonomyIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -344,6 +441,9 @@ type TaxonomyIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -450,24 +550,23 @@ func (o TaxonomyIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TaxonomyIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TaxonomyIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *TaxonomyIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TaxonomyIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TaxonomyIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/datacatalog/taxonomyIamPolicy.go b/sdk/go/gcp/datacatalog/taxonomyIamPolicy.go index b115d02a19..3a5b3ef2d5 100644 --- a/sdk/go/gcp/datacatalog/taxonomyIamPolicy.go +++ b/sdk/go/gcp/datacatalog/taxonomyIamPolicy.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_data\_catalog\_taxonomy\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = datacatalog.NewTaxonomyIamPolicy(ctx, "policy", &datacatalog.TaxonomyIamPolicyArgs{ +// Taxonomy: pulumi.Any(basicTaxonomy.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_taxonomy\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewTaxonomyIamBinding(ctx, "binding", &datacatalog.TaxonomyIamBindingArgs{ +// Taxonomy: pulumi.Any(basicTaxonomy.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_data\_catalog\_taxonomy\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/datacatalog" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := datacatalog.NewTaxonomyIamMember(ctx, "member", &datacatalog.TaxonomyIamMemberArgs{ +// Taxonomy: pulumi.Any(basicTaxonomy.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -178,18 +283,6 @@ type TaxonomyIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // Used to find the parent resource to bind the IAM policy to @@ -239,18 +332,6 @@ type taxonomyIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Region *string `pulumi:"region"` // Used to find the parent resource to bind the IAM policy to @@ -265,18 +346,6 @@ type TaxonomyIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Region pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to @@ -293,18 +362,6 @@ type taxonomyIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Region *string `pulumi:"region"` // Used to find the parent resource to bind the IAM policy to @@ -318,18 +375,6 @@ type TaxonomyIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Region pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to @@ -436,18 +481,6 @@ func (o TaxonomyIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TaxonomyIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TaxonomyIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/assetIamBinding.go b/sdk/go/gcp/dataplex/assetIamBinding.go index 8f760f1e11..8ebf11e717 100644 --- a/sdk/go/gcp/dataplex/assetIamBinding.go +++ b/sdk/go/gcp/dataplex/assetIamBinding.go @@ -143,6 +143,123 @@ import ( // ``` // // +// ## google\_dataplex\_asset\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewAssetIamPolicy(ctx, "policy", &dataplex.AssetIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.DataplexZone), +// Asset: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_asset\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewAssetIamBinding(ctx, "binding", &dataplex.AssetIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.DataplexZone), +// Asset: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_asset\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewAssetIamMember(ctx, "member", &dataplex.AssetIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.DataplexZone), +// Asset: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -188,15 +305,11 @@ type AssetIamBinding struct { Condition AssetIamBindingConditionPtrOutput `pulumi:"condition"` DataplexZone pulumi.StringOutput `pulumi:"dataplexZone"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Lake pulumi.StringOutput `pulumi:"lake"` - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + Lake pulumi.StringOutput `pulumi:"lake"` + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -206,6 +319,9 @@ type AssetIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format @@ -263,15 +379,11 @@ type assetIamBindingState struct { Condition *AssetIamBindingCondition `pulumi:"condition"` DataplexZone *string `pulumi:"dataplexZone"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Lake *string `pulumi:"lake"` - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + Lake *string `pulumi:"lake"` + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -281,6 +393,9 @@ type assetIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format @@ -297,12 +412,8 @@ type AssetIamBindingState struct { Etag pulumi.StringPtrInput Lake pulumi.StringPtrInput Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -312,6 +423,9 @@ type AssetIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format @@ -330,12 +444,8 @@ type assetIamBindingArgs struct { DataplexZone string `pulumi:"dataplexZone"` Lake string `pulumi:"lake"` Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -345,6 +455,9 @@ type assetIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format @@ -360,12 +473,8 @@ type AssetIamBindingArgs struct { DataplexZone pulumi.StringInput Lake pulumi.StringInput Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -375,6 +484,9 @@ type AssetIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format @@ -495,24 +607,23 @@ func (o AssetIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *AssetIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AssetIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *AssetIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AssetIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AssetIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/assetIamMember.go b/sdk/go/gcp/dataplex/assetIamMember.go index 4eab6242f3..3b13318a17 100644 --- a/sdk/go/gcp/dataplex/assetIamMember.go +++ b/sdk/go/gcp/dataplex/assetIamMember.go @@ -143,6 +143,123 @@ import ( // ``` // // +// ## google\_dataplex\_asset\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewAssetIamPolicy(ctx, "policy", &dataplex.AssetIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.DataplexZone), +// Asset: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_asset\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewAssetIamBinding(ctx, "binding", &dataplex.AssetIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.DataplexZone), +// Asset: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_asset\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewAssetIamMember(ctx, "member", &dataplex.AssetIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.DataplexZone), +// Asset: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -191,12 +308,8 @@ type AssetIamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` Lake pulumi.StringOutput `pulumi:"lake"` Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -206,6 +319,9 @@ type AssetIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format @@ -266,12 +382,8 @@ type assetIamMemberState struct { Etag *string `pulumi:"etag"` Lake *string `pulumi:"lake"` Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -281,6 +393,9 @@ type assetIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format @@ -297,12 +412,8 @@ type AssetIamMemberState struct { Etag pulumi.StringPtrInput Lake pulumi.StringPtrInput Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -312,6 +423,9 @@ type AssetIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format @@ -330,12 +444,8 @@ type assetIamMemberArgs struct { DataplexZone string `pulumi:"dataplexZone"` Lake string `pulumi:"lake"` Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -345,6 +455,9 @@ type assetIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format @@ -360,12 +473,8 @@ type AssetIamMemberArgs struct { DataplexZone pulumi.StringInput Lake pulumi.StringInput Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -375,6 +484,9 @@ type AssetIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format @@ -495,24 +607,23 @@ func (o AssetIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *AssetIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AssetIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *AssetIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AssetIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AssetIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/assetIamPolicy.go b/sdk/go/gcp/dataplex/assetIamPolicy.go index c3f110d98c..f91589a39b 100644 --- a/sdk/go/gcp/dataplex/assetIamPolicy.go +++ b/sdk/go/gcp/dataplex/assetIamPolicy.go @@ -143,6 +143,123 @@ import ( // ``` // // +// ## google\_dataplex\_asset\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewAssetIamPolicy(ctx, "policy", &dataplex.AssetIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.DataplexZone), +// Asset: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_asset\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewAssetIamBinding(ctx, "binding", &dataplex.AssetIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.DataplexZone), +// Asset: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_asset\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewAssetIamMember(ctx, "member", &dataplex.AssetIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.DataplexZone), +// Asset: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -195,18 +312,6 @@ type AssetIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -264,18 +369,6 @@ type assetIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -292,18 +385,6 @@ type AssetIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -322,18 +403,6 @@ type assetIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -349,18 +418,6 @@ type AssetIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -481,18 +538,6 @@ func (o AssetIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AssetIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AssetIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/datascanIamBinding.go b/sdk/go/gcp/dataplex/datascanIamBinding.go index f1499ac140..7141a5b50e 100644 --- a/sdk/go/gcp/dataplex/datascanIamBinding.go +++ b/sdk/go/gcp/dataplex/datascanIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_dataplex\_datascan\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewDatascanIamPolicy(ctx, "policy", &dataplex.DatascanIamPolicyArgs{ +// Project: pulumi.Any(basicProfile.Project), +// Location: pulumi.Any(basicProfile.Location), +// DataScanId: pulumi.Any(basicProfile.DataScanId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_datascan\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewDatascanIamBinding(ctx, "binding", &dataplex.DatascanIamBindingArgs{ +// Project: pulumi.Any(basicProfile.Project), +// Location: pulumi.Any(basicProfile.Location), +// DataScanId: pulumi.Any(basicProfile.DataScanId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_datascan\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewDatascanIamMember(ctx, "member", &dataplex.DatascanIamMemberArgs{ +// Project: pulumi.Any(basicProfile.Project), +// Location: pulumi.Any(basicProfile.Location), +// DataScanId: pulumi.Any(basicProfile.DataScanId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,13 +294,9 @@ type DatascanIamBinding struct { Etag pulumi.StringOutput `pulumi:"etag"` // The location where the data scan should reside. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +306,9 @@ type DatascanIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format @@ -251,13 +361,9 @@ type datascanIamBindingState struct { Etag *string `pulumi:"etag"` // The location where the data scan should reside. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +373,9 @@ type datascanIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format @@ -282,12 +391,8 @@ type DatascanIamBindingState struct { // The location where the data scan should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +402,9 @@ type DatascanIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format @@ -313,13 +421,9 @@ type datascanIamBindingArgs struct { DataScanId string `pulumi:"dataScanId"` // The location where the data scan should reside. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -329,6 +433,9 @@ type datascanIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format @@ -343,12 +450,8 @@ type DatascanIamBindingArgs struct { // The location where the data scan should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -358,6 +461,9 @@ type DatascanIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format @@ -471,24 +577,23 @@ func (o DatascanIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *DatascanIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DatascanIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *DatascanIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DatascanIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DatascanIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/datascanIamMember.go b/sdk/go/gcp/dataplex/datascanIamMember.go index 7e25cc96a3..6c88f8fa08 100644 --- a/sdk/go/gcp/dataplex/datascanIamMember.go +++ b/sdk/go/gcp/dataplex/datascanIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_dataplex\_datascan\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewDatascanIamPolicy(ctx, "policy", &dataplex.DatascanIamPolicyArgs{ +// Project: pulumi.Any(basicProfile.Project), +// Location: pulumi.Any(basicProfile.Location), +// DataScanId: pulumi.Any(basicProfile.DataScanId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_datascan\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewDatascanIamBinding(ctx, "binding", &dataplex.DatascanIamBindingArgs{ +// Project: pulumi.Any(basicProfile.Project), +// Location: pulumi.Any(basicProfile.Location), +// DataScanId: pulumi.Any(basicProfile.DataScanId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_datascan\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewDatascanIamMember(ctx, "member", &dataplex.DatascanIamMemberArgs{ +// Project: pulumi.Any(basicProfile.Project), +// Location: pulumi.Any(basicProfile.Location), +// DataScanId: pulumi.Any(basicProfile.DataScanId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -184,12 +295,8 @@ type DatascanIamMember struct { // The location where the data scan should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +306,9 @@ type DatascanIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format @@ -252,12 +362,8 @@ type datascanIamMemberState struct { // The location where the data scan should reside. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +373,9 @@ type datascanIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format @@ -282,12 +391,8 @@ type DatascanIamMemberState struct { // The location where the data scan should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +402,9 @@ type DatascanIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format @@ -314,12 +422,8 @@ type datascanIamMemberArgs struct { // The location where the data scan should reside. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -329,6 +433,9 @@ type datascanIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format @@ -343,12 +450,8 @@ type DatascanIamMemberArgs struct { // The location where the data scan should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -358,6 +461,9 @@ type DatascanIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format @@ -471,24 +577,23 @@ func (o DatascanIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *DatascanIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DatascanIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *DatascanIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DatascanIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DatascanIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/datascanIamPolicy.go b/sdk/go/gcp/dataplex/datascanIamPolicy.go index 02bd856d86..98a71ce5c2 100644 --- a/sdk/go/gcp/dataplex/datascanIamPolicy.go +++ b/sdk/go/gcp/dataplex/datascanIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_dataplex\_datascan\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewDatascanIamPolicy(ctx, "policy", &dataplex.DatascanIamPolicyArgs{ +// Project: pulumi.Any(basicProfile.Project), +// Location: pulumi.Any(basicProfile.Location), +// DataScanId: pulumi.Any(basicProfile.DataScanId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_datascan\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewDatascanIamBinding(ctx, "binding", &dataplex.DatascanIamBindingArgs{ +// Project: pulumi.Any(basicProfile.Project), +// Location: pulumi.Any(basicProfile.Location), +// DataScanId: pulumi.Any(basicProfile.DataScanId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_datascan\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewDatascanIamMember(ctx, "member", &dataplex.DatascanIamMemberArgs{ +// Project: pulumi.Any(basicProfile.Project), +// Location: pulumi.Any(basicProfile.Location), +// DataScanId: pulumi.Any(basicProfile.DataScanId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -188,18 +299,6 @@ type DatascanIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -250,18 +349,6 @@ type datascanIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -277,18 +364,6 @@ type DatascanIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -306,18 +381,6 @@ type datascanIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -332,18 +395,6 @@ type DatascanIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -457,18 +508,6 @@ func (o DatascanIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DatascanIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DatascanIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/lakeIamBinding.go b/sdk/go/gcp/dataplex/lakeIamBinding.go index c1a8fc9599..07ca9f9c7a 100644 --- a/sdk/go/gcp/dataplex/lakeIamBinding.go +++ b/sdk/go/gcp/dataplex/lakeIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_dataplex\_lake\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewLakeIamPolicy(ctx, "policy", &dataplex.LakeIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_lake\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewLakeIamBinding(ctx, "binding", &dataplex.LakeIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_lake\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewLakeIamMember(ctx, "member", &dataplex.LakeIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,14 +292,10 @@ type LakeIamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - Lake pulumi.StringOutput `pulumi:"lake"` - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Lake pulumi.StringOutput `pulumi:"lake"` + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -198,6 +305,9 @@ type LakeIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format @@ -248,14 +358,10 @@ type lakeIamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - Lake *string `pulumi:"lake"` - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Lake *string `pulumi:"lake"` + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -265,6 +371,9 @@ type lakeIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format @@ -279,12 +388,8 @@ type LakeIamBindingState struct { // Used to find the parent resource to bind the IAM policy to Lake pulumi.StringPtrInput Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +399,9 @@ type LakeIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format @@ -308,14 +416,10 @@ func (LakeIamBindingState) ElementType() reflect.Type { type lakeIamBindingArgs struct { Condition *LakeIamBindingCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - Lake string `pulumi:"lake"` - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Lake string `pulumi:"lake"` + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -325,6 +429,9 @@ type lakeIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format @@ -338,12 +445,8 @@ type LakeIamBindingArgs struct { // Used to find the parent resource to bind the IAM policy to Lake pulumi.StringInput Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -353,6 +456,9 @@ type LakeIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format @@ -465,24 +571,23 @@ func (o LakeIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *LakeIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o LakeIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *LakeIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o LakeIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *LakeIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/lakeIamMember.go b/sdk/go/gcp/dataplex/lakeIamMember.go index a184314ef8..ea2829a2a1 100644 --- a/sdk/go/gcp/dataplex/lakeIamMember.go +++ b/sdk/go/gcp/dataplex/lakeIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_dataplex\_lake\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewLakeIamPolicy(ctx, "policy", &dataplex.LakeIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_lake\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewLakeIamBinding(ctx, "binding", &dataplex.LakeIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_lake\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewLakeIamMember(ctx, "member", &dataplex.LakeIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,12 +294,8 @@ type LakeIamMember struct { // Used to find the parent resource to bind the IAM policy to Lake pulumi.StringOutput `pulumi:"lake"` Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -198,6 +305,9 @@ type LakeIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format @@ -250,12 +360,8 @@ type lakeIamMemberState struct { // Used to find the parent resource to bind the IAM policy to Lake *string `pulumi:"lake"` Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -265,6 +371,9 @@ type lakeIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format @@ -279,12 +388,8 @@ type LakeIamMemberState struct { // Used to find the parent resource to bind the IAM policy to Lake pulumi.StringPtrInput Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +399,9 @@ type LakeIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format @@ -310,12 +418,8 @@ type lakeIamMemberArgs struct { // Used to find the parent resource to bind the IAM policy to Lake string `pulumi:"lake"` Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -325,6 +429,9 @@ type lakeIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format @@ -338,12 +445,8 @@ type LakeIamMemberArgs struct { // Used to find the parent resource to bind the IAM policy to Lake pulumi.StringInput Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -353,6 +456,9 @@ type LakeIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format @@ -465,24 +571,23 @@ func (o LakeIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *LakeIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o LakeIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *LakeIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o LakeIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *LakeIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/lakeIamPolicy.go b/sdk/go/gcp/dataplex/lakeIamPolicy.go index f58bd9d668..b915772dba 100644 --- a/sdk/go/gcp/dataplex/lakeIamPolicy.go +++ b/sdk/go/gcp/dataplex/lakeIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_dataplex\_lake\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewLakeIamPolicy(ctx, "policy", &dataplex.LakeIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_lake\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewLakeIamBinding(ctx, "binding", &dataplex.LakeIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_lake\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewLakeIamMember(ctx, "member", &dataplex.LakeIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -187,18 +298,6 @@ type LakeIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -248,18 +347,6 @@ type lakeIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -274,18 +361,6 @@ type LakeIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -302,18 +377,6 @@ type lakeIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -327,18 +390,6 @@ type LakeIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -451,18 +502,6 @@ func (o LakeIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o LakeIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *LakeIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/taskIamBinding.go b/sdk/go/gcp/dataplex/taskIamBinding.go index 6843ef7d74..7863540bd6 100644 --- a/sdk/go/gcp/dataplex/taskIamBinding.go +++ b/sdk/go/gcp/dataplex/taskIamBinding.go @@ -140,6 +140,120 @@ import ( // ``` // // +// ## google\_dataplex\_task\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewTaskIamPolicy(ctx, "policy", &dataplex.TaskIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// TaskId: pulumi.Any(example.TaskId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_task\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewTaskIamBinding(ctx, "binding", &dataplex.TaskIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// TaskId: pulumi.Any(example.TaskId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_task\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewTaskIamMember(ctx, "member", &dataplex.TaskIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// TaskId: pulumi.Any(example.TaskId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -188,13 +302,9 @@ type TaskIamBinding struct { Lake pulumi.StringOutput `pulumi:"lake"` // The location in which the task will be created in. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -204,6 +314,9 @@ type TaskIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format @@ -262,13 +375,9 @@ type taskIamBindingState struct { Lake *string `pulumi:"lake"` // The location in which the task will be created in. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -278,6 +387,9 @@ type taskIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format @@ -296,12 +408,8 @@ type TaskIamBindingState struct { // The location in which the task will be created in. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -311,6 +419,9 @@ type TaskIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format @@ -330,13 +441,9 @@ type taskIamBindingArgs struct { Lake string `pulumi:"lake"` // The location in which the task will be created in. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -346,6 +453,9 @@ type taskIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format @@ -363,12 +473,8 @@ type TaskIamBindingArgs struct { // The location in which the task will be created in. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -378,6 +484,9 @@ type TaskIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format @@ -494,24 +603,23 @@ func (o TaskIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *TaskIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TaskIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *TaskIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TaskIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TaskIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/taskIamMember.go b/sdk/go/gcp/dataplex/taskIamMember.go index fd485ab38f..fa02523e2f 100644 --- a/sdk/go/gcp/dataplex/taskIamMember.go +++ b/sdk/go/gcp/dataplex/taskIamMember.go @@ -140,6 +140,120 @@ import ( // ``` // // +// ## google\_dataplex\_task\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewTaskIamPolicy(ctx, "policy", &dataplex.TaskIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// TaskId: pulumi.Any(example.TaskId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_task\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewTaskIamBinding(ctx, "binding", &dataplex.TaskIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// TaskId: pulumi.Any(example.TaskId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_task\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewTaskIamMember(ctx, "member", &dataplex.TaskIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// TaskId: pulumi.Any(example.TaskId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -189,12 +303,8 @@ type TaskIamMember struct { // The location in which the task will be created in. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -204,6 +314,9 @@ type TaskIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format @@ -263,12 +376,8 @@ type taskIamMemberState struct { // The location in which the task will be created in. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -278,6 +387,9 @@ type taskIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format @@ -296,12 +408,8 @@ type TaskIamMemberState struct { // The location in which the task will be created in. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -311,6 +419,9 @@ type TaskIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format @@ -331,12 +442,8 @@ type taskIamMemberArgs struct { // The location in which the task will be created in. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -346,6 +453,9 @@ type taskIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format @@ -363,12 +473,8 @@ type TaskIamMemberArgs struct { // The location in which the task will be created in. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -378,6 +484,9 @@ type TaskIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format @@ -494,24 +603,23 @@ func (o TaskIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *TaskIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TaskIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *TaskIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TaskIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TaskIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/taskIamPolicy.go b/sdk/go/gcp/dataplex/taskIamPolicy.go index 72c1ce805d..729961c515 100644 --- a/sdk/go/gcp/dataplex/taskIamPolicy.go +++ b/sdk/go/gcp/dataplex/taskIamPolicy.go @@ -140,6 +140,120 @@ import ( // ``` // // +// ## google\_dataplex\_task\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewTaskIamPolicy(ctx, "policy", &dataplex.TaskIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// TaskId: pulumi.Any(example.TaskId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_task\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewTaskIamBinding(ctx, "binding", &dataplex.TaskIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// TaskId: pulumi.Any(example.TaskId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_task\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewTaskIamMember(ctx, "member", &dataplex.TaskIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// TaskId: pulumi.Any(example.TaskId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -193,18 +307,6 @@ type TaskIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` TaskId pulumi.StringOutput `pulumi:"taskId"` } @@ -261,18 +363,6 @@ type taskIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` TaskId *string `pulumi:"taskId"` } @@ -291,18 +381,6 @@ type TaskIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput TaskId pulumi.StringPtrInput } @@ -323,18 +401,6 @@ type taskIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` TaskId string `pulumi:"taskId"` } @@ -352,18 +418,6 @@ type TaskIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput TaskId pulumi.StringInput } @@ -480,18 +534,6 @@ func (o TaskIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TaskIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TaskIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/zoneIamBinding.go b/sdk/go/gcp/dataplex/zoneIamBinding.go index 8b6efcd73c..6dee501d7e 100644 --- a/sdk/go/gcp/dataplex/zoneIamBinding.go +++ b/sdk/go/gcp/dataplex/zoneIamBinding.go @@ -140,6 +140,120 @@ import ( // ``` // // +// ## google\_dataplex\_zone\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewZoneIamPolicy(ctx, "policy", &dataplex.ZoneIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_zone\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewZoneIamBinding(ctx, "binding", &dataplex.ZoneIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_zone\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewZoneIamMember(ctx, "member", &dataplex.ZoneIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -184,15 +298,11 @@ type ZoneIamBinding struct { // Used to find the parent resource to bind the IAM policy to DataplexZone pulumi.StringOutput `pulumi:"dataplexZone"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Lake pulumi.StringOutput `pulumi:"lake"` - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + Lake pulumi.StringOutput `pulumi:"lake"` + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -202,6 +312,9 @@ type ZoneIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -255,15 +368,11 @@ type zoneIamBindingState struct { // Used to find the parent resource to bind the IAM policy to DataplexZone *string `pulumi:"dataplexZone"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Lake *string `pulumi:"lake"` - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + Lake *string `pulumi:"lake"` + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -273,6 +382,9 @@ type zoneIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -288,12 +400,8 @@ type ZoneIamBindingState struct { Etag pulumi.StringPtrInput Lake pulumi.StringPtrInput Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -303,6 +411,9 @@ type ZoneIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -317,15 +428,11 @@ func (ZoneIamBindingState) ElementType() reflect.Type { type zoneIamBindingArgs struct { Condition *ZoneIamBindingCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - DataplexZone string `pulumi:"dataplexZone"` - Lake string `pulumi:"lake"` - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DataplexZone string `pulumi:"dataplexZone"` + Lake string `pulumi:"lake"` + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -335,6 +442,9 @@ type zoneIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -349,12 +459,8 @@ type ZoneIamBindingArgs struct { DataplexZone pulumi.StringInput Lake pulumi.StringInput Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -364,6 +470,9 @@ type ZoneIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -480,24 +589,23 @@ func (o ZoneIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *ZoneIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ZoneIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ZoneIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ZoneIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ZoneIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/zoneIamMember.go b/sdk/go/gcp/dataplex/zoneIamMember.go index edbb01d134..42d2f84ced 100644 --- a/sdk/go/gcp/dataplex/zoneIamMember.go +++ b/sdk/go/gcp/dataplex/zoneIamMember.go @@ -140,6 +140,120 @@ import ( // ``` // // +// ## google\_dataplex\_zone\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewZoneIamPolicy(ctx, "policy", &dataplex.ZoneIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_zone\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewZoneIamBinding(ctx, "binding", &dataplex.ZoneIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_zone\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewZoneIamMember(ctx, "member", &dataplex.ZoneIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -187,12 +301,8 @@ type ZoneIamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` Lake pulumi.StringOutput `pulumi:"lake"` Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -202,6 +312,9 @@ type ZoneIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -258,12 +371,8 @@ type zoneIamMemberState struct { Etag *string `pulumi:"etag"` Lake *string `pulumi:"lake"` Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -273,6 +382,9 @@ type zoneIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -288,12 +400,8 @@ type ZoneIamMemberState struct { Etag pulumi.StringPtrInput Lake pulumi.StringPtrInput Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -303,6 +411,9 @@ type ZoneIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -320,12 +431,8 @@ type zoneIamMemberArgs struct { DataplexZone string `pulumi:"dataplexZone"` Lake string `pulumi:"lake"` Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -335,6 +442,9 @@ type zoneIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -349,12 +459,8 @@ type ZoneIamMemberArgs struct { DataplexZone pulumi.StringInput Lake pulumi.StringInput Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -364,6 +470,9 @@ type ZoneIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -480,24 +589,23 @@ func (o ZoneIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *ZoneIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ZoneIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ZoneIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ZoneIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ZoneIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataplex/zoneIamPolicy.go b/sdk/go/gcp/dataplex/zoneIamPolicy.go index 3681ae3c24..cf2990a444 100644 --- a/sdk/go/gcp/dataplex/zoneIamPolicy.go +++ b/sdk/go/gcp/dataplex/zoneIamPolicy.go @@ -140,6 +140,120 @@ import ( // ``` // // +// ## google\_dataplex\_zone\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataplex.NewZoneIamPolicy(ctx, "policy", &dataplex.ZoneIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_zone\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewZoneIamBinding(ctx, "binding", &dataplex.ZoneIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataplex\_zone\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataplex" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataplex.NewZoneIamMember(ctx, "member", &dataplex.ZoneIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Location: pulumi.Any(example.Location), +// Lake: pulumi.Any(example.Lake), +// DataplexZone: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -191,18 +305,6 @@ type ZoneIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -256,18 +358,6 @@ type zoneIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -283,18 +373,6 @@ type ZoneIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -312,18 +390,6 @@ type zoneIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -338,18 +404,6 @@ type ZoneIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -466,18 +520,6 @@ func (o ZoneIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ZoneIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ZoneIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataproc/autoscalingPolicyIamBinding.go b/sdk/go/gcp/dataproc/autoscalingPolicyIamBinding.go index 194ab32238..c0d4948287 100644 --- a/sdk/go/gcp/dataproc/autoscalingPolicyIamBinding.go +++ b/sdk/go/gcp/dataproc/autoscalingPolicyIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_dataproc\_autoscaling\_policy\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, "policy", &dataproc.AutoscalingPolicyIamPolicyArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// PolicyId: pulumi.Any(basic.PolicyId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_autoscaling\_policy\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, "binding", &dataproc.AutoscalingPolicyIamBindingArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// PolicyId: pulumi.Any(basic.PolicyId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_autoscaling\_policy\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewAutoscalingPolicyIamMember(ctx, "member", &dataproc.AutoscalingPolicyIamMemberArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// PolicyId: pulumi.Any(basic.PolicyId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,18 +294,9 @@ type AutoscalingPolicyIamBinding struct { // The location where the autoscaling policy should reside. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - // 3 and 50 characters. - // Used to find the parent resource to bind the IAM policy to - PolicyId pulumi.StringOutput `pulumi:"policyId"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -204,6 +306,14 @@ type AutoscalingPolicyIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + // 3 and 50 characters. + // Used to find the parent resource to bind the IAM policy to + PolicyId pulumi.StringOutput `pulumi:"policyId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -256,18 +366,9 @@ type autoscalingPolicyIamBindingState struct { // The location where the autoscaling policy should reside. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - // 3 and 50 characters. - // Used to find the parent resource to bind the IAM policy to - PolicyId *string `pulumi:"policyId"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -277,6 +378,14 @@ type autoscalingPolicyIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + // 3 and 50 characters. + // Used to find the parent resource to bind the IAM policy to + PolicyId *string `pulumi:"policyId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -292,17 +401,8 @@ type AutoscalingPolicyIamBindingState struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - // 3 and 50 characters. - // Used to find the parent resource to bind the IAM policy to - PolicyId pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -312,6 +412,14 @@ type AutoscalingPolicyIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + // 3 and 50 characters. + // Used to find the parent resource to bind the IAM policy to + PolicyId pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -328,18 +436,9 @@ type autoscalingPolicyIamBindingArgs struct { // The location where the autoscaling policy should reside. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - // 3 and 50 characters. - // Used to find the parent resource to bind the IAM policy to - PolicyId string `pulumi:"policyId"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -349,6 +448,14 @@ type autoscalingPolicyIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + // 3 and 50 characters. + // Used to find the parent resource to bind the IAM policy to + PolicyId string `pulumi:"policyId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -363,17 +470,8 @@ type AutoscalingPolicyIamBindingArgs struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - // 3 and 50 characters. - // Used to find the parent resource to bind the IAM policy to - PolicyId pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -383,6 +481,14 @@ type AutoscalingPolicyIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + // 3 and 50 characters. + // Used to find the parent resource to bind the IAM policy to + PolicyId pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -493,6 +599,17 @@ func (o AutoscalingPolicyIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *AutoscalingPolicyIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AutoscalingPolicyIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *AutoscalingPolicyIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -507,18 +624,6 @@ func (o AutoscalingPolicyIamBindingOutput) PolicyId() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AutoscalingPolicyIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AutoscalingPolicyIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataproc/autoscalingPolicyIamMember.go b/sdk/go/gcp/dataproc/autoscalingPolicyIamMember.go index dfeeda3f40..9f03b8d9a3 100644 --- a/sdk/go/gcp/dataproc/autoscalingPolicyIamMember.go +++ b/sdk/go/gcp/dataproc/autoscalingPolicyIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_dataproc\_autoscaling\_policy\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, "policy", &dataproc.AutoscalingPolicyIamPolicyArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// PolicyId: pulumi.Any(basic.PolicyId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_autoscaling\_policy\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, "binding", &dataproc.AutoscalingPolicyIamBindingArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// PolicyId: pulumi.Any(basic.PolicyId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_autoscaling\_policy\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewAutoscalingPolicyIamMember(ctx, "member", &dataproc.AutoscalingPolicyIamMemberArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// PolicyId: pulumi.Any(basic.PolicyId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -184,17 +295,8 @@ type AutoscalingPolicyIamMember struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - // 3 and 50 characters. - // Used to find the parent resource to bind the IAM policy to - PolicyId pulumi.StringOutput `pulumi:"policyId"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -204,6 +306,14 @@ type AutoscalingPolicyIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + // 3 and 50 characters. + // Used to find the parent resource to bind the IAM policy to + PolicyId pulumi.StringOutput `pulumi:"policyId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -257,17 +367,8 @@ type autoscalingPolicyIamMemberState struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - // 3 and 50 characters. - // Used to find the parent resource to bind the IAM policy to - PolicyId *string `pulumi:"policyId"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -277,6 +378,14 @@ type autoscalingPolicyIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + // 3 and 50 characters. + // Used to find the parent resource to bind the IAM policy to + PolicyId *string `pulumi:"policyId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -292,17 +401,8 @@ type AutoscalingPolicyIamMemberState struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - // 3 and 50 characters. - // Used to find the parent resource to bind the IAM policy to - PolicyId pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -312,6 +412,14 @@ type AutoscalingPolicyIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + // 3 and 50 characters. + // Used to find the parent resource to bind the IAM policy to + PolicyId pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -329,17 +437,8 @@ type autoscalingPolicyIamMemberArgs struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - // 3 and 50 characters. - // Used to find the parent resource to bind the IAM policy to - PolicyId string `pulumi:"policyId"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -349,6 +448,14 @@ type autoscalingPolicyIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + // 3 and 50 characters. + // Used to find the parent resource to bind the IAM policy to + PolicyId string `pulumi:"policyId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -363,17 +470,8 @@ type AutoscalingPolicyIamMemberArgs struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - // 3 and 50 characters. - // Used to find the parent resource to bind the IAM policy to - PolicyId pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -383,6 +481,14 @@ type AutoscalingPolicyIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + // and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + // 3 and 50 characters. + // Used to find the parent resource to bind the IAM policy to + PolicyId pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format @@ -493,6 +599,17 @@ func (o AutoscalingPolicyIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *AutoscalingPolicyIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AutoscalingPolicyIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *AutoscalingPolicyIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -507,18 +624,6 @@ func (o AutoscalingPolicyIamMemberOutput) PolicyId() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AutoscalingPolicyIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AutoscalingPolicyIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataproc/autoscalingPolicyIamPolicy.go b/sdk/go/gcp/dataproc/autoscalingPolicyIamPolicy.go index 91378ec5ac..3ac9e79df4 100644 --- a/sdk/go/gcp/dataproc/autoscalingPolicyIamPolicy.go +++ b/sdk/go/gcp/dataproc/autoscalingPolicyIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_dataproc\_autoscaling\_policy\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataproc.NewAutoscalingPolicyIamPolicy(ctx, "policy", &dataproc.AutoscalingPolicyIamPolicyArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// PolicyId: pulumi.Any(basic.PolicyId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_autoscaling\_policy\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewAutoscalingPolicyIamBinding(ctx, "binding", &dataproc.AutoscalingPolicyIamBindingArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// PolicyId: pulumi.Any(basic.PolicyId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_autoscaling\_policy\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewAutoscalingPolicyIamMember(ctx, "member", &dataproc.AutoscalingPolicyIamMemberArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// PolicyId: pulumi.Any(basic.PolicyId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -193,18 +304,6 @@ type AutoscalingPolicyIamPolicy struct { PolicyId pulumi.StringOutput `pulumi:"policyId"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -260,18 +359,6 @@ type autoscalingPolicyIamPolicyState struct { PolicyId *string `pulumi:"policyId"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -292,18 +379,6 @@ type AutoscalingPolicyIamPolicyState struct { PolicyId pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -326,18 +401,6 @@ type autoscalingPolicyIamPolicyArgs struct { PolicyId string `pulumi:"policyId"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -357,18 +420,6 @@ type AutoscalingPolicyIamPolicyArgs struct { PolicyId pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -487,18 +538,6 @@ func (o AutoscalingPolicyIamPolicyOutput) PolicyId() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AutoscalingPolicyIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AutoscalingPolicyIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataproc/clusterIAMBinding.go b/sdk/go/gcp/dataproc/clusterIAMBinding.go index 252cab1698..0e6219e595 100644 --- a/sdk/go/gcp/dataproc/clusterIAMBinding.go +++ b/sdk/go/gcp/dataproc/clusterIAMBinding.go @@ -129,6 +129,113 @@ import ( // ``` // // +// ## google\_dataproc\_cluster\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataproc.NewClusterIAMPolicy(ctx, "editor", &dataproc.ClusterIAMPolicyArgs{ +// Project: pulumi.String("your-project"), +// Region: pulumi.String("your-region"), +// Cluster: pulumi.String("your-dataproc-cluster"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_cluster\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewClusterIAMBinding(ctx, "editor", &dataproc.ClusterIAMBindingArgs{ +// Cluster: pulumi.String("your-dataproc-cluster"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_cluster\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewClusterIAMMember(ctx, "editor", &dataproc.ClusterIAMMemberArgs{ +// Cluster: pulumi.String("your-dataproc-cluster"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -160,19 +267,18 @@ type ClusterIAMBinding struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Cluster pulumi.StringOutput `pulumi:"cluster"` + Condition ClusterIAMBindingConditionPtrOutput `pulumi:"condition"` + // (Computed) The etag of the clusters's IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Cluster pulumi.StringOutput `pulumi:"cluster"` - Condition ClusterIAMBindingConditionPtrOutput `pulumi:"condition"` - // (Computed) The etag of the clusters's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The project in which the cluster belongs. If it // is not provided, the provider will use a default. @@ -230,19 +336,18 @@ type clusterIAMBindingState struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Cluster *string `pulumi:"cluster"` + Condition *ClusterIAMBindingCondition `pulumi:"condition"` + // (Computed) The etag of the clusters's IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Cluster *string `pulumi:"cluster"` - Condition *ClusterIAMBindingCondition `pulumi:"condition"` - // (Computed) The etag of the clusters's IAM policy. - Etag *string `pulumi:"etag"` Members []string `pulumi:"members"` // The project in which the cluster belongs. If it // is not provided, the provider will use a default. @@ -262,19 +367,18 @@ type ClusterIAMBindingState struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Cluster pulumi.StringPtrInput + Condition ClusterIAMBindingConditionPtrInput + // (Computed) The etag of the clusters's IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Cluster pulumi.StringPtrInput - Condition ClusterIAMBindingConditionPtrInput - // (Computed) The etag of the clusters's IAM policy. - Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The project in which the cluster belongs. If it // is not provided, the provider will use a default. @@ -298,18 +402,17 @@ type clusterIAMBindingArgs struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Cluster string `pulumi:"cluster"` + Condition *ClusterIAMBindingCondition `pulumi:"condition"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Cluster string `pulumi:"cluster"` - Condition *ClusterIAMBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The project in which the cluster belongs. If it // is not provided, the provider will use a default. Project *string `pulumi:"project"` @@ -329,18 +432,17 @@ type ClusterIAMBindingArgs struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Cluster pulumi.StringInput + Condition ClusterIAMBindingConditionPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Cluster pulumi.StringInput - Condition ClusterIAMBindingConditionPtrInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The project in which the cluster belongs. If it // is not provided, the provider will use a default. Project pulumi.StringPtrInput @@ -445,15 +547,6 @@ func (o ClusterIAMBindingOutput) ToClusterIAMBindingOutputWithContext(ctx contex // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o ClusterIAMBindingOutput) Cluster() pulumi.StringOutput { return o.ApplyT(func(v *ClusterIAMBinding) pulumi.StringOutput { return v.Cluster }).(pulumi.StringOutput) } @@ -467,6 +560,14 @@ func (o ClusterIAMBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ClusterIAMBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o ClusterIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ClusterIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/dataproc/clusterIAMMember.go b/sdk/go/gcp/dataproc/clusterIAMMember.go index c745206fb5..4a0850f7c7 100644 --- a/sdk/go/gcp/dataproc/clusterIAMMember.go +++ b/sdk/go/gcp/dataproc/clusterIAMMember.go @@ -129,6 +129,113 @@ import ( // ``` // // +// ## google\_dataproc\_cluster\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataproc.NewClusterIAMPolicy(ctx, "editor", &dataproc.ClusterIAMPolicyArgs{ +// Project: pulumi.String("your-project"), +// Region: pulumi.String("your-region"), +// Cluster: pulumi.String("your-dataproc-cluster"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_cluster\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewClusterIAMBinding(ctx, "editor", &dataproc.ClusterIAMBindingArgs{ +// Cluster: pulumi.String("your-dataproc-cluster"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_cluster\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewClusterIAMMember(ctx, "editor", &dataproc.ClusterIAMMemberArgs{ +// Cluster: pulumi.String("your-dataproc-cluster"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -160,19 +267,18 @@ type ClusterIAMMember struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Cluster pulumi.StringOutput `pulumi:"cluster"` + Condition ClusterIAMMemberConditionPtrOutput `pulumi:"condition"` + // (Computed) The etag of the clusters's IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Cluster pulumi.StringOutput `pulumi:"cluster"` - Condition ClusterIAMMemberConditionPtrOutput `pulumi:"condition"` - // (Computed) The etag of the clusters's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The project in which the cluster belongs. If it // is not provided, the provider will use a default. @@ -230,19 +336,18 @@ type clusterIAMMemberState struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Cluster *string `pulumi:"cluster"` + Condition *ClusterIAMMemberCondition `pulumi:"condition"` + // (Computed) The etag of the clusters's IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Cluster *string `pulumi:"cluster"` - Condition *ClusterIAMMemberCondition `pulumi:"condition"` - // (Computed) The etag of the clusters's IAM policy. - Etag *string `pulumi:"etag"` Member *string `pulumi:"member"` // The project in which the cluster belongs. If it // is not provided, the provider will use a default. @@ -262,19 +367,18 @@ type ClusterIAMMemberState struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Cluster pulumi.StringPtrInput + Condition ClusterIAMMemberConditionPtrInput + // (Computed) The etag of the clusters's IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Cluster pulumi.StringPtrInput - Condition ClusterIAMMemberConditionPtrInput - // (Computed) The etag of the clusters's IAM policy. - Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The project in which the cluster belongs. If it // is not provided, the provider will use a default. @@ -298,18 +402,17 @@ type clusterIAMMemberArgs struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Cluster string `pulumi:"cluster"` + Condition *ClusterIAMMemberCondition `pulumi:"condition"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Cluster string `pulumi:"cluster"` - Condition *ClusterIAMMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The project in which the cluster belongs. If it // is not provided, the provider will use a default. Project *string `pulumi:"project"` @@ -329,18 +432,17 @@ type ClusterIAMMemberArgs struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Cluster pulumi.StringInput + Condition ClusterIAMMemberConditionPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Cluster pulumi.StringInput - Condition ClusterIAMMemberConditionPtrInput - Member pulumi.StringInput + Member pulumi.StringInput // The project in which the cluster belongs. If it // is not provided, the provider will use a default. Project pulumi.StringPtrInput @@ -445,15 +547,6 @@ func (o ClusterIAMMemberOutput) ToClusterIAMMemberOutputWithContext(ctx context. // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o ClusterIAMMemberOutput) Cluster() pulumi.StringOutput { return o.ApplyT(func(v *ClusterIAMMember) pulumi.StringOutput { return v.Cluster }).(pulumi.StringOutput) } @@ -467,6 +560,14 @@ func (o ClusterIAMMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ClusterIAMMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o ClusterIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ClusterIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataproc/clusterIAMPolicy.go b/sdk/go/gcp/dataproc/clusterIAMPolicy.go index a0f80b6f40..60b393efd3 100644 --- a/sdk/go/gcp/dataproc/clusterIAMPolicy.go +++ b/sdk/go/gcp/dataproc/clusterIAMPolicy.go @@ -129,6 +129,113 @@ import ( // ``` // // +// ## google\_dataproc\_cluster\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataproc.NewClusterIAMPolicy(ctx, "editor", &dataproc.ClusterIAMPolicyArgs{ +// Project: pulumi.String("your-project"), +// Region: pulumi.String("your-region"), +// Cluster: pulumi.String("your-dataproc-cluster"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_cluster\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewClusterIAMBinding(ctx, "editor", &dataproc.ClusterIAMBindingArgs{ +// Cluster: pulumi.String("your-dataproc-cluster"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_cluster\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewClusterIAMMember(ctx, "editor", &dataproc.ClusterIAMMemberArgs{ +// Cluster: pulumi.String("your-dataproc-cluster"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -160,15 +267,6 @@ type ClusterIAMPolicy struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Cluster pulumi.StringOutput `pulumi:"cluster"` // (Computed) The etag of the clusters's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` @@ -223,15 +321,6 @@ type clusterIAMPolicyState struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Cluster *string `pulumi:"cluster"` // (Computed) The etag of the clusters's IAM policy. Etag *string `pulumi:"etag"` @@ -251,15 +340,6 @@ type ClusterIAMPolicyState struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Cluster pulumi.StringPtrInput // (Computed) The etag of the clusters's IAM policy. Etag pulumi.StringPtrInput @@ -283,15 +363,6 @@ type clusterIAMPolicyArgs struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Cluster string `pulumi:"cluster"` // The policy data generated by a `organizations.getIAMPolicy` data source. // @@ -310,15 +381,6 @@ type ClusterIAMPolicyArgs struct { // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Cluster pulumi.StringInput // The policy data generated by a `organizations.getIAMPolicy` data source. // @@ -422,15 +484,6 @@ func (o ClusterIAMPolicyOutput) ToClusterIAMPolicyOutputWithContext(ctx context. // The name or relative resource id of the cluster to manage IAM policies for. // // For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o ClusterIAMPolicyOutput) Cluster() pulumi.StringOutput { return o.ApplyT(func(v *ClusterIAMPolicy) pulumi.StringOutput { return v.Cluster }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataproc/jobIAMBinding.go b/sdk/go/gcp/dataproc/jobIAMBinding.go index 40b34caa76..121f3fb92e 100644 --- a/sdk/go/gcp/dataproc/jobIAMBinding.go +++ b/sdk/go/gcp/dataproc/jobIAMBinding.go @@ -129,6 +129,113 @@ import ( // ``` // // +// ## google\_dataproc\_job\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataproc.NewJobIAMPolicy(ctx, "editor", &dataproc.JobIAMPolicyArgs{ +// Project: pulumi.String("your-project"), +// Region: pulumi.String("your-region"), +// JobId: pulumi.String("your-dataproc-job"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_job\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewJobIAMBinding(ctx, "editor", &dataproc.JobIAMBindingArgs{ +// JobId: pulumi.String("your-dataproc-job"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_job\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewJobIAMMember(ctx, "editor", &dataproc.JobIAMMemberArgs{ +// JobId: pulumi.String("your-dataproc-job"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -159,8 +266,16 @@ type JobIAMBinding struct { Condition JobIAMBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the jobs's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - JobId pulumi.StringOutput `pulumi:"jobId"` + Etag pulumi.StringOutput `pulumi:"etag"` + JobId pulumi.StringOutput `pulumi:"jobId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayOutput `pulumi:"members"` // The project in which the job belongs. If it // is not provided, the provider will use a default. @@ -217,8 +332,16 @@ func GetJobIAMBinding(ctx *pulumi.Context, type jobIAMBindingState struct { Condition *JobIAMBindingCondition `pulumi:"condition"` // (Computed) The etag of the jobs's IAM policy. - Etag *string `pulumi:"etag"` - JobId *string `pulumi:"jobId"` + Etag *string `pulumi:"etag"` + JobId *string `pulumi:"jobId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members []string `pulumi:"members"` // The project in which the job belongs. If it // is not provided, the provider will use a default. @@ -237,8 +360,16 @@ type jobIAMBindingState struct { type JobIAMBindingState struct { Condition JobIAMBindingConditionPtrInput // (Computed) The etag of the jobs's IAM policy. - Etag pulumi.StringPtrInput - JobId pulumi.StringPtrInput + Etag pulumi.StringPtrInput + JobId pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayInput // The project in which the job belongs. If it // is not provided, the provider will use a default. @@ -261,7 +392,15 @@ func (JobIAMBindingState) ElementType() reflect.Type { type jobIAMBindingArgs struct { Condition *JobIAMBindingCondition `pulumi:"condition"` JobId string `pulumi:"jobId"` - Members []string `pulumi:"members"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members []string `pulumi:"members"` // The project in which the job belongs. If it // is not provided, the provider will use a default. Project *string `pulumi:"project"` @@ -280,7 +419,15 @@ type jobIAMBindingArgs struct { type JobIAMBindingArgs struct { Condition JobIAMBindingConditionPtrInput JobId pulumi.StringInput - Members pulumi.StringArrayInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members pulumi.StringArrayInput // The project in which the job belongs. If it // is not provided, the provider will use a default. Project pulumi.StringPtrInput @@ -395,6 +542,14 @@ func (o JobIAMBindingOutput) JobId() pulumi.StringOutput { return o.ApplyT(func(v *JobIAMBinding) pulumi.StringOutput { return v.JobId }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o JobIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *JobIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/dataproc/jobIAMMember.go b/sdk/go/gcp/dataproc/jobIAMMember.go index f71aa4d508..6390e979a0 100644 --- a/sdk/go/gcp/dataproc/jobIAMMember.go +++ b/sdk/go/gcp/dataproc/jobIAMMember.go @@ -129,6 +129,113 @@ import ( // ``` // // +// ## google\_dataproc\_job\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataproc.NewJobIAMPolicy(ctx, "editor", &dataproc.JobIAMPolicyArgs{ +// Project: pulumi.String("your-project"), +// Region: pulumi.String("your-region"), +// JobId: pulumi.String("your-dataproc-job"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_job\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewJobIAMBinding(ctx, "editor", &dataproc.JobIAMBindingArgs{ +// JobId: pulumi.String("your-dataproc-job"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_job\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewJobIAMMember(ctx, "editor", &dataproc.JobIAMMemberArgs{ +// JobId: pulumi.String("your-dataproc-job"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -159,8 +266,16 @@ type JobIAMMember struct { Condition JobIAMMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the jobs's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - JobId pulumi.StringOutput `pulumi:"jobId"` + Etag pulumi.StringOutput `pulumi:"etag"` + JobId pulumi.StringOutput `pulumi:"jobId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringOutput `pulumi:"member"` // The project in which the job belongs. If it // is not provided, the provider will use a default. @@ -217,8 +332,16 @@ func GetJobIAMMember(ctx *pulumi.Context, type jobIAMMemberState struct { Condition *JobIAMMemberCondition `pulumi:"condition"` // (Computed) The etag of the jobs's IAM policy. - Etag *string `pulumi:"etag"` - JobId *string `pulumi:"jobId"` + Etag *string `pulumi:"etag"` + JobId *string `pulumi:"jobId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member *string `pulumi:"member"` // The project in which the job belongs. If it // is not provided, the provider will use a default. @@ -237,8 +360,16 @@ type jobIAMMemberState struct { type JobIAMMemberState struct { Condition JobIAMMemberConditionPtrInput // (Computed) The etag of the jobs's IAM policy. - Etag pulumi.StringPtrInput - JobId pulumi.StringPtrInput + Etag pulumi.StringPtrInput + JobId pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringPtrInput // The project in which the job belongs. If it // is not provided, the provider will use a default. @@ -261,7 +392,15 @@ func (JobIAMMemberState) ElementType() reflect.Type { type jobIAMMemberArgs struct { Condition *JobIAMMemberCondition `pulumi:"condition"` JobId string `pulumi:"jobId"` - Member string `pulumi:"member"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member string `pulumi:"member"` // The project in which the job belongs. If it // is not provided, the provider will use a default. Project *string `pulumi:"project"` @@ -280,7 +419,15 @@ type jobIAMMemberArgs struct { type JobIAMMemberArgs struct { Condition JobIAMMemberConditionPtrInput JobId pulumi.StringInput - Member pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member pulumi.StringInput // The project in which the job belongs. If it // is not provided, the provider will use a default. Project pulumi.StringPtrInput @@ -395,6 +542,14 @@ func (o JobIAMMemberOutput) JobId() pulumi.StringOutput { return o.ApplyT(func(v *JobIAMMember) pulumi.StringOutput { return v.JobId }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o JobIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *JobIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataproc/jobIAMPolicy.go b/sdk/go/gcp/dataproc/jobIAMPolicy.go index 40c0a317a7..174a19e3a5 100644 --- a/sdk/go/gcp/dataproc/jobIAMPolicy.go +++ b/sdk/go/gcp/dataproc/jobIAMPolicy.go @@ -129,6 +129,113 @@ import ( // ``` // // +// ## google\_dataproc\_job\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataproc.NewJobIAMPolicy(ctx, "editor", &dataproc.JobIAMPolicyArgs{ +// Project: pulumi.String("your-project"), +// Region: pulumi.String("your-region"), +// JobId: pulumi.String("your-dataproc-job"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_job\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewJobIAMBinding(ctx, "editor", &dataproc.JobIAMBindingArgs{ +// JobId: pulumi.String("your-dataproc-job"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_job\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewJobIAMMember(ctx, "editor", &dataproc.JobIAMMemberArgs{ +// JobId: pulumi.String("your-dataproc-job"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies diff --git a/sdk/go/gcp/dataproc/metastoreFederationIamBinding.go b/sdk/go/gcp/dataproc/metastoreFederationIamBinding.go index 2f88994ee0..f87bd26012 100644 --- a/sdk/go/gcp/dataproc/metastoreFederationIamBinding.go +++ b/sdk/go/gcp/dataproc/metastoreFederationIamBinding.go @@ -58,13 +58,9 @@ type MetastoreFederationIamBinding struct { FederationId pulumi.StringOutput `pulumi:"federationId"` // The location where the metastore federation should reside. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,6 +70,9 @@ type MetastoreFederationIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format @@ -126,13 +125,9 @@ type metastoreFederationIamBindingState struct { FederationId *string `pulumi:"federationId"` // The location where the metastore federation should reside. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -142,6 +137,9 @@ type metastoreFederationIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format @@ -157,12 +155,8 @@ type MetastoreFederationIamBindingState struct { // The location where the metastore federation should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -172,6 +166,9 @@ type MetastoreFederationIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format @@ -188,13 +185,9 @@ type metastoreFederationIamBindingArgs struct { FederationId string `pulumi:"federationId"` // The location where the metastore federation should reside. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -204,6 +197,9 @@ type metastoreFederationIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format @@ -218,12 +214,8 @@ type MetastoreFederationIamBindingArgs struct { // The location where the metastore federation should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -233,6 +225,9 @@ type MetastoreFederationIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format @@ -348,24 +343,23 @@ func (o MetastoreFederationIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *MetastoreFederationIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MetastoreFederationIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *MetastoreFederationIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MetastoreFederationIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *MetastoreFederationIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataproc/metastoreFederationIamMember.go b/sdk/go/gcp/dataproc/metastoreFederationIamMember.go index 1e5d38512f..4e1d6d89ad 100644 --- a/sdk/go/gcp/dataproc/metastoreFederationIamMember.go +++ b/sdk/go/gcp/dataproc/metastoreFederationIamMember.go @@ -59,12 +59,8 @@ type MetastoreFederationIamMember struct { // The location where the metastore federation should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,6 +70,9 @@ type MetastoreFederationIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format @@ -127,12 +126,8 @@ type metastoreFederationIamMemberState struct { // The location where the metastore federation should reside. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -142,6 +137,9 @@ type metastoreFederationIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format @@ -157,12 +155,8 @@ type MetastoreFederationIamMemberState struct { // The location where the metastore federation should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -172,6 +166,9 @@ type MetastoreFederationIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format @@ -189,12 +186,8 @@ type metastoreFederationIamMemberArgs struct { // The location where the metastore federation should reside. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -204,6 +197,9 @@ type metastoreFederationIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format @@ -218,12 +214,8 @@ type MetastoreFederationIamMemberArgs struct { // The location where the metastore federation should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -233,6 +225,9 @@ type MetastoreFederationIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format @@ -348,24 +343,23 @@ func (o MetastoreFederationIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *MetastoreFederationIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MetastoreFederationIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *MetastoreFederationIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MetastoreFederationIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *MetastoreFederationIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataproc/metastoreFederationIamPolicy.go b/sdk/go/gcp/dataproc/metastoreFederationIamPolicy.go index 239ccd3bc6..1ca7148e6d 100644 --- a/sdk/go/gcp/dataproc/metastoreFederationIamPolicy.go +++ b/sdk/go/gcp/dataproc/metastoreFederationIamPolicy.go @@ -63,18 +63,6 @@ type MetastoreFederationIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -125,18 +113,6 @@ type metastoreFederationIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -152,18 +128,6 @@ type MetastoreFederationIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -181,18 +145,6 @@ type metastoreFederationIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -207,18 +159,6 @@ type MetastoreFederationIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -332,18 +272,6 @@ func (o MetastoreFederationIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MetastoreFederationIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *MetastoreFederationIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataproc/metastoreServiceIamBinding.go b/sdk/go/gcp/dataproc/metastoreServiceIamBinding.go index ce81bf532a..b6102ff6b2 100644 --- a/sdk/go/gcp/dataproc/metastoreServiceIamBinding.go +++ b/sdk/go/gcp/dataproc/metastoreServiceIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_dataproc\_metastore\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataproc.NewMetastoreServiceIamPolicy(ctx, "policy", &dataproc.MetastoreServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// ServiceId: pulumi.Any(_default.ServiceId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_metastore\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewMetastoreServiceIamBinding(ctx, "binding", &dataproc.MetastoreServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// ServiceId: pulumi.Any(_default.ServiceId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_metastore\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewMetastoreServiceIamMember(ctx, "member", &dataproc.MetastoreServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// ServiceId: pulumi.Any(_default.ServiceId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,13 +294,9 @@ type MetastoreServiceIamBinding struct { // The location where the metastore service should reside. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +306,9 @@ type MetastoreServiceIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -252,13 +362,9 @@ type metastoreServiceIamBindingState struct { // The location where the metastore service should reside. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -268,6 +374,9 @@ type metastoreServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -284,12 +393,8 @@ type MetastoreServiceIamBindingState struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -299,6 +404,9 @@ type MetastoreServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -316,13 +424,9 @@ type metastoreServiceIamBindingArgs struct { // The location where the metastore service should reside. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -332,6 +436,9 @@ type metastoreServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -347,12 +454,8 @@ type MetastoreServiceIamBindingArgs struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -362,6 +465,9 @@ type MetastoreServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -473,24 +579,23 @@ func (o MetastoreServiceIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *MetastoreServiceIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MetastoreServiceIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *MetastoreServiceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MetastoreServiceIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *MetastoreServiceIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataproc/metastoreServiceIamMember.go b/sdk/go/gcp/dataproc/metastoreServiceIamMember.go index d0be689126..0d2f7bccb5 100644 --- a/sdk/go/gcp/dataproc/metastoreServiceIamMember.go +++ b/sdk/go/gcp/dataproc/metastoreServiceIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_dataproc\_metastore\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataproc.NewMetastoreServiceIamPolicy(ctx, "policy", &dataproc.MetastoreServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// ServiceId: pulumi.Any(_default.ServiceId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_metastore\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewMetastoreServiceIamBinding(ctx, "binding", &dataproc.MetastoreServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// ServiceId: pulumi.Any(_default.ServiceId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_metastore\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewMetastoreServiceIamMember(ctx, "member", &dataproc.MetastoreServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// ServiceId: pulumi.Any(_default.ServiceId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -184,12 +295,8 @@ type MetastoreServiceIamMember struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +306,9 @@ type MetastoreServiceIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -253,12 +363,8 @@ type metastoreServiceIamMemberState struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -268,6 +374,9 @@ type metastoreServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -284,12 +393,8 @@ type MetastoreServiceIamMemberState struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -299,6 +404,9 @@ type MetastoreServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -317,12 +425,8 @@ type metastoreServiceIamMemberArgs struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -332,6 +436,9 @@ type metastoreServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -347,12 +454,8 @@ type MetastoreServiceIamMemberArgs struct { // The default value is `global`. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -362,6 +465,9 @@ type MetastoreServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -473,24 +579,23 @@ func (o MetastoreServiceIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *MetastoreServiceIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MetastoreServiceIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *MetastoreServiceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MetastoreServiceIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *MetastoreServiceIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dataproc/metastoreServiceIamPolicy.go b/sdk/go/gcp/dataproc/metastoreServiceIamPolicy.go index 17bc8a9422..d10b8fa53c 100644 --- a/sdk/go/gcp/dataproc/metastoreServiceIamPolicy.go +++ b/sdk/go/gcp/dataproc/metastoreServiceIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_dataproc\_metastore\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dataproc.NewMetastoreServiceIamPolicy(ctx, "policy", &dataproc.MetastoreServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// ServiceId: pulumi.Any(_default.ServiceId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_metastore\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewMetastoreServiceIamBinding(ctx, "binding", &dataproc.MetastoreServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// ServiceId: pulumi.Any(_default.ServiceId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dataproc\_metastore\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dataproc" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dataproc.NewMetastoreServiceIamMember(ctx, "member", &dataproc.MetastoreServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Location: pulumi.Any(_default.Location), +// ServiceId: pulumi.Any(_default.ServiceId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -188,18 +299,6 @@ type MetastoreServiceIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` ServiceId pulumi.StringOutput `pulumi:"serviceId"` } @@ -251,18 +350,6 @@ type metastoreServiceIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` ServiceId *string `pulumi:"serviceId"` } @@ -279,18 +366,6 @@ type MetastoreServiceIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput ServiceId pulumi.StringPtrInput } @@ -309,18 +384,6 @@ type metastoreServiceIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` ServiceId string `pulumi:"serviceId"` } @@ -336,18 +399,6 @@ type MetastoreServiceIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput ServiceId pulumi.StringInput } @@ -459,18 +510,6 @@ func (o MetastoreServiceIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MetastoreServiceIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *MetastoreServiceIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dns/dnsManagedZoneIamBinding.go b/sdk/go/gcp/dns/dnsManagedZoneIamBinding.go index c12ff403c2..792ef12731 100644 --- a/sdk/go/gcp/dns/dnsManagedZoneIamBinding.go +++ b/sdk/go/gcp/dns/dnsManagedZoneIamBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_dns\_managed\_zone\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dns.NewDnsManagedZoneIamPolicy(ctx, "policy", &dns.DnsManagedZoneIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// ManagedZone: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dns\_managed\_zone\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dns.NewDnsManagedZoneIamBinding(ctx, "binding", &dns.DnsManagedZoneIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// ManagedZone: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dns\_managed\_zone\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dns.NewDnsManagedZoneIamMember(ctx, "member", &dns.DnsManagedZoneIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// ManagedZone: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -176,13 +284,9 @@ type DnsManagedZoneIamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - ManagedZone pulumi.StringOutput `pulumi:"managedZone"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + ManagedZone pulumi.StringOutput `pulumi:"managedZone"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,6 +296,9 @@ type DnsManagedZoneIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -242,13 +349,9 @@ type dnsManagedZoneIamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - ManagedZone *string `pulumi:"managedZone"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + ManagedZone *string `pulumi:"managedZone"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,6 +361,9 @@ type dnsManagedZoneIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -271,12 +377,8 @@ type DnsManagedZoneIamBindingState struct { Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to ManagedZone pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -286,6 +388,9 @@ type DnsManagedZoneIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -300,13 +405,9 @@ func (DnsManagedZoneIamBindingState) ElementType() reflect.Type { type dnsManagedZoneIamBindingArgs struct { Condition *DnsManagedZoneIamBindingCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - ManagedZone string `pulumi:"managedZone"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + ManagedZone string `pulumi:"managedZone"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -316,6 +417,9 @@ type dnsManagedZoneIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -328,12 +432,8 @@ type DnsManagedZoneIamBindingArgs struct { Condition DnsManagedZoneIamBindingConditionPtrInput // Used to find the parent resource to bind the IAM policy to ManagedZone pulumi.StringInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -343,6 +443,9 @@ type DnsManagedZoneIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -451,24 +554,23 @@ func (o DnsManagedZoneIamBindingOutput) ManagedZone() pulumi.StringOutput { return o.ApplyT(func(v *DnsManagedZoneIamBinding) pulumi.StringOutput { return v.ManagedZone }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DnsManagedZoneIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *DnsManagedZoneIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DnsManagedZoneIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DnsManagedZoneIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dns/dnsManagedZoneIamMember.go b/sdk/go/gcp/dns/dnsManagedZoneIamMember.go index eb0696a410..b06336ea53 100644 --- a/sdk/go/gcp/dns/dnsManagedZoneIamMember.go +++ b/sdk/go/gcp/dns/dnsManagedZoneIamMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_dns\_managed\_zone\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dns.NewDnsManagedZoneIamPolicy(ctx, "policy", &dns.DnsManagedZoneIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// ManagedZone: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dns\_managed\_zone\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dns.NewDnsManagedZoneIamBinding(ctx, "binding", &dns.DnsManagedZoneIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// ManagedZone: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dns\_managed\_zone\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dns.NewDnsManagedZoneIamMember(ctx, "member", &dns.DnsManagedZoneIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// ManagedZone: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -177,12 +285,8 @@ type DnsManagedZoneIamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to ManagedZone pulumi.StringOutput `pulumi:"managedZone"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,6 +296,9 @@ type DnsManagedZoneIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -243,12 +350,8 @@ type dnsManagedZoneIamMemberState struct { Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to ManagedZone *string `pulumi:"managedZone"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,6 +361,9 @@ type dnsManagedZoneIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -271,12 +377,8 @@ type DnsManagedZoneIamMemberState struct { Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to ManagedZone pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -286,6 +388,9 @@ type DnsManagedZoneIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -301,12 +406,8 @@ type dnsManagedZoneIamMemberArgs struct { Condition *DnsManagedZoneIamMemberCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to ManagedZone string `pulumi:"managedZone"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -316,6 +417,9 @@ type dnsManagedZoneIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -328,12 +432,8 @@ type DnsManagedZoneIamMemberArgs struct { Condition DnsManagedZoneIamMemberConditionPtrInput // Used to find the parent resource to bind the IAM policy to ManagedZone pulumi.StringInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -343,6 +443,9 @@ type DnsManagedZoneIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format @@ -451,24 +554,23 @@ func (o DnsManagedZoneIamMemberOutput) ManagedZone() pulumi.StringOutput { return o.ApplyT(func(v *DnsManagedZoneIamMember) pulumi.StringOutput { return v.ManagedZone }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DnsManagedZoneIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *DnsManagedZoneIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DnsManagedZoneIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DnsManagedZoneIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/dns/dnsManagedZoneIamPolicy.go b/sdk/go/gcp/dns/dnsManagedZoneIamPolicy.go index 0cc1fec3a0..c85ab4337e 100644 --- a/sdk/go/gcp/dns/dnsManagedZoneIamPolicy.go +++ b/sdk/go/gcp/dns/dnsManagedZoneIamPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_dns\_managed\_zone\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = dns.NewDnsManagedZoneIamPolicy(ctx, "policy", &dns.DnsManagedZoneIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// ManagedZone: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dns\_managed\_zone\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dns.NewDnsManagedZoneIamBinding(ctx, "binding", &dns.DnsManagedZoneIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// ManagedZone: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_dns\_managed\_zone\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/dns" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := dns.NewDnsManagedZoneIamMember(ctx, "member", &dns.DnsManagedZoneIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// ManagedZone: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,18 +289,6 @@ type DnsManagedZoneIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -241,18 +337,6 @@ type dnsManagedZoneIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -266,18 +350,6 @@ type DnsManagedZoneIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -293,18 +365,6 @@ type dnsManagedZoneIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -317,18 +377,6 @@ type DnsManagedZoneIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -437,18 +485,6 @@ func (o DnsManagedZoneIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o DnsManagedZoneIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *DnsManagedZoneIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/endpoints/consumersIamBinding.go b/sdk/go/gcp/endpoints/consumersIamBinding.go index e92cac67d9..30d1e07537 100644 --- a/sdk/go/gcp/endpoints/consumersIamBinding.go +++ b/sdk/go/gcp/endpoints/consumersIamBinding.go @@ -67,7 +67,18 @@ type ConsumersIamBinding struct { Condition ConsumersIamBindingConditionPtrOutput `pulumi:"condition"` ConsumerProject pulumi.StringOutput `pulumi:"consumerProject"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format @@ -121,7 +132,18 @@ type consumersIamBindingState struct { Condition *ConsumersIamBindingCondition `pulumi:"condition"` ConsumerProject *string `pulumi:"consumerProject"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Members []string `pulumi:"members"` // The role that should be applied. Only one // `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format @@ -134,7 +156,18 @@ type ConsumersIamBindingState struct { Condition ConsumersIamBindingConditionPtrInput ConsumerProject pulumi.StringPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Members pulumi.StringArrayInput // The role that should be applied. Only one // `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format @@ -150,7 +183,18 @@ func (ConsumersIamBindingState) ElementType() reflect.Type { type consumersIamBindingArgs struct { Condition *ConsumersIamBindingCondition `pulumi:"condition"` ConsumerProject string `pulumi:"consumerProject"` - Members []string `pulumi:"members"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` // The role that should be applied. Only one // `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -162,7 +206,18 @@ type consumersIamBindingArgs struct { type ConsumersIamBindingArgs struct { Condition ConsumersIamBindingConditionPtrInput ConsumerProject pulumi.StringInput - Members pulumi.StringArrayInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput // The role that should be applied. Only one // `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -270,6 +325,17 @@ func (o ConsumersIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ConsumersIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConsumersIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ConsumersIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/endpoints/consumersIamMember.go b/sdk/go/gcp/endpoints/consumersIamMember.go index a8d13aefc4..191d604d60 100644 --- a/sdk/go/gcp/endpoints/consumersIamMember.go +++ b/sdk/go/gcp/endpoints/consumersIamMember.go @@ -67,7 +67,18 @@ type ConsumersIamMember struct { Condition ConsumersIamMemberConditionPtrOutput `pulumi:"condition"` ConsumerProject pulumi.StringOutput `pulumi:"consumerProject"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format @@ -121,7 +132,18 @@ type consumersIamMemberState struct { Condition *ConsumersIamMemberCondition `pulumi:"condition"` ConsumerProject *string `pulumi:"consumerProject"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Member *string `pulumi:"member"` // The role that should be applied. Only one // `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format @@ -134,7 +156,18 @@ type ConsumersIamMemberState struct { Condition ConsumersIamMemberConditionPtrInput ConsumerProject pulumi.StringPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Member pulumi.StringPtrInput // The role that should be applied. Only one // `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format @@ -150,7 +183,18 @@ func (ConsumersIamMemberState) ElementType() reflect.Type { type consumersIamMemberArgs struct { Condition *ConsumersIamMemberCondition `pulumi:"condition"` ConsumerProject string `pulumi:"consumerProject"` - Member string `pulumi:"member"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` // The role that should be applied. Only one // `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -162,7 +206,18 @@ type consumersIamMemberArgs struct { type ConsumersIamMemberArgs struct { Condition ConsumersIamMemberConditionPtrInput ConsumerProject pulumi.StringInput - Member pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput // The role that should be applied. Only one // `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -270,6 +325,17 @@ func (o ConsumersIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ConsumersIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConsumersIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ConsumersIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/endpoints/serviceIamBinding.go b/sdk/go/gcp/endpoints/serviceIamBinding.go index d18ff5bac0..398575b349 100644 --- a/sdk/go/gcp/endpoints/serviceIamBinding.go +++ b/sdk/go/gcp/endpoints/serviceIamBinding.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_endpoints\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = endpoints.NewServiceIamPolicy(ctx, "policy", &endpoints.ServiceIamPolicyArgs{ +// ServiceName: pulumi.Any(endpointsService.ServiceName), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_endpoints\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := endpoints.NewServiceIamBinding(ctx, "binding", &endpoints.ServiceIamBindingArgs{ +// ServiceName: pulumi.Any(endpointsService.ServiceName), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_endpoints\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := endpoints.NewServiceIamMember(ctx, "member", &endpoints.ServiceIamMemberArgs{ +// ServiceName: pulumi.Any(endpointsService.ServiceName), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,7 +274,18 @@ type ServiceIamBinding struct { Condition ServiceIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -219,7 +335,18 @@ func GetServiceIamBinding(ctx *pulumi.Context, type serviceIamBindingState struct { Condition *ServiceIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Members []string `pulumi:"members"` // The role that should be applied. Only one // `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -231,7 +358,18 @@ type serviceIamBindingState struct { type ServiceIamBindingState struct { Condition ServiceIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Members pulumi.StringArrayInput // The role that should be applied. Only one // `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -246,7 +384,18 @@ func (ServiceIamBindingState) ElementType() reflect.Type { type serviceIamBindingArgs struct { Condition *ServiceIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` // The role that should be applied. Only one // `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -257,7 +406,18 @@ type serviceIamBindingArgs struct { // The set of arguments for constructing a ServiceIamBinding resource. type ServiceIamBindingArgs struct { Condition ServiceIamBindingConditionPtrInput - Members pulumi.StringArrayInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput // The role that should be applied. Only one // `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -361,6 +521,17 @@ func (o ServiceIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ServiceIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ServiceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/endpoints/serviceIamMember.go b/sdk/go/gcp/endpoints/serviceIamMember.go index 2df90cd6e0..53764c39b7 100644 --- a/sdk/go/gcp/endpoints/serviceIamMember.go +++ b/sdk/go/gcp/endpoints/serviceIamMember.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_endpoints\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = endpoints.NewServiceIamPolicy(ctx, "policy", &endpoints.ServiceIamPolicyArgs{ +// ServiceName: pulumi.Any(endpointsService.ServiceName), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_endpoints\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := endpoints.NewServiceIamBinding(ctx, "binding", &endpoints.ServiceIamBindingArgs{ +// ServiceName: pulumi.Any(endpointsService.ServiceName), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_endpoints\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := endpoints.NewServiceIamMember(ctx, "member", &endpoints.ServiceIamMemberArgs{ +// ServiceName: pulumi.Any(endpointsService.ServiceName), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,7 +274,18 @@ type ServiceIamMember struct { Condition ServiceIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -219,7 +335,18 @@ func GetServiceIamMember(ctx *pulumi.Context, type serviceIamMemberState struct { Condition *ServiceIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Member *string `pulumi:"member"` // The role that should be applied. Only one // `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -231,7 +358,18 @@ type serviceIamMemberState struct { type ServiceIamMemberState struct { Condition ServiceIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Member pulumi.StringPtrInput // The role that should be applied. Only one // `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -246,7 +384,18 @@ func (ServiceIamMemberState) ElementType() reflect.Type { type serviceIamMemberArgs struct { Condition *ServiceIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` // The role that should be applied. Only one // `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -257,7 +406,18 @@ type serviceIamMemberArgs struct { // The set of arguments for constructing a ServiceIamMember resource. type ServiceIamMemberArgs struct { Condition ServiceIamMemberConditionPtrInput - Member pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput // The role that should be applied. Only one // `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -361,6 +521,17 @@ func (o ServiceIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ServiceIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/endpoints/serviceIamPolicy.go b/sdk/go/gcp/endpoints/serviceIamPolicy.go index 230cfc579c..74cc269e73 100644 --- a/sdk/go/gcp/endpoints/serviceIamPolicy.go +++ b/sdk/go/gcp/endpoints/serviceIamPolicy.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_endpoints\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = endpoints.NewServiceIamPolicy(ctx, "policy", &endpoints.ServiceIamPolicyArgs{ +// ServiceName: pulumi.Any(endpointsService.ServiceName), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_endpoints\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := endpoints.NewServiceIamBinding(ctx, "binding", &endpoints.ServiceIamBindingArgs{ +// ServiceName: pulumi.Any(endpointsService.ServiceName), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_endpoints\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/endpoints" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := endpoints.NewServiceIamMember(ctx, "member", &endpoints.ServiceIamMemberArgs{ +// ServiceName: pulumi.Any(endpointsService.ServiceName), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/go/gcp/folder/iamAuditConfig.go b/sdk/go/gcp/folder/iamAuditConfig.go index 26ef3a425c..090a9993a6 100644 --- a/sdk/go/gcp/folder/iamAuditConfig.go +++ b/sdk/go/gcp/folder/iamAuditConfig.go @@ -301,6 +301,280 @@ import ( // ``` // // +// ## google\_folder\_iam\_policy +// +// !> **Be careful!** You can accidentally lock yourself out of your folder +// +// using this resource. Deleting a `folder.IAMPolicy` removes access +// from anyone without permissions on its parent folder/organization. Proceed with caution. +// It's not recommended to use `folder.IAMPolicy` with your provider folder +// to avoid locking yourself out, and it should generally only be used with folders +// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before +// applying the change. +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = folder.NewIAMPolicy(ctx, "folder", &folder.IAMPolicyArgs{ +// Folder: pulumi.String("folders/1234567"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = folder.NewIAMPolicy(ctx, "folder", &folder.IAMPolicyArgs{ +// Folder: pulumi.String("folders/1234567"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_folder\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIAMBinding(ctx, "folder", &folder.IAMBindingArgs{ +// Folder: pulumi.String("folders/1234567"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIAMBinding(ctx, "folder", &folder.IAMBindingArgs{ +// Folder: pulumi.String("folders/1234567"), +// Role: pulumi.String("roles/container.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &folder.IAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_folder\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIAMMember(ctx, "folder", &folder.IAMMemberArgs{ +// Folder: pulumi.String("folders/1234567"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIAMMember(ctx, "folder", &folder.IAMMemberArgs{ +// Folder: pulumi.String("folders/1234567"), +// Role: pulumi.String("roles/firebase.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &folder.IAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_folder\_iam\_audit\_config +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIamAuditConfig(ctx, "folder", &folder.IamAuditConfigArgs{ +// Folder: pulumi.String("folders/1234567"), +// Service: pulumi.String("allServices"), +// AuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{ +// &folder.IamAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("ADMIN_READ"), +// }, +// &folder.IamAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("DATA_READ"), +// ExemptedMembers: pulumi.StringArray{ +// pulumi.String("user:joebloggs@example.com"), +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing Audit Configs diff --git a/sdk/go/gcp/folder/iammember.go b/sdk/go/gcp/folder/iammember.go index 8ceb222c33..cc4204df87 100644 --- a/sdk/go/gcp/folder/iammember.go +++ b/sdk/go/gcp/folder/iammember.go @@ -301,6 +301,280 @@ import ( // ``` // // +// ## google\_folder\_iam\_policy +// +// !> **Be careful!** You can accidentally lock yourself out of your folder +// +// using this resource. Deleting a `folder.IAMPolicy` removes access +// from anyone without permissions on its parent folder/organization. Proceed with caution. +// It's not recommended to use `folder.IAMPolicy` with your provider folder +// to avoid locking yourself out, and it should generally only be used with folders +// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before +// applying the change. +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = folder.NewIAMPolicy(ctx, "folder", &folder.IAMPolicyArgs{ +// Folder: pulumi.String("folders/1234567"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = folder.NewIAMPolicy(ctx, "folder", &folder.IAMPolicyArgs{ +// Folder: pulumi.String("folders/1234567"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_folder\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIAMBinding(ctx, "folder", &folder.IAMBindingArgs{ +// Folder: pulumi.String("folders/1234567"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIAMBinding(ctx, "folder", &folder.IAMBindingArgs{ +// Folder: pulumi.String("folders/1234567"), +// Role: pulumi.String("roles/container.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &folder.IAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_folder\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIAMMember(ctx, "folder", &folder.IAMMemberArgs{ +// Folder: pulumi.String("folders/1234567"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIAMMember(ctx, "folder", &folder.IAMMemberArgs{ +// Folder: pulumi.String("folders/1234567"), +// Role: pulumi.String("roles/firebase.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &folder.IAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_folder\_iam\_audit\_config +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIamAuditConfig(ctx, "folder", &folder.IamAuditConfigArgs{ +// Folder: pulumi.String("folders/1234567"), +// Service: pulumi.String("allServices"), +// AuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{ +// &folder.IamAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("ADMIN_READ"), +// }, +// &folder.IamAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("DATA_READ"), +// ExemptedMembers: pulumi.StringArray{ +// pulumi.String("user:joebloggs@example.com"), +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing Audit Configs @@ -336,6 +610,12 @@ type IAMMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // The resource name of the folder the policy is attached to. Its format is folders/{folder_id}. Folder pulumi.StringOutput `pulumi:"folder"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `folder.IAMBinding` can be used per role. Note that custom roles must be of the format @@ -389,6 +669,12 @@ type iammemberState struct { Etag *string `pulumi:"etag"` // The resource name of the folder the policy is attached to. Its format is folders/{folder_id}. Folder *string `pulumi:"folder"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member *string `pulumi:"member"` // The role that should be applied. Only one // `folder.IAMBinding` can be used per role. Note that custom roles must be of the format @@ -404,6 +690,12 @@ type IAMMemberState struct { Etag pulumi.StringPtrInput // The resource name of the folder the policy is attached to. Its format is folders/{folder_id}. Folder pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringPtrInput // The role that should be applied. Only one // `folder.IAMBinding` can be used per role. Note that custom roles must be of the format @@ -421,6 +713,12 @@ type iammemberArgs struct { Condition *IAMMemberCondition `pulumi:"condition"` // The resource name of the folder the policy is attached to. Its format is folders/{folder_id}. Folder string `pulumi:"folder"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member string `pulumi:"member"` // The role that should be applied. Only one // `folder.IAMBinding` can be used per role. Note that custom roles must be of the format @@ -435,6 +733,12 @@ type IAMMemberArgs struct { Condition IAMMemberConditionPtrInput // The resource name of the folder the policy is attached to. Its format is folders/{folder_id}. Folder pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringInput // The role that should be applied. Only one // `folder.IAMBinding` can be used per role. Note that custom roles must be of the format @@ -545,6 +849,12 @@ func (o IAMMemberOutput) Folder() pulumi.StringOutput { return o.ApplyT(func(v *IAMMember) pulumi.StringOutput { return v.Folder }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o IAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *IAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/folder/iampolicy.go b/sdk/go/gcp/folder/iampolicy.go index f5667faadc..e4b9b7d1af 100644 --- a/sdk/go/gcp/folder/iampolicy.go +++ b/sdk/go/gcp/folder/iampolicy.go @@ -301,6 +301,280 @@ import ( // ``` // // +// ## google\_folder\_iam\_policy +// +// !> **Be careful!** You can accidentally lock yourself out of your folder +// +// using this resource. Deleting a `folder.IAMPolicy` removes access +// from anyone without permissions on its parent folder/organization. Proceed with caution. +// It's not recommended to use `folder.IAMPolicy` with your provider folder +// to avoid locking yourself out, and it should generally only be used with folders +// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before +// applying the change. +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = folder.NewIAMPolicy(ctx, "folder", &folder.IAMPolicyArgs{ +// Folder: pulumi.String("folders/1234567"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = folder.NewIAMPolicy(ctx, "folder", &folder.IAMPolicyArgs{ +// Folder: pulumi.String("folders/1234567"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_folder\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIAMBinding(ctx, "folder", &folder.IAMBindingArgs{ +// Folder: pulumi.String("folders/1234567"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIAMBinding(ctx, "folder", &folder.IAMBindingArgs{ +// Folder: pulumi.String("folders/1234567"), +// Role: pulumi.String("roles/container.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &folder.IAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_folder\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIAMMember(ctx, "folder", &folder.IAMMemberArgs{ +// Folder: pulumi.String("folders/1234567"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIAMMember(ctx, "folder", &folder.IAMMemberArgs{ +// Folder: pulumi.String("folders/1234567"), +// Role: pulumi.String("roles/firebase.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &folder.IAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_folder\_iam\_audit\_config +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/folder" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := folder.NewIamAuditConfig(ctx, "folder", &folder.IamAuditConfigArgs{ +// Folder: pulumi.String("folders/1234567"), +// Service: pulumi.String("allServices"), +// AuditLogConfigs: folder.IamAuditConfigAuditLogConfigArray{ +// &folder.IamAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("ADMIN_READ"), +// }, +// &folder.IamAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("DATA_READ"), +// ExemptedMembers: pulumi.StringArray{ +// pulumi.String("user:joebloggs@example.com"), +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing Audit Configs diff --git a/sdk/go/gcp/gkebackup/backupPlanIamBinding.go b/sdk/go/gcp/gkebackup/backupPlanIamBinding.go index 634114a186..8633571e6a 100644 --- a/sdk/go/gcp/gkebackup/backupPlanIamBinding.go +++ b/sdk/go/gcp/gkebackup/backupPlanIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_gke\_backup\_backup\_plan\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = gkebackup.NewBackupPlanIamPolicy(ctx, "policy", &gkebackup.BackupPlanIamPolicyArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// Name: pulumi.Any(basic.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_backup\_backup\_plan\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkebackup.NewBackupPlanIamBinding(ctx, "binding", &gkebackup.BackupPlanIamBindingArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// Name: pulumi.Any(basic.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_backup\_backup\_plan\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkebackup.NewBackupPlanIamMember(ctx, "member", &gkebackup.BackupPlanIamMemberArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// Name: pulumi.Any(basic.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,15 +293,9 @@ type BackupPlanIamBinding struct { Etag pulumi.StringOutput `pulumi:"etag"` // The region of the Backup Plan. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -200,6 +305,11 @@ type BackupPlanIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format @@ -248,15 +358,9 @@ type backupPlanIamBindingState struct { Etag *string `pulumi:"etag"` // The region of the Backup Plan. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -266,6 +370,11 @@ type backupPlanIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format @@ -280,14 +389,8 @@ type BackupPlanIamBindingState struct { // The region of the Backup Plan. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +400,11 @@ type BackupPlanIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format @@ -312,15 +420,9 @@ type backupPlanIamBindingArgs struct { Condition *BackupPlanIamBindingCondition `pulumi:"condition"` // The region of the Backup Plan. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -330,6 +432,11 @@ type backupPlanIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format @@ -343,14 +450,8 @@ type BackupPlanIamBindingArgs struct { // The region of the Backup Plan. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -360,6 +461,11 @@ type BackupPlanIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format @@ -469,6 +575,17 @@ func (o BackupPlanIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *BackupPlanIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackupPlanIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *BackupPlanIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -480,18 +597,6 @@ func (o BackupPlanIamBindingOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackupPlanIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *BackupPlanIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/gkebackup/backupPlanIamMember.go b/sdk/go/gcp/gkebackup/backupPlanIamMember.go index 157f0d738e..9695086ff6 100644 --- a/sdk/go/gcp/gkebackup/backupPlanIamMember.go +++ b/sdk/go/gcp/gkebackup/backupPlanIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_gke\_backup\_backup\_plan\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = gkebackup.NewBackupPlanIamPolicy(ctx, "policy", &gkebackup.BackupPlanIamPolicyArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// Name: pulumi.Any(basic.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_backup\_backup\_plan\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkebackup.NewBackupPlanIamBinding(ctx, "binding", &gkebackup.BackupPlanIamBindingArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// Name: pulumi.Any(basic.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_backup\_backup\_plan\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkebackup.NewBackupPlanIamMember(ctx, "member", &gkebackup.BackupPlanIamMemberArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// Name: pulumi.Any(basic.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,14 +294,8 @@ type BackupPlanIamMember struct { // The region of the Backup Plan. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -200,6 +305,11 @@ type BackupPlanIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format @@ -249,14 +359,8 @@ type backupPlanIamMemberState struct { // The region of the Backup Plan. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -266,6 +370,11 @@ type backupPlanIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format @@ -280,14 +389,8 @@ type BackupPlanIamMemberState struct { // The region of the Backup Plan. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +400,11 @@ type BackupPlanIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format @@ -313,14 +421,8 @@ type backupPlanIamMemberArgs struct { // The region of the Backup Plan. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -330,6 +432,11 @@ type backupPlanIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format @@ -343,14 +450,8 @@ type BackupPlanIamMemberArgs struct { // The region of the Backup Plan. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -360,6 +461,11 @@ type BackupPlanIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format @@ -469,6 +575,17 @@ func (o BackupPlanIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *BackupPlanIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackupPlanIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *BackupPlanIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -480,18 +597,6 @@ func (o BackupPlanIamMemberOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackupPlanIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *BackupPlanIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/gkebackup/backupPlanIamPolicy.go b/sdk/go/gcp/gkebackup/backupPlanIamPolicy.go index ba0f379137..c48e7621c1 100644 --- a/sdk/go/gcp/gkebackup/backupPlanIamPolicy.go +++ b/sdk/go/gcp/gkebackup/backupPlanIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_gke\_backup\_backup\_plan\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = gkebackup.NewBackupPlanIamPolicy(ctx, "policy", &gkebackup.BackupPlanIamPolicyArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// Name: pulumi.Any(basic.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_backup\_backup\_plan\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkebackup.NewBackupPlanIamBinding(ctx, "binding", &gkebackup.BackupPlanIamBindingArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// Name: pulumi.Any(basic.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_backup\_backup\_plan\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkebackup" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkebackup.NewBackupPlanIamMember(ctx, "member", &gkebackup.BackupPlanIamMemberArgs{ +// Project: pulumi.Any(basic.Project), +// Location: pulumi.Any(basic.Location), +// Name: pulumi.Any(basic.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -189,18 +300,6 @@ type BackupPlanIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -249,18 +348,6 @@ type backupPlanIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -277,18 +364,6 @@ type BackupPlanIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -307,18 +382,6 @@ type backupPlanIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -334,18 +397,6 @@ type BackupPlanIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -460,18 +511,6 @@ func (o BackupPlanIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BackupPlanIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *BackupPlanIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/gkehub/featureIamBinding.go b/sdk/go/gcp/gkehub/featureIamBinding.go index 1c3758b396..9b1bc3e3de 100644 --- a/sdk/go/gcp/gkehub/featureIamBinding.go +++ b/sdk/go/gcp/gkehub/featureIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_gke\_hub\_feature\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = gkehub.NewFeatureIamPolicy(ctx, "policy", &gkehub.FeatureIamPolicyArgs{ +// Project: pulumi.Any(feature.Project), +// Location: pulumi.Any(feature.Location), +// Name: pulumi.Any(feature.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_feature\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewFeatureIamBinding(ctx, "binding", &gkehub.FeatureIamBindingArgs{ +// Project: pulumi.Any(feature.Project), +// Location: pulumi.Any(feature.Location), +// Name: pulumi.Any(feature.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_feature\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewFeatureIamMember(ctx, "member", &gkehub.FeatureIamMemberArgs{ +// Project: pulumi.Any(feature.Project), +// Location: pulumi.Any(feature.Location), +// Name: pulumi.Any(feature.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,15 +292,9 @@ type FeatureIamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The location for the resource Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +304,11 @@ type FeatureIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format @@ -246,15 +356,9 @@ type featureIamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // The location for the resource Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +368,11 @@ type featureIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format @@ -277,14 +386,8 @@ type FeatureIamBindingState struct { Etag pulumi.StringPtrInput // The location for the resource Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +397,11 @@ type FeatureIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format @@ -308,15 +416,9 @@ func (FeatureIamBindingState) ElementType() reflect.Type { type featureIamBindingArgs struct { Condition *FeatureIamBindingCondition `pulumi:"condition"` // The location for the resource Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +428,11 @@ type featureIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format @@ -338,14 +445,8 @@ type FeatureIamBindingArgs struct { Condition FeatureIamBindingConditionPtrInput // The location for the resource Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -355,6 +456,11 @@ type FeatureIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format @@ -463,6 +569,17 @@ func (o FeatureIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *FeatureIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FeatureIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *FeatureIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -474,18 +591,6 @@ func (o FeatureIamBindingOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FeatureIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *FeatureIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/gkehub/featureIamMember.go b/sdk/go/gcp/gkehub/featureIamMember.go index a6a64e7c9f..a010f573e8 100644 --- a/sdk/go/gcp/gkehub/featureIamMember.go +++ b/sdk/go/gcp/gkehub/featureIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_gke\_hub\_feature\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = gkehub.NewFeatureIamPolicy(ctx, "policy", &gkehub.FeatureIamPolicyArgs{ +// Project: pulumi.Any(feature.Project), +// Location: pulumi.Any(feature.Location), +// Name: pulumi.Any(feature.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_feature\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewFeatureIamBinding(ctx, "binding", &gkehub.FeatureIamBindingArgs{ +// Project: pulumi.Any(feature.Project), +// Location: pulumi.Any(feature.Location), +// Name: pulumi.Any(feature.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_feature\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewFeatureIamMember(ctx, "member", &gkehub.FeatureIamMemberArgs{ +// Project: pulumi.Any(feature.Project), +// Location: pulumi.Any(feature.Location), +// Name: pulumi.Any(feature.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,14 +293,8 @@ type FeatureIamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // The location for the resource Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringOutput `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +304,11 @@ type FeatureIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringOutput `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format @@ -247,14 +357,8 @@ type featureIamMemberState struct { Etag *string `pulumi:"etag"` // The location for the resource Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +368,11 @@ type featureIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format @@ -277,14 +386,8 @@ type FeatureIamMemberState struct { Etag pulumi.StringPtrInput // The location for the resource Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +397,11 @@ type FeatureIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format @@ -309,14 +417,8 @@ type featureIamMemberArgs struct { Condition *FeatureIamMemberCondition `pulumi:"condition"` // The location for the resource Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - Name *string `pulumi:"name"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +428,11 @@ type featureIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to + Name *string `pulumi:"name"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format @@ -338,14 +445,8 @@ type FeatureIamMemberArgs struct { Condition FeatureIamMemberConditionPtrInput // The location for the resource Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - Name pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -355,6 +456,11 @@ type FeatureIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to + Name pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format @@ -463,6 +569,17 @@ func (o FeatureIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *FeatureIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FeatureIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *FeatureIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -474,18 +591,6 @@ func (o FeatureIamMemberOutput) Name() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FeatureIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *FeatureIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/gkehub/featureIamPolicy.go b/sdk/go/gcp/gkehub/featureIamPolicy.go index b5ce395343..de8ab2e955 100644 --- a/sdk/go/gcp/gkehub/featureIamPolicy.go +++ b/sdk/go/gcp/gkehub/featureIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_gke\_hub\_feature\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = gkehub.NewFeatureIamPolicy(ctx, "policy", &gkehub.FeatureIamPolicyArgs{ +// Project: pulumi.Any(feature.Project), +// Location: pulumi.Any(feature.Location), +// Name: pulumi.Any(feature.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_feature\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewFeatureIamBinding(ctx, "binding", &gkehub.FeatureIamBindingArgs{ +// Project: pulumi.Any(feature.Project), +// Location: pulumi.Any(feature.Location), +// Name: pulumi.Any(feature.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_feature\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewFeatureIamMember(ctx, "member", &gkehub.FeatureIamMemberArgs{ +// Project: pulumi.Any(feature.Project), +// Location: pulumi.Any(feature.Location), +// Name: pulumi.Any(feature.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -188,18 +299,6 @@ type FeatureIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -247,18 +346,6 @@ type featureIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -274,18 +361,6 @@ type FeatureIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -303,18 +378,6 @@ type featureIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -329,18 +392,6 @@ type FeatureIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -454,18 +505,6 @@ func (o FeatureIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o FeatureIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *FeatureIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/gkehub/membershipIamBinding.go b/sdk/go/gcp/gkehub/membershipIamBinding.go index 2b1fe72216..d381fdc7c6 100644 --- a/sdk/go/gcp/gkehub/membershipIamBinding.go +++ b/sdk/go/gcp/gkehub/membershipIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_gke\_hub\_membership\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = gkehub.NewMembershipIamPolicy(ctx, "policy", &gkehub.MembershipIamPolicyArgs{ +// Project: pulumi.Any(membership.Project), +// Location: pulumi.Any(membership.Location), +// MembershipId: pulumi.Any(membership.MembershipId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_membership\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewMembershipIamBinding(ctx, "binding", &gkehub.MembershipIamBindingArgs{ +// Project: pulumi.Any(membership.Project), +// Location: pulumi.Any(membership.Location), +// MembershipId: pulumi.Any(membership.MembershipId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_membership\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewMembershipIamMember(ctx, "member", &gkehub.MembershipIamMemberArgs{ +// Project: pulumi.Any(membership.Project), +// Location: pulumi.Any(membership.Location), +// MembershipId: pulumi.Any(membership.MembershipId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,14 +294,9 @@ type MembershipIamBinding struct { // Location of the membership. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - MembershipId pulumi.StringOutput `pulumi:"membershipId"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -200,6 +306,10 @@ type MembershipIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + MembershipId pulumi.StringOutput `pulumi:"membershipId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format @@ -252,14 +362,9 @@ type membershipIamBindingState struct { // Location of the membership. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - MembershipId *string `pulumi:"membershipId"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,6 +374,10 @@ type membershipIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + MembershipId *string `pulumi:"membershipId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format @@ -283,14 +392,9 @@ type MembershipIamBindingState struct { // Location of the membership. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - MembershipId pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -300,6 +404,10 @@ type MembershipIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + MembershipId pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format @@ -316,14 +424,9 @@ type membershipIamBindingArgs struct { // Location of the membership. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - MembershipId string `pulumi:"membershipId"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -333,6 +436,10 @@ type membershipIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + MembershipId string `pulumi:"membershipId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format @@ -346,14 +453,9 @@ type MembershipIamBindingArgs struct { // Location of the membership. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - MembershipId pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -363,6 +465,10 @@ type MembershipIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + MembershipId pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format @@ -473,6 +579,17 @@ func (o MembershipIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *MembershipIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MembershipIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *MembershipIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -483,18 +600,6 @@ func (o MembershipIamBindingOutput) MembershipId() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MembershipIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *MembershipIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/gkehub/membershipIamMember.go b/sdk/go/gcp/gkehub/membershipIamMember.go index d499b2b274..3400247130 100644 --- a/sdk/go/gcp/gkehub/membershipIamMember.go +++ b/sdk/go/gcp/gkehub/membershipIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_gke\_hub\_membership\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = gkehub.NewMembershipIamPolicy(ctx, "policy", &gkehub.MembershipIamPolicyArgs{ +// Project: pulumi.Any(membership.Project), +// Location: pulumi.Any(membership.Location), +// MembershipId: pulumi.Any(membership.MembershipId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_membership\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewMembershipIamBinding(ctx, "binding", &gkehub.MembershipIamBindingArgs{ +// Project: pulumi.Any(membership.Project), +// Location: pulumi.Any(membership.Location), +// MembershipId: pulumi.Any(membership.MembershipId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_membership\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewMembershipIamMember(ctx, "member", &gkehub.MembershipIamMemberArgs{ +// Project: pulumi.Any(membership.Project), +// Location: pulumi.Any(membership.Location), +// MembershipId: pulumi.Any(membership.MembershipId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,14 +294,9 @@ type MembershipIamMember struct { // Location of the membership. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - MembershipId pulumi.StringOutput `pulumi:"membershipId"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -200,6 +306,10 @@ type MembershipIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + MembershipId pulumi.StringOutput `pulumi:"membershipId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format @@ -252,14 +362,9 @@ type membershipIamMemberState struct { // Location of the membership. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - MembershipId *string `pulumi:"membershipId"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,6 +374,10 @@ type membershipIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + MembershipId *string `pulumi:"membershipId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format @@ -283,14 +392,9 @@ type MembershipIamMemberState struct { // Location of the membership. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - MembershipId pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -300,6 +404,10 @@ type MembershipIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + MembershipId pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format @@ -316,14 +424,9 @@ type membershipIamMemberArgs struct { // Location of the membership. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Member string `pulumi:"member"` - MembershipId string `pulumi:"membershipId"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -333,6 +436,10 @@ type membershipIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + MembershipId string `pulumi:"membershipId"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format @@ -346,14 +453,9 @@ type MembershipIamMemberArgs struct { // Location of the membership. // The default value is `global`. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringPtrInput - Member pulumi.StringInput - MembershipId pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -363,6 +465,10 @@ type MembershipIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + MembershipId pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format @@ -473,6 +579,17 @@ func (o MembershipIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *MembershipIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MembershipIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *MembershipIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -483,18 +600,6 @@ func (o MembershipIamMemberOutput) MembershipId() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MembershipIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *MembershipIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/gkehub/membershipIamPolicy.go b/sdk/go/gcp/gkehub/membershipIamPolicy.go index 6ba061eb37..0c3ab1f976 100644 --- a/sdk/go/gcp/gkehub/membershipIamPolicy.go +++ b/sdk/go/gcp/gkehub/membershipIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_gke\_hub\_membership\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = gkehub.NewMembershipIamPolicy(ctx, "policy", &gkehub.MembershipIamPolicyArgs{ +// Project: pulumi.Any(membership.Project), +// Location: pulumi.Any(membership.Location), +// MembershipId: pulumi.Any(membership.MembershipId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_membership\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewMembershipIamBinding(ctx, "binding", &gkehub.MembershipIamBindingArgs{ +// Project: pulumi.Any(membership.Project), +// Location: pulumi.Any(membership.Location), +// MembershipId: pulumi.Any(membership.MembershipId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_membership\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewMembershipIamMember(ctx, "member", &gkehub.MembershipIamMemberArgs{ +// Project: pulumi.Any(membership.Project), +// Location: pulumi.Any(membership.Location), +// MembershipId: pulumi.Any(membership.MembershipId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -189,18 +300,6 @@ type MembershipIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -252,18 +351,6 @@ type membershipIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -280,18 +367,6 @@ type MembershipIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -310,18 +385,6 @@ type membershipIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -337,18 +400,6 @@ type MembershipIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -463,18 +514,6 @@ func (o MembershipIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o MembershipIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *MembershipIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/gkehub/scopeIamBinding.go b/sdk/go/gcp/gkehub/scopeIamBinding.go index 4563761ae0..b96b5d853a 100644 --- a/sdk/go/gcp/gkehub/scopeIamBinding.go +++ b/sdk/go/gcp/gkehub/scopeIamBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_gke\_hub\_scope\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = gkehub.NewScopeIamPolicy(ctx, "policy", &gkehub.ScopeIamPolicyArgs{ +// Project: pulumi.Any(scope.Project), +// ScopeId: pulumi.Any(scope.ScopeId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_scope\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewScopeIamBinding(ctx, "binding", &gkehub.ScopeIamBindingArgs{ +// Project: pulumi.Any(scope.Project), +// ScopeId: pulumi.Any(scope.ScopeId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_scope\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewScopeIamMember(ctx, "member", &gkehub.ScopeIamMemberArgs{ +// Project: pulumi.Any(scope.Project), +// ScopeId: pulumi.Any(scope.ScopeId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,13 +282,9 @@ type ScopeIamBinding struct { Condition ScopeIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,6 +294,9 @@ type ScopeIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format @@ -239,13 +346,9 @@ func GetScopeIamBinding(ctx *pulumi.Context, type scopeIamBindingState struct { Condition *ScopeIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,6 +358,9 @@ type scopeIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format @@ -266,13 +372,9 @@ type scopeIamBindingState struct { type ScopeIamBindingState struct { Condition ScopeIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -282,6 +384,9 @@ type ScopeIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format @@ -296,12 +401,8 @@ func (ScopeIamBindingState) ElementType() reflect.Type { type scopeIamBindingArgs struct { Condition *ScopeIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -311,6 +412,9 @@ type scopeIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format @@ -322,12 +426,8 @@ type scopeIamBindingArgs struct { // The set of arguments for constructing a ScopeIamBinding resource. type ScopeIamBindingArgs struct { Condition ScopeIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -337,6 +437,9 @@ type ScopeIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format @@ -441,24 +544,23 @@ func (o ScopeIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ScopeIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ScopeIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ScopeIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ScopeIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ScopeIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/gkehub/scopeIamMember.go b/sdk/go/gcp/gkehub/scopeIamMember.go index 03eb3dc2bc..dbbd45d69b 100644 --- a/sdk/go/gcp/gkehub/scopeIamMember.go +++ b/sdk/go/gcp/gkehub/scopeIamMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_gke\_hub\_scope\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = gkehub.NewScopeIamPolicy(ctx, "policy", &gkehub.ScopeIamPolicyArgs{ +// Project: pulumi.Any(scope.Project), +// ScopeId: pulumi.Any(scope.ScopeId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_scope\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewScopeIamBinding(ctx, "binding", &gkehub.ScopeIamBindingArgs{ +// Project: pulumi.Any(scope.Project), +// ScopeId: pulumi.Any(scope.ScopeId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_scope\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewScopeIamMember(ctx, "member", &gkehub.ScopeIamMemberArgs{ +// Project: pulumi.Any(scope.Project), +// ScopeId: pulumi.Any(scope.ScopeId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,13 +282,9 @@ type ScopeIamMember struct { Condition ScopeIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,6 +294,9 @@ type ScopeIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format @@ -239,13 +346,9 @@ func GetScopeIamMember(ctx *pulumi.Context, type scopeIamMemberState struct { Condition *ScopeIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,6 +358,9 @@ type scopeIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format @@ -266,13 +372,9 @@ type scopeIamMemberState struct { type ScopeIamMemberState struct { Condition ScopeIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -282,6 +384,9 @@ type ScopeIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format @@ -296,12 +401,8 @@ func (ScopeIamMemberState) ElementType() reflect.Type { type scopeIamMemberArgs struct { Condition *ScopeIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -311,6 +412,9 @@ type scopeIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format @@ -322,12 +426,8 @@ type scopeIamMemberArgs struct { // The set of arguments for constructing a ScopeIamMember resource. type ScopeIamMemberArgs struct { Condition ScopeIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -337,6 +437,9 @@ type ScopeIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format @@ -441,24 +544,23 @@ func (o ScopeIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ScopeIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ScopeIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ScopeIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ScopeIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ScopeIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/gkehub/scopeIamPolicy.go b/sdk/go/gcp/gkehub/scopeIamPolicy.go index 8dd96a7552..9494fd1196 100644 --- a/sdk/go/gcp/gkehub/scopeIamPolicy.go +++ b/sdk/go/gcp/gkehub/scopeIamPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_gke\_hub\_scope\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = gkehub.NewScopeIamPolicy(ctx, "policy", &gkehub.ScopeIamPolicyArgs{ +// Project: pulumi.Any(scope.Project), +// ScopeId: pulumi.Any(scope.ScopeId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_scope\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewScopeIamBinding(ctx, "binding", &gkehub.ScopeIamBindingArgs{ +// Project: pulumi.Any(scope.Project), +// ScopeId: pulumi.Any(scope.ScopeId), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_gke\_hub\_scope\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/gkehub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := gkehub.NewScopeIamMember(ctx, "member", &gkehub.ScopeIamMemberArgs{ +// Project: pulumi.Any(scope.Project), +// ScopeId: pulumi.Any(scope.ScopeId), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -179,18 +287,6 @@ type ScopeIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` ScopeId pulumi.StringOutput `pulumi:"scopeId"` } @@ -238,18 +334,6 @@ type scopeIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` ScopeId *string `pulumi:"scopeId"` } @@ -262,18 +346,6 @@ type ScopeIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput ScopeId pulumi.StringPtrInput } @@ -288,18 +360,6 @@ type scopeIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` ScopeId string `pulumi:"scopeId"` } @@ -311,18 +371,6 @@ type ScopeIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput ScopeId pulumi.StringInput } @@ -427,18 +475,6 @@ func (o ScopeIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ScopeIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ScopeIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/healthcare/consentStoreIamBinding.go b/sdk/go/gcp/healthcare/consentStoreIamBinding.go index cea0acb046..eedd05c91b 100644 --- a/sdk/go/gcp/healthcare/consentStoreIamBinding.go +++ b/sdk/go/gcp/healthcare/consentStoreIamBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_healthcare\_consent\_store\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewConsentStoreIamPolicy(ctx, "policy", &healthcare.ConsentStoreIamPolicyArgs{ +// Dataset: pulumi.Any(my_consent.Dataset), +// ConsentStoreId: pulumi.Any(my_consent.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_consent\_store\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewConsentStoreIamBinding(ctx, "binding", &healthcare.ConsentStoreIamBindingArgs{ +// Dataset: pulumi.Any(my_consent.Dataset), +// ConsentStoreId: pulumi.Any(my_consent.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_consent\_store\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewConsentStoreIamMember(ctx, "member", &healthcare.ConsentStoreIamMemberArgs{ +// Dataset: pulumi.Any(my_consent.Dataset), +// ConsentStoreId: pulumi.Any(my_consent.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -176,9 +284,11 @@ type ConsentStoreIamBinding struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Dataset pulumi.StringOutput `pulumi:"dataset"` + // (Computed) The etag of the IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -188,9 +298,6 @@ type ConsentStoreIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Dataset pulumi.StringOutput `pulumi:"dataset"` - // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -246,9 +353,11 @@ type consentStoreIamBindingState struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Dataset *string `pulumi:"dataset"` + // (Computed) The etag of the IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,9 +367,6 @@ type consentStoreIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Dataset *string `pulumi:"dataset"` - // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` Members []string `pulumi:"members"` // The role that should be applied. Only one // `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -275,9 +381,11 @@ type ConsentStoreIamBindingState struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Dataset pulumi.StringPtrInput + // (Computed) The etag of the IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -287,9 +395,6 @@ type ConsentStoreIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Dataset pulumi.StringPtrInput - // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The role that should be applied. Only one // `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -308,9 +413,9 @@ type consentStoreIamBindingArgs struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Dataset string `pulumi:"dataset"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -320,7 +425,6 @@ type consentStoreIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Dataset string `pulumi:"dataset"` Members []string `pulumi:"members"` // The role that should be applied. Only one // `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -336,9 +440,9 @@ type ConsentStoreIamBindingArgs struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Dataset pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -348,7 +452,6 @@ type ConsentStoreIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Dataset pulumi.StringInput Members pulumi.StringArrayInput // The role that should be applied. Only one // `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -455,18 +558,6 @@ func (o ConsentStoreIamBindingOutput) ConsentStoreId() pulumi.StringOutput { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConsentStoreIamBindingOutput) Dataset() pulumi.StringOutput { return o.ApplyT(func(v *ConsentStoreIamBinding) pulumi.StringOutput { return v.Dataset }).(pulumi.StringOutput) } @@ -476,6 +567,17 @@ func (o ConsentStoreIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ConsentStoreIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConsentStoreIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ConsentStoreIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/healthcare/consentStoreIamMember.go b/sdk/go/gcp/healthcare/consentStoreIamMember.go index f09551a17f..7a70c90d61 100644 --- a/sdk/go/gcp/healthcare/consentStoreIamMember.go +++ b/sdk/go/gcp/healthcare/consentStoreIamMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_healthcare\_consent\_store\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewConsentStoreIamPolicy(ctx, "policy", &healthcare.ConsentStoreIamPolicyArgs{ +// Dataset: pulumi.Any(my_consent.Dataset), +// ConsentStoreId: pulumi.Any(my_consent.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_consent\_store\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewConsentStoreIamBinding(ctx, "binding", &healthcare.ConsentStoreIamBindingArgs{ +// Dataset: pulumi.Any(my_consent.Dataset), +// ConsentStoreId: pulumi.Any(my_consent.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_consent\_store\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewConsentStoreIamMember(ctx, "member", &healthcare.ConsentStoreIamMemberArgs{ +// Dataset: pulumi.Any(my_consent.Dataset), +// ConsentStoreId: pulumi.Any(my_consent.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -176,9 +284,11 @@ type ConsentStoreIamMember struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Dataset pulumi.StringOutput `pulumi:"dataset"` + // (Computed) The etag of the IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -188,9 +298,6 @@ type ConsentStoreIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Dataset pulumi.StringOutput `pulumi:"dataset"` - // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -246,9 +353,11 @@ type consentStoreIamMemberState struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Dataset *string `pulumi:"dataset"` + // (Computed) The etag of the IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,9 +367,6 @@ type consentStoreIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Dataset *string `pulumi:"dataset"` - // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` Member *string `pulumi:"member"` // The role that should be applied. Only one // `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -275,9 +381,11 @@ type ConsentStoreIamMemberState struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Dataset pulumi.StringPtrInput + // (Computed) The etag of the IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -287,9 +395,6 @@ type ConsentStoreIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Dataset pulumi.StringPtrInput - // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The role that should be applied. Only one // `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -308,9 +413,9 @@ type consentStoreIamMemberArgs struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Dataset string `pulumi:"dataset"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -320,8 +425,7 @@ type consentStoreIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Dataset string `pulumi:"dataset"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The role that should be applied. Only one // `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -336,9 +440,9 @@ type ConsentStoreIamMemberArgs struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Dataset pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -348,8 +452,7 @@ type ConsentStoreIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Dataset pulumi.StringInput - Member pulumi.StringInput + Member pulumi.StringInput // The role that should be applied. Only one // `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -455,18 +558,6 @@ func (o ConsentStoreIamMemberOutput) ConsentStoreId() pulumi.StringOutput { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConsentStoreIamMemberOutput) Dataset() pulumi.StringOutput { return o.ApplyT(func(v *ConsentStoreIamMember) pulumi.StringOutput { return v.Dataset }).(pulumi.StringOutput) } @@ -476,6 +567,17 @@ func (o ConsentStoreIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ConsentStoreIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConsentStoreIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ConsentStoreIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/healthcare/consentStoreIamPolicy.go b/sdk/go/gcp/healthcare/consentStoreIamPolicy.go index 0bd5ad4fd0..4872aa4aef 100644 --- a/sdk/go/gcp/healthcare/consentStoreIamPolicy.go +++ b/sdk/go/gcp/healthcare/consentStoreIamPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_healthcare\_consent\_store\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewConsentStoreIamPolicy(ctx, "policy", &healthcare.ConsentStoreIamPolicyArgs{ +// Dataset: pulumi.Any(my_consent.Dataset), +// ConsentStoreId: pulumi.Any(my_consent.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_consent\_store\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewConsentStoreIamBinding(ctx, "binding", &healthcare.ConsentStoreIamBindingArgs{ +// Dataset: pulumi.Any(my_consent.Dataset), +// ConsentStoreId: pulumi.Any(my_consent.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_consent\_store\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewConsentStoreIamMember(ctx, "member", &healthcare.ConsentStoreIamMemberArgs{ +// Dataset: pulumi.Any(my_consent.Dataset), +// ConsentStoreId: pulumi.Any(my_consent.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -175,18 +283,6 @@ type ConsentStoreIamPolicy struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Dataset pulumi.StringOutput `pulumi:"dataset"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` @@ -239,18 +335,6 @@ type consentStoreIamPolicyState struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Dataset *string `pulumi:"dataset"` // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` @@ -265,18 +349,6 @@ type ConsentStoreIamPolicyState struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Dataset pulumi.StringPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput @@ -295,18 +367,6 @@ type consentStoreIamPolicyArgs struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Dataset string `pulumi:"dataset"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -320,18 +380,6 @@ type ConsentStoreIamPolicyArgs struct { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Dataset pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -433,18 +481,6 @@ func (o ConsentStoreIamPolicyOutput) ConsentStoreId() pulumi.StringOutput { // Identifies the dataset addressed by this request. Must be in the format // 'projects/{project}/locations/{location}/datasets/{dataset}' // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConsentStoreIamPolicyOutput) Dataset() pulumi.StringOutput { return o.ApplyT(func(v *ConsentStoreIamPolicy) pulumi.StringOutput { return v.Dataset }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/healthcare/datasetIamBinding.go b/sdk/go/gcp/healthcare/datasetIamBinding.go index e8f2d2f503..f36e9f3210 100644 --- a/sdk/go/gcp/healthcare/datasetIamBinding.go +++ b/sdk/go/gcp/healthcare/datasetIamBinding.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_healthcare\_dataset\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewDatasetIamPolicy(ctx, "dataset", &healthcare.DatasetIamPolicyArgs{ +// DatasetId: pulumi.String("your-dataset-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_dataset\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewDatasetIamBinding(ctx, "dataset", &healthcare.DatasetIamBindingArgs{ +// DatasetId: pulumi.String("your-dataset-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_dataset\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewDatasetIamMember(ctx, "dataset", &healthcare.DatasetIamMemberArgs{ +// DatasetId: pulumi.String("your-dataset-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -160,18 +265,17 @@ type DatasetIamBinding struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId pulumi.StringOutput `pulumi:"datasetId"` + // (Computed) The etag of the dataset's IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DatasetId pulumi.StringOutput `pulumi:"datasetId"` - // (Computed) The etag of the dataset's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format @@ -223,18 +327,17 @@ type datasetIamBindingState struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId *string `pulumi:"datasetId"` + // (Computed) The etag of the dataset's IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DatasetId *string `pulumi:"datasetId"` - // (Computed) The etag of the dataset's IAM policy. - Etag *string `pulumi:"etag"` Members []string `pulumi:"members"` // The role that should be applied. Only one // `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format @@ -248,18 +351,17 @@ type DatasetIamBindingState struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId pulumi.StringPtrInput + // (Computed) The etag of the dataset's IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DatasetId pulumi.StringPtrInput - // (Computed) The etag of the dataset's IAM policy. - Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The role that should be applied. Only one // `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format @@ -277,17 +379,16 @@ type datasetIamBindingArgs struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId string `pulumi:"datasetId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DatasetId string `pulumi:"datasetId"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Only one // `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -301,17 +402,16 @@ type DatasetIamBindingArgs struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DatasetId pulumi.StringInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Only one // `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -413,15 +513,6 @@ func (o DatasetIamBindingOutput) Condition() DatasetIamBindingConditionPtrOutput // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DatasetIamBindingOutput) DatasetId() pulumi.StringOutput { return o.ApplyT(func(v *DatasetIamBinding) pulumi.StringOutput { return v.DatasetId }).(pulumi.StringOutput) } @@ -431,6 +522,14 @@ func (o DatasetIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *DatasetIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DatasetIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *DatasetIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/healthcare/datasetIamMember.go b/sdk/go/gcp/healthcare/datasetIamMember.go index 7962ddcabe..e700d2d7c0 100644 --- a/sdk/go/gcp/healthcare/datasetIamMember.go +++ b/sdk/go/gcp/healthcare/datasetIamMember.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_healthcare\_dataset\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewDatasetIamPolicy(ctx, "dataset", &healthcare.DatasetIamPolicyArgs{ +// DatasetId: pulumi.String("your-dataset-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_dataset\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewDatasetIamBinding(ctx, "dataset", &healthcare.DatasetIamBindingArgs{ +// DatasetId: pulumi.String("your-dataset-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_dataset\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewDatasetIamMember(ctx, "dataset", &healthcare.DatasetIamMemberArgs{ +// DatasetId: pulumi.String("your-dataset-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -160,18 +265,17 @@ type DatasetIamMember struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId pulumi.StringOutput `pulumi:"datasetId"` + // (Computed) The etag of the dataset's IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DatasetId pulumi.StringOutput `pulumi:"datasetId"` - // (Computed) The etag of the dataset's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format @@ -223,18 +327,17 @@ type datasetIamMemberState struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId *string `pulumi:"datasetId"` + // (Computed) The etag of the dataset's IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DatasetId *string `pulumi:"datasetId"` - // (Computed) The etag of the dataset's IAM policy. - Etag *string `pulumi:"etag"` Member *string `pulumi:"member"` // The role that should be applied. Only one // `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format @@ -248,18 +351,17 @@ type DatasetIamMemberState struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId pulumi.StringPtrInput + // (Computed) The etag of the dataset's IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DatasetId pulumi.StringPtrInput - // (Computed) The etag of the dataset's IAM policy. - Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The role that should be applied. Only one // `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format @@ -277,17 +379,16 @@ type datasetIamMemberArgs struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId string `pulumi:"datasetId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DatasetId string `pulumi:"datasetId"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The role that should be applied. Only one // `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -301,17 +402,16 @@ type DatasetIamMemberArgs struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DatasetId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DatasetId pulumi.StringInput - Member pulumi.StringInput + Member pulumi.StringInput // The role that should be applied. Only one // `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -413,15 +513,6 @@ func (o DatasetIamMemberOutput) Condition() DatasetIamMemberConditionPtrOutput { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DatasetIamMemberOutput) DatasetId() pulumi.StringOutput { return o.ApplyT(func(v *DatasetIamMember) pulumi.StringOutput { return v.DatasetId }).(pulumi.StringOutput) } @@ -431,6 +522,14 @@ func (o DatasetIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *DatasetIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DatasetIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *DatasetIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/healthcare/datasetIamPolicy.go b/sdk/go/gcp/healthcare/datasetIamPolicy.go index 7d9afb2d56..9704ae585c 100644 --- a/sdk/go/gcp/healthcare/datasetIamPolicy.go +++ b/sdk/go/gcp/healthcare/datasetIamPolicy.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_healthcare\_dataset\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewDatasetIamPolicy(ctx, "dataset", &healthcare.DatasetIamPolicyArgs{ +// DatasetId: pulumi.String("your-dataset-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_dataset\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewDatasetIamBinding(ctx, "dataset", &healthcare.DatasetIamBindingArgs{ +// DatasetId: pulumi.String("your-dataset-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_dataset\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewDatasetIamMember(ctx, "dataset", &healthcare.DatasetIamMemberArgs{ +// DatasetId: pulumi.String("your-dataset-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -159,15 +264,6 @@ type DatasetIamPolicy struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. DatasetId pulumi.StringOutput `pulumi:"datasetId"` // (Computed) The etag of the dataset's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` @@ -216,15 +312,6 @@ type datasetIamPolicyState struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. DatasetId *string `pulumi:"datasetId"` // (Computed) The etag of the dataset's IAM policy. Etag *string `pulumi:"etag"` @@ -238,15 +325,6 @@ type DatasetIamPolicyState struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. DatasetId pulumi.StringPtrInput // (Computed) The etag of the dataset's IAM policy. Etag pulumi.StringPtrInput @@ -264,15 +342,6 @@ type datasetIamPolicyArgs struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. DatasetId string `pulumi:"datasetId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -285,15 +354,6 @@ type DatasetIamPolicyArgs struct { // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. DatasetId pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -391,15 +451,6 @@ func (o DatasetIamPolicyOutput) ToDatasetIamPolicyOutputWithContext(ctx context. // `{project_id}/{location_name}/{dataset_name}` or // `{location_name}/{dataset_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DatasetIamPolicyOutput) DatasetId() pulumi.StringOutput { return o.ApplyT(func(v *DatasetIamPolicy) pulumi.StringOutput { return v.DatasetId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/healthcare/dicomStoreIamBinding.go b/sdk/go/gcp/healthcare/dicomStoreIamBinding.go index 64d28a890b..c242d2c4ef 100644 --- a/sdk/go/gcp/healthcare/dicomStoreIamBinding.go +++ b/sdk/go/gcp/healthcare/dicomStoreIamBinding.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_healthcare\_dicom\_store\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewDicomStoreIamPolicy(ctx, "dicom_store", &healthcare.DicomStoreIamPolicyArgs{ +// DicomStoreId: pulumi.String("your-dicom-store-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_dicom\_store\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewDicomStoreIamBinding(ctx, "dicom_store", &healthcare.DicomStoreIamBindingArgs{ +// DicomStoreId: pulumi.String("your-dicom-store-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_dicom\_store\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewDicomStoreIamMember(ctx, "dicom_store", &healthcare.DicomStoreIamMemberArgs{ +// DicomStoreId: pulumi.String("your-dicom-store-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -160,18 +265,17 @@ type DicomStoreIamBinding struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DicomStoreId pulumi.StringOutput `pulumi:"dicomStoreId"` + // (Computed) The etag of the DICOM store's IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DicomStoreId pulumi.StringOutput `pulumi:"dicomStoreId"` - // (Computed) The etag of the DICOM store's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -223,18 +327,17 @@ type dicomStoreIamBindingState struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DicomStoreId *string `pulumi:"dicomStoreId"` + // (Computed) The etag of the DICOM store's IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DicomStoreId *string `pulumi:"dicomStoreId"` - // (Computed) The etag of the DICOM store's IAM policy. - Etag *string `pulumi:"etag"` Members []string `pulumi:"members"` // The role that should be applied. Only one // `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -248,18 +351,17 @@ type DicomStoreIamBindingState struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DicomStoreId pulumi.StringPtrInput + // (Computed) The etag of the DICOM store's IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DicomStoreId pulumi.StringPtrInput - // (Computed) The etag of the DICOM store's IAM policy. - Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The role that should be applied. Only one // `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -277,17 +379,16 @@ type dicomStoreIamBindingArgs struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DicomStoreId string `pulumi:"dicomStoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DicomStoreId string `pulumi:"dicomStoreId"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Only one // `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -301,17 +402,16 @@ type DicomStoreIamBindingArgs struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DicomStoreId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DicomStoreId pulumi.StringInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Only one // `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -413,15 +513,6 @@ func (o DicomStoreIamBindingOutput) Condition() DicomStoreIamBindingConditionPtr // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DicomStoreIamBindingOutput) DicomStoreId() pulumi.StringOutput { return o.ApplyT(func(v *DicomStoreIamBinding) pulumi.StringOutput { return v.DicomStoreId }).(pulumi.StringOutput) } @@ -431,6 +522,14 @@ func (o DicomStoreIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *DicomStoreIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DicomStoreIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *DicomStoreIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/healthcare/dicomStoreIamMember.go b/sdk/go/gcp/healthcare/dicomStoreIamMember.go index 2455200e08..89e1d9fd53 100644 --- a/sdk/go/gcp/healthcare/dicomStoreIamMember.go +++ b/sdk/go/gcp/healthcare/dicomStoreIamMember.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_healthcare\_dicom\_store\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewDicomStoreIamPolicy(ctx, "dicom_store", &healthcare.DicomStoreIamPolicyArgs{ +// DicomStoreId: pulumi.String("your-dicom-store-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_dicom\_store\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewDicomStoreIamBinding(ctx, "dicom_store", &healthcare.DicomStoreIamBindingArgs{ +// DicomStoreId: pulumi.String("your-dicom-store-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_dicom\_store\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewDicomStoreIamMember(ctx, "dicom_store", &healthcare.DicomStoreIamMemberArgs{ +// DicomStoreId: pulumi.String("your-dicom-store-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -160,18 +265,17 @@ type DicomStoreIamMember struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DicomStoreId pulumi.StringOutput `pulumi:"dicomStoreId"` + // (Computed) The etag of the DICOM store's IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DicomStoreId pulumi.StringOutput `pulumi:"dicomStoreId"` - // (Computed) The etag of the DICOM store's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -223,18 +327,17 @@ type dicomStoreIamMemberState struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DicomStoreId *string `pulumi:"dicomStoreId"` + // (Computed) The etag of the DICOM store's IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DicomStoreId *string `pulumi:"dicomStoreId"` - // (Computed) The etag of the DICOM store's IAM policy. - Etag *string `pulumi:"etag"` Member *string `pulumi:"member"` // The role that should be applied. Only one // `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -248,18 +351,17 @@ type DicomStoreIamMemberState struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DicomStoreId pulumi.StringPtrInput + // (Computed) The etag of the DICOM store's IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DicomStoreId pulumi.StringPtrInput - // (Computed) The etag of the DICOM store's IAM policy. - Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The role that should be applied. Only one // `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format @@ -277,17 +379,16 @@ type dicomStoreIamMemberArgs struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DicomStoreId string `pulumi:"dicomStoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DicomStoreId string `pulumi:"dicomStoreId"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The role that should be applied. Only one // `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -301,17 +402,16 @@ type DicomStoreIamMemberArgs struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + DicomStoreId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - DicomStoreId pulumi.StringInput - Member pulumi.StringInput + Member pulumi.StringInput // The role that should be applied. Only one // `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -413,15 +513,6 @@ func (o DicomStoreIamMemberOutput) Condition() DicomStoreIamMemberConditionPtrOu // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DicomStoreIamMemberOutput) DicomStoreId() pulumi.StringOutput { return o.ApplyT(func(v *DicomStoreIamMember) pulumi.StringOutput { return v.DicomStoreId }).(pulumi.StringOutput) } @@ -431,6 +522,14 @@ func (o DicomStoreIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *DicomStoreIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DicomStoreIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *DicomStoreIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/healthcare/dicomStoreIamPolicy.go b/sdk/go/gcp/healthcare/dicomStoreIamPolicy.go index 373945e4d2..df1914c8d7 100644 --- a/sdk/go/gcp/healthcare/dicomStoreIamPolicy.go +++ b/sdk/go/gcp/healthcare/dicomStoreIamPolicy.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_healthcare\_dicom\_store\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewDicomStoreIamPolicy(ctx, "dicom_store", &healthcare.DicomStoreIamPolicyArgs{ +// DicomStoreId: pulumi.String("your-dicom-store-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_dicom\_store\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewDicomStoreIamBinding(ctx, "dicom_store", &healthcare.DicomStoreIamBindingArgs{ +// DicomStoreId: pulumi.String("your-dicom-store-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_dicom\_store\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewDicomStoreIamMember(ctx, "dicom_store", &healthcare.DicomStoreIamMemberArgs{ +// DicomStoreId: pulumi.String("your-dicom-store-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -159,15 +264,6 @@ type DicomStoreIamPolicy struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. DicomStoreId pulumi.StringOutput `pulumi:"dicomStoreId"` // (Computed) The etag of the DICOM store's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` @@ -216,15 +312,6 @@ type dicomStoreIamPolicyState struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. DicomStoreId *string `pulumi:"dicomStoreId"` // (Computed) The etag of the DICOM store's IAM policy. Etag *string `pulumi:"etag"` @@ -238,15 +325,6 @@ type DicomStoreIamPolicyState struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. DicomStoreId pulumi.StringPtrInput // (Computed) The etag of the DICOM store's IAM policy. Etag pulumi.StringPtrInput @@ -264,15 +342,6 @@ type dicomStoreIamPolicyArgs struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. DicomStoreId string `pulumi:"dicomStoreId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -285,15 +354,6 @@ type DicomStoreIamPolicyArgs struct { // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. DicomStoreId pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -391,15 +451,6 @@ func (o DicomStoreIamPolicyOutput) ToDicomStoreIamPolicyOutputWithContext(ctx co // `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or // `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DicomStoreIamPolicyOutput) DicomStoreId() pulumi.StringOutput { return o.ApplyT(func(v *DicomStoreIamPolicy) pulumi.StringOutput { return v.DicomStoreId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/healthcare/fhirStoreIamBinding.go b/sdk/go/gcp/healthcare/fhirStoreIamBinding.go index c76b1c51a7..c0608e32d7 100644 --- a/sdk/go/gcp/healthcare/fhirStoreIamBinding.go +++ b/sdk/go/gcp/healthcare/fhirStoreIamBinding.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_healthcare\_fhir\_store\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewFhirStoreIamPolicy(ctx, "fhir_store", &healthcare.FhirStoreIamPolicyArgs{ +// FhirStoreId: pulumi.String("your-fhir-store-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_fhir\_store\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewFhirStoreIamBinding(ctx, "fhir_store", &healthcare.FhirStoreIamBindingArgs{ +// FhirStoreId: pulumi.String("your-fhir-store-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_fhir\_store\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewFhirStoreIamMember(ctx, "fhir_store", &healthcare.FhirStoreIamMemberArgs{ +// FhirStoreId: pulumi.String("your-fhir-store-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -162,17 +267,16 @@ type FhirStoreIamBinding struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + FhirStoreId pulumi.StringOutput `pulumi:"fhirStoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - FhirStoreId pulumi.StringOutput `pulumi:"fhirStoreId"` - Members pulumi.StringArrayOutput `pulumi:"members"` + Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `healthcare.FhirStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -225,17 +329,16 @@ type fhirStoreIamBindingState struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + FhirStoreId *string `pulumi:"fhirStoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - FhirStoreId *string `pulumi:"fhirStoreId"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Only one // `healthcare.FhirStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -250,17 +353,16 @@ type FhirStoreIamBindingState struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + FhirStoreId pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - FhirStoreId pulumi.StringPtrInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Only one // `healthcare.FhirStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -277,17 +379,16 @@ type fhirStoreIamBindingArgs struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + FhirStoreId string `pulumi:"fhirStoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - FhirStoreId string `pulumi:"fhirStoreId"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Only one // `healthcare.FhirStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -301,17 +402,16 @@ type FhirStoreIamBindingArgs struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + FhirStoreId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - FhirStoreId pulumi.StringInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Only one // `healthcare.FhirStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -418,19 +518,18 @@ func (o FhirStoreIamBindingOutput) Etag() pulumi.StringOutput { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o FhirStoreIamBindingOutput) FhirStoreId() pulumi.StringOutput { return o.ApplyT(func(v *FhirStoreIamBinding) pulumi.StringOutput { return v.FhirStoreId }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o FhirStoreIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *FhirStoreIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/healthcare/fhirStoreIamMember.go b/sdk/go/gcp/healthcare/fhirStoreIamMember.go index ae54ecda3f..3dc2e3ae47 100644 --- a/sdk/go/gcp/healthcare/fhirStoreIamMember.go +++ b/sdk/go/gcp/healthcare/fhirStoreIamMember.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_healthcare\_fhir\_store\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewFhirStoreIamPolicy(ctx, "fhir_store", &healthcare.FhirStoreIamPolicyArgs{ +// FhirStoreId: pulumi.String("your-fhir-store-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_fhir\_store\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewFhirStoreIamBinding(ctx, "fhir_store", &healthcare.FhirStoreIamBindingArgs{ +// FhirStoreId: pulumi.String("your-fhir-store-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_fhir\_store\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewFhirStoreIamMember(ctx, "fhir_store", &healthcare.FhirStoreIamMemberArgs{ +// FhirStoreId: pulumi.String("your-fhir-store-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -162,17 +267,16 @@ type FhirStoreIamMember struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + FhirStoreId pulumi.StringOutput `pulumi:"fhirStoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - FhirStoreId pulumi.StringOutput `pulumi:"fhirStoreId"` - Member pulumi.StringOutput `pulumi:"member"` + Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `healthcare.FhirStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -225,17 +329,16 @@ type fhirStoreIamMemberState struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + FhirStoreId *string `pulumi:"fhirStoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - FhirStoreId *string `pulumi:"fhirStoreId"` - Member *string `pulumi:"member"` + Member *string `pulumi:"member"` // The role that should be applied. Only one // `healthcare.FhirStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -250,17 +353,16 @@ type FhirStoreIamMemberState struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + FhirStoreId pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - FhirStoreId pulumi.StringPtrInput - Member pulumi.StringPtrInput + Member pulumi.StringPtrInput // The role that should be applied. Only one // `healthcare.FhirStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -277,17 +379,16 @@ type fhirStoreIamMemberArgs struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + FhirStoreId string `pulumi:"fhirStoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - FhirStoreId string `pulumi:"fhirStoreId"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The role that should be applied. Only one // `healthcare.FhirStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -301,17 +402,16 @@ type FhirStoreIamMemberArgs struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + FhirStoreId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - FhirStoreId pulumi.StringInput - Member pulumi.StringInput + Member pulumi.StringInput // The role that should be applied. Only one // `healthcare.FhirStoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -418,19 +518,18 @@ func (o FhirStoreIamMemberOutput) Etag() pulumi.StringOutput { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o FhirStoreIamMemberOutput) FhirStoreId() pulumi.StringOutput { return o.ApplyT(func(v *FhirStoreIamMember) pulumi.StringOutput { return v.FhirStoreId }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o FhirStoreIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *FhirStoreIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/healthcare/fhirStoreIamPolicy.go b/sdk/go/gcp/healthcare/fhirStoreIamPolicy.go index fe9a503aae..67ef2bb9dc 100644 --- a/sdk/go/gcp/healthcare/fhirStoreIamPolicy.go +++ b/sdk/go/gcp/healthcare/fhirStoreIamPolicy.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_healthcare\_fhir\_store\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewFhirStoreIamPolicy(ctx, "fhir_store", &healthcare.FhirStoreIamPolicyArgs{ +// FhirStoreId: pulumi.String("your-fhir-store-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_fhir\_store\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewFhirStoreIamBinding(ctx, "fhir_store", &healthcare.FhirStoreIamBindingArgs{ +// FhirStoreId: pulumi.String("your-fhir-store-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_fhir\_store\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewFhirStoreIamMember(ctx, "fhir_store", &healthcare.FhirStoreIamMemberArgs{ +// FhirStoreId: pulumi.String("your-fhir-store-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -161,15 +266,6 @@ type FhirStoreIamPolicy struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. FhirStoreId pulumi.StringOutput `pulumi:"fhirStoreId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -218,15 +314,6 @@ type fhirStoreIamPolicyState struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. FhirStoreId *string `pulumi:"fhirStoreId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -240,15 +327,6 @@ type FhirStoreIamPolicyState struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. FhirStoreId pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -264,15 +342,6 @@ type fhirStoreIamPolicyArgs struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. FhirStoreId string `pulumi:"fhirStoreId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -285,15 +354,6 @@ type FhirStoreIamPolicyArgs struct { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. FhirStoreId pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -396,15 +456,6 @@ func (o FhirStoreIamPolicyOutput) Etag() pulumi.StringOutput { // `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or // `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o FhirStoreIamPolicyOutput) FhirStoreId() pulumi.StringOutput { return o.ApplyT(func(v *FhirStoreIamPolicy) pulumi.StringOutput { return v.FhirStoreId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/healthcare/hl7StoreIamBinding.go b/sdk/go/gcp/healthcare/hl7StoreIamBinding.go index 23ddf9b5b6..85e8f36bdb 100644 --- a/sdk/go/gcp/healthcare/hl7StoreIamBinding.go +++ b/sdk/go/gcp/healthcare/hl7StoreIamBinding.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_healthcare\_hl7\_v2\_store\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewHl7StoreIamPolicy(ctx, "hl7_v2_store", &healthcare.Hl7StoreIamPolicyArgs{ +// Hl7V2StoreId: pulumi.String("your-hl7-v2-store-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_hl7\_v2\_store\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewHl7StoreIamBinding(ctx, "hl7_v2_store", &healthcare.Hl7StoreIamBindingArgs{ +// Hl7V2StoreId: pulumi.String("your-hl7-v2-store-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_hl7\_v2\_store\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewHl7StoreIamMember(ctx, "hl7_v2_store", &healthcare.Hl7StoreIamMemberArgs{ +// Hl7V2StoreId: pulumi.String("your-hl7-v2-store-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -162,17 +267,16 @@ type Hl7StoreIamBinding struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Hl7V2StoreId pulumi.StringOutput `pulumi:"hl7V2StoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Hl7V2StoreId pulumi.StringOutput `pulumi:"hl7V2StoreId"` - Members pulumi.StringArrayOutput `pulumi:"members"` + Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `healthcare.Hl7StoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -225,17 +329,16 @@ type hl7StoreIamBindingState struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Hl7V2StoreId *string `pulumi:"hl7V2StoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Hl7V2StoreId *string `pulumi:"hl7V2StoreId"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Only one // `healthcare.Hl7StoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -250,17 +353,16 @@ type Hl7StoreIamBindingState struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Hl7V2StoreId pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Hl7V2StoreId pulumi.StringPtrInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Only one // `healthcare.Hl7StoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -277,17 +379,16 @@ type hl7StoreIamBindingArgs struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Hl7V2StoreId string `pulumi:"hl7V2StoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Hl7V2StoreId string `pulumi:"hl7V2StoreId"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Only one // `healthcare.Hl7StoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -301,17 +402,16 @@ type Hl7StoreIamBindingArgs struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Hl7V2StoreId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Hl7V2StoreId pulumi.StringInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Only one // `healthcare.Hl7StoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -418,19 +518,18 @@ func (o Hl7StoreIamBindingOutput) Etag() pulumi.StringOutput { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o Hl7StoreIamBindingOutput) Hl7V2StoreId() pulumi.StringOutput { return o.ApplyT(func(v *Hl7StoreIamBinding) pulumi.StringOutput { return v.Hl7V2StoreId }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o Hl7StoreIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *Hl7StoreIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/healthcare/hl7StoreIamMember.go b/sdk/go/gcp/healthcare/hl7StoreIamMember.go index 053656babc..04637fa31a 100644 --- a/sdk/go/gcp/healthcare/hl7StoreIamMember.go +++ b/sdk/go/gcp/healthcare/hl7StoreIamMember.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_healthcare\_hl7\_v2\_store\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewHl7StoreIamPolicy(ctx, "hl7_v2_store", &healthcare.Hl7StoreIamPolicyArgs{ +// Hl7V2StoreId: pulumi.String("your-hl7-v2-store-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_hl7\_v2\_store\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewHl7StoreIamBinding(ctx, "hl7_v2_store", &healthcare.Hl7StoreIamBindingArgs{ +// Hl7V2StoreId: pulumi.String("your-hl7-v2-store-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_hl7\_v2\_store\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewHl7StoreIamMember(ctx, "hl7_v2_store", &healthcare.Hl7StoreIamMemberArgs{ +// Hl7V2StoreId: pulumi.String("your-hl7-v2-store-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -162,17 +267,16 @@ type Hl7StoreIamMember struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Hl7V2StoreId pulumi.StringOutput `pulumi:"hl7V2StoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Hl7V2StoreId pulumi.StringOutput `pulumi:"hl7V2StoreId"` - Member pulumi.StringOutput `pulumi:"member"` + Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `healthcare.Hl7StoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -225,17 +329,16 @@ type hl7StoreIamMemberState struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Hl7V2StoreId *string `pulumi:"hl7V2StoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Hl7V2StoreId *string `pulumi:"hl7V2StoreId"` - Member *string `pulumi:"member"` + Member *string `pulumi:"member"` // The role that should be applied. Only one // `healthcare.Hl7StoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -250,17 +353,16 @@ type Hl7StoreIamMemberState struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Hl7V2StoreId pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Hl7V2StoreId pulumi.StringPtrInput - Member pulumi.StringPtrInput + Member pulumi.StringPtrInput // The role that should be applied. Only one // `healthcare.Hl7StoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -277,17 +379,16 @@ type hl7StoreIamMemberArgs struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Hl7V2StoreId string `pulumi:"hl7V2StoreId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Hl7V2StoreId string `pulumi:"hl7V2StoreId"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The role that should be applied. Only one // `healthcare.Hl7StoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -301,17 +402,16 @@ type Hl7StoreIamMemberArgs struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Hl7V2StoreId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Hl7V2StoreId pulumi.StringInput - Member pulumi.StringInput + Member pulumi.StringInput // The role that should be applied. Only one // `healthcare.Hl7StoreIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -418,19 +518,18 @@ func (o Hl7StoreIamMemberOutput) Etag() pulumi.StringOutput { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o Hl7StoreIamMemberOutput) Hl7V2StoreId() pulumi.StringOutput { return o.ApplyT(func(v *Hl7StoreIamMember) pulumi.StringOutput { return v.Hl7V2StoreId }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o Hl7StoreIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *Hl7StoreIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/healthcare/hl7StoreIamPolicy.go b/sdk/go/gcp/healthcare/hl7StoreIamPolicy.go index 83083d27fb..40ff7b41c9 100644 --- a/sdk/go/gcp/healthcare/hl7StoreIamPolicy.go +++ b/sdk/go/gcp/healthcare/hl7StoreIamPolicy.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_healthcare\_hl7\_v2\_store\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = healthcare.NewHl7StoreIamPolicy(ctx, "hl7_v2_store", &healthcare.Hl7StoreIamPolicyArgs{ +// Hl7V2StoreId: pulumi.String("your-hl7-v2-store-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_hl7\_v2\_store\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewHl7StoreIamBinding(ctx, "hl7_v2_store", &healthcare.Hl7StoreIamBindingArgs{ +// Hl7V2StoreId: pulumi.String("your-hl7-v2-store-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_healthcare\_hl7\_v2\_store\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/healthcare" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := healthcare.NewHl7StoreIamMember(ctx, "hl7_v2_store", &healthcare.Hl7StoreIamMemberArgs{ +// Hl7V2StoreId: pulumi.String("your-hl7-v2-store-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -161,15 +266,6 @@ type Hl7StoreIamPolicy struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Hl7V2StoreId pulumi.StringOutput `pulumi:"hl7V2StoreId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -218,15 +314,6 @@ type hl7StoreIamPolicyState struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Hl7V2StoreId *string `pulumi:"hl7V2StoreId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -240,15 +327,6 @@ type Hl7StoreIamPolicyState struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Hl7V2StoreId pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -264,15 +342,6 @@ type hl7StoreIamPolicyArgs struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Hl7V2StoreId string `pulumi:"hl7V2StoreId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -285,15 +354,6 @@ type Hl7StoreIamPolicyArgs struct { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Hl7V2StoreId pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -396,15 +456,6 @@ func (o Hl7StoreIamPolicyOutput) Etag() pulumi.StringOutput { // `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or // `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o Hl7StoreIamPolicyOutput) Hl7V2StoreId() pulumi.StringOutput { return o.ApplyT(func(v *Hl7StoreIamPolicy) pulumi.StringOutput { return v.Hl7V2StoreId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/appEngineServiceIamBinding.go b/sdk/go/gcp/iap/appEngineServiceIamBinding.go index 65f65f3257..72bd68a2ab 100644 --- a/sdk/go/gcp/iap/appEngineServiceIamBinding.go +++ b/sdk/go/gcp/iap/appEngineServiceIamBinding.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_iap\_app\_engine\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_app\_engine\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.AppEngineServiceIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_app\_engine\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.AppEngineServiceIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -309,13 +544,9 @@ type AppEngineServiceIamBinding struct { // Structure is documented below. Condition AppEngineServiceIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -325,6 +556,9 @@ type AppEngineServiceIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -382,13 +616,9 @@ type appEngineServiceIamBindingState struct { // Structure is documented below. Condition *AppEngineServiceIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -398,6 +628,9 @@ type appEngineServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -414,13 +647,9 @@ type AppEngineServiceIamBindingState struct { // Structure is documented below. Condition AppEngineServiceIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -430,6 +659,9 @@ type AppEngineServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -449,12 +681,8 @@ type appEngineServiceIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *AppEngineServiceIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -464,6 +692,9 @@ type appEngineServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -480,12 +711,8 @@ type AppEngineServiceIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineServiceIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -495,6 +722,9 @@ type AppEngineServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -607,24 +837,23 @@ func (o AppEngineServiceIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *AppEngineServiceIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AppEngineServiceIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *AppEngineServiceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AppEngineServiceIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AppEngineServiceIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/appEngineServiceIamMember.go b/sdk/go/gcp/iap/appEngineServiceIamMember.go index 9b81ab44b3..3db634fada 100644 --- a/sdk/go/gcp/iap/appEngineServiceIamMember.go +++ b/sdk/go/gcp/iap/appEngineServiceIamMember.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_iap\_app\_engine\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_app\_engine\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.AppEngineServiceIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_app\_engine\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.AppEngineServiceIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -309,13 +544,9 @@ type AppEngineServiceIamMember struct { // Structure is documented below. Condition AppEngineServiceIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -325,6 +556,9 @@ type AppEngineServiceIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -382,13 +616,9 @@ type appEngineServiceIamMemberState struct { // Structure is documented below. Condition *AppEngineServiceIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -398,6 +628,9 @@ type appEngineServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -414,13 +647,9 @@ type AppEngineServiceIamMemberState struct { // Structure is documented below. Condition AppEngineServiceIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -430,6 +659,9 @@ type AppEngineServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -449,12 +681,8 @@ type appEngineServiceIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *AppEngineServiceIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -464,6 +692,9 @@ type appEngineServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -480,12 +711,8 @@ type AppEngineServiceIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineServiceIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -495,6 +722,9 @@ type AppEngineServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -607,24 +837,23 @@ func (o AppEngineServiceIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *AppEngineServiceIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AppEngineServiceIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *AppEngineServiceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AppEngineServiceIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AppEngineServiceIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/appEngineServiceIamPolicy.go b/sdk/go/gcp/iap/appEngineServiceIamPolicy.go index 11eb03eadf..dec911996b 100644 --- a/sdk/go/gcp/iap/appEngineServiceIamPolicy.go +++ b/sdk/go/gcp/iap/appEngineServiceIamPolicy.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_iap\_app\_engine\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewAppEngineServiceIamPolicy(ctx, "policy", &iap.AppEngineServiceIamPolicyArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_app\_engine\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineServiceIamBinding(ctx, "binding", &iap.AppEngineServiceIamBindingArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.AppEngineServiceIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_app\_engine\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineServiceIamMember(ctx, "member", &iap.AppEngineServiceIamMemberArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.AppEngineServiceIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -312,18 +547,6 @@ type AppEngineServiceIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringOutput `pulumi:"service"` @@ -377,18 +600,6 @@ type appEngineServiceIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service *string `pulumi:"service"` @@ -404,18 +615,6 @@ type AppEngineServiceIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringPtrInput @@ -433,18 +632,6 @@ type appEngineServiceIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service string `pulumi:"service"` @@ -459,18 +646,6 @@ type AppEngineServiceIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringInput @@ -581,18 +756,6 @@ func (o AppEngineServiceIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AppEngineServiceIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AppEngineServiceIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/appEngineVersionIamBinding.go b/sdk/go/gcp/iap/appEngineVersionIamBinding.go index 6474157c60..c908529ae4 100644 --- a/sdk/go/gcp/iap/appEngineVersionIamBinding.go +++ b/sdk/go/gcp/iap/appEngineVersionIamBinding.go @@ -269,6 +269,247 @@ import ( // ``` // // +// ## google\_iap\_app\_engine\_version\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_app\_engine\_version\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.AppEngineVersionIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_app\_engine\_version\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.AppEngineVersionIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -315,13 +556,9 @@ type AppEngineVersionIamBinding struct { // Structure is documented below. Condition AppEngineVersionIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -331,6 +568,9 @@ type AppEngineVersionIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format @@ -393,13 +633,9 @@ type appEngineVersionIamBindingState struct { // Structure is documented below. Condition *AppEngineVersionIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -409,6 +645,9 @@ type appEngineVersionIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format @@ -427,13 +666,9 @@ type AppEngineVersionIamBindingState struct { // Structure is documented below. Condition AppEngineVersionIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -443,6 +678,9 @@ type AppEngineVersionIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format @@ -464,12 +702,8 @@ type appEngineVersionIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *AppEngineVersionIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -479,6 +713,9 @@ type appEngineVersionIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format @@ -497,12 +734,8 @@ type AppEngineVersionIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineVersionIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -512,6 +745,9 @@ type AppEngineVersionIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format @@ -626,24 +862,23 @@ func (o AppEngineVersionIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *AppEngineVersionIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AppEngineVersionIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *AppEngineVersionIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AppEngineVersionIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AppEngineVersionIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/appEngineVersionIamMember.go b/sdk/go/gcp/iap/appEngineVersionIamMember.go index b956ee5a74..4647d8b124 100644 --- a/sdk/go/gcp/iap/appEngineVersionIamMember.go +++ b/sdk/go/gcp/iap/appEngineVersionIamMember.go @@ -269,6 +269,247 @@ import ( // ``` // // +// ## google\_iap\_app\_engine\_version\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_app\_engine\_version\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.AppEngineVersionIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_app\_engine\_version\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.AppEngineVersionIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -315,13 +556,9 @@ type AppEngineVersionIamMember struct { // Structure is documented below. Condition AppEngineVersionIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -331,6 +568,9 @@ type AppEngineVersionIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format @@ -393,13 +633,9 @@ type appEngineVersionIamMemberState struct { // Structure is documented below. Condition *AppEngineVersionIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -409,6 +645,9 @@ type appEngineVersionIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format @@ -427,13 +666,9 @@ type AppEngineVersionIamMemberState struct { // Structure is documented below. Condition AppEngineVersionIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -443,6 +678,9 @@ type AppEngineVersionIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format @@ -464,12 +702,8 @@ type appEngineVersionIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *AppEngineVersionIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -479,6 +713,9 @@ type appEngineVersionIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format @@ -497,12 +734,8 @@ type AppEngineVersionIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition AppEngineVersionIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -512,6 +745,9 @@ type AppEngineVersionIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format @@ -626,24 +862,23 @@ func (o AppEngineVersionIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *AppEngineVersionIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AppEngineVersionIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *AppEngineVersionIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AppEngineVersionIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AppEngineVersionIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/appEngineVersionIamPolicy.go b/sdk/go/gcp/iap/appEngineVersionIamPolicy.go index b992831629..c18a18fe57 100644 --- a/sdk/go/gcp/iap/appEngineVersionIamPolicy.go +++ b/sdk/go/gcp/iap/appEngineVersionIamPolicy.go @@ -269,6 +269,247 @@ import ( // ``` // // +// ## google\_iap\_app\_engine\_version\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewAppEngineVersionIamPolicy(ctx, "policy", &iap.AppEngineVersionIamPolicyArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_app\_engine\_version\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineVersionIamBinding(ctx, "binding", &iap.AppEngineVersionIamBindingArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.AppEngineVersionIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_app\_engine\_version\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewAppEngineVersionIamMember(ctx, "member", &iap.AppEngineVersionIamMemberArgs{ +// Project: pulumi.Any(version.Project), +// AppId: pulumi.Any(version.Project), +// Service: pulumi.Any(version.Service), +// VersionId: pulumi.Any(version.VersionId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.AppEngineVersionIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -318,18 +559,6 @@ type AppEngineVersionIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringOutput `pulumi:"service"` @@ -388,18 +617,6 @@ type appEngineVersionIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service *string `pulumi:"service"` @@ -417,18 +634,6 @@ type AppEngineVersionIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringPtrInput @@ -448,18 +653,6 @@ type appEngineVersionIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service string `pulumi:"service"` @@ -476,18 +669,6 @@ type AppEngineVersionIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Service id of the App Engine application Used to find the parent resource to bind the IAM policy to Service pulumi.StringInput @@ -600,18 +781,6 @@ func (o AppEngineVersionIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AppEngineVersionIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AppEngineVersionIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/tunnelDestGroupIamBinding.go b/sdk/go/gcp/iap/tunnelDestGroupIamBinding.go index 1af9fa6fcf..ceeca54801 100644 --- a/sdk/go/gcp/iap/tunnelDestGroupIamBinding.go +++ b/sdk/go/gcp/iap/tunnelDestGroupIamBinding.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_iap\_tunnel\_dest\_group\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelDestGroupIamPolicy(ctx, "policy", &iap.TunnelDestGroupIamPolicyArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelDestGroupIamPolicy(ctx, "policy", &iap.TunnelDestGroupIamPolicyArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_dest\_group\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelDestGroupIamBinding(ctx, "binding", &iap.TunnelDestGroupIamBindingArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelDestGroupIamBinding(ctx, "binding", &iap.TunnelDestGroupIamBindingArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.TunnelDestGroupIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_dest\_group\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelDestGroupIamMember(ctx, "member", &iap.TunnelDestGroupIamMemberArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelDestGroupIamMember(ctx, "member", &iap.TunnelDestGroupIamMemberArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.TunnelDestGroupIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -310,13 +545,9 @@ type TunnelDestGroupIamBinding struct { Condition TunnelDestGroupIamBindingConditionPtrOutput `pulumi:"condition"` DestGroup pulumi.StringOutput `pulumi:"destGroup"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +557,9 @@ type TunnelDestGroupIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -382,13 +616,9 @@ type tunnelDestGroupIamBindingState struct { Condition *TunnelDestGroupIamBindingCondition `pulumi:"condition"` DestGroup *string `pulumi:"destGroup"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -398,6 +628,9 @@ type tunnelDestGroupIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -416,13 +649,9 @@ type TunnelDestGroupIamBindingState struct { Condition TunnelDestGroupIamBindingConditionPtrInput DestGroup pulumi.StringPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -432,6 +661,9 @@ type TunnelDestGroupIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -453,12 +685,8 @@ type tunnelDestGroupIamBindingArgs struct { // Structure is documented below. Condition *TunnelDestGroupIamBindingCondition `pulumi:"condition"` DestGroup string `pulumi:"destGroup"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -468,6 +696,9 @@ type tunnelDestGroupIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -486,12 +717,8 @@ type TunnelDestGroupIamBindingArgs struct { // Structure is documented below. Condition TunnelDestGroupIamBindingConditionPtrInput DestGroup pulumi.StringInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -501,6 +728,9 @@ type TunnelDestGroupIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -615,24 +845,23 @@ func (o TunnelDestGroupIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TunnelDestGroupIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelDestGroupIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *TunnelDestGroupIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelDestGroupIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TunnelDestGroupIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/tunnelDestGroupIamMember.go b/sdk/go/gcp/iap/tunnelDestGroupIamMember.go index 9529500b40..e6a2182315 100644 --- a/sdk/go/gcp/iap/tunnelDestGroupIamMember.go +++ b/sdk/go/gcp/iap/tunnelDestGroupIamMember.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_iap\_tunnel\_dest\_group\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelDestGroupIamPolicy(ctx, "policy", &iap.TunnelDestGroupIamPolicyArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelDestGroupIamPolicy(ctx, "policy", &iap.TunnelDestGroupIamPolicyArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_dest\_group\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelDestGroupIamBinding(ctx, "binding", &iap.TunnelDestGroupIamBindingArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelDestGroupIamBinding(ctx, "binding", &iap.TunnelDestGroupIamBindingArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.TunnelDestGroupIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_dest\_group\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelDestGroupIamMember(ctx, "member", &iap.TunnelDestGroupIamMemberArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelDestGroupIamMember(ctx, "member", &iap.TunnelDestGroupIamMemberArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.TunnelDestGroupIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -310,13 +545,9 @@ type TunnelDestGroupIamMember struct { Condition TunnelDestGroupIamMemberConditionPtrOutput `pulumi:"condition"` DestGroup pulumi.StringOutput `pulumi:"destGroup"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +557,9 @@ type TunnelDestGroupIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -382,13 +616,9 @@ type tunnelDestGroupIamMemberState struct { Condition *TunnelDestGroupIamMemberCondition `pulumi:"condition"` DestGroup *string `pulumi:"destGroup"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -398,6 +628,9 @@ type tunnelDestGroupIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -416,13 +649,9 @@ type TunnelDestGroupIamMemberState struct { Condition TunnelDestGroupIamMemberConditionPtrInput DestGroup pulumi.StringPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -432,6 +661,9 @@ type TunnelDestGroupIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -453,12 +685,8 @@ type tunnelDestGroupIamMemberArgs struct { // Structure is documented below. Condition *TunnelDestGroupIamMemberCondition `pulumi:"condition"` DestGroup string `pulumi:"destGroup"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -468,6 +696,9 @@ type tunnelDestGroupIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -486,12 +717,8 @@ type TunnelDestGroupIamMemberArgs struct { // Structure is documented below. Condition TunnelDestGroupIamMemberConditionPtrInput DestGroup pulumi.StringInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -501,6 +728,9 @@ type TunnelDestGroupIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -615,24 +845,23 @@ func (o TunnelDestGroupIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TunnelDestGroupIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelDestGroupIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *TunnelDestGroupIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelDestGroupIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TunnelDestGroupIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/tunnelDestGroupIamPolicy.go b/sdk/go/gcp/iap/tunnelDestGroupIamPolicy.go index 007c934f1b..ad8ebfe3ed 100644 --- a/sdk/go/gcp/iap/tunnelDestGroupIamPolicy.go +++ b/sdk/go/gcp/iap/tunnelDestGroupIamPolicy.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_iap\_tunnel\_dest\_group\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelDestGroupIamPolicy(ctx, "policy", &iap.TunnelDestGroupIamPolicyArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelDestGroupIamPolicy(ctx, "policy", &iap.TunnelDestGroupIamPolicyArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_dest\_group\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelDestGroupIamBinding(ctx, "binding", &iap.TunnelDestGroupIamBindingArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelDestGroupIamBinding(ctx, "binding", &iap.TunnelDestGroupIamBindingArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.TunnelDestGroupIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_dest\_group\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelDestGroupIamMember(ctx, "member", &iap.TunnelDestGroupIamMemberArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelDestGroupIamMember(ctx, "member", &iap.TunnelDestGroupIamMemberArgs{ +// Project: pulumi.Any(destGroup.Project), +// Region: pulumi.Any(destGroup.Region), +// DestGroup: pulumi.Any(destGroup.GroupName), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.TunnelDestGroupIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -313,18 +548,6 @@ type TunnelDestGroupIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -377,18 +600,6 @@ type tunnelDestGroupIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -406,18 +617,6 @@ type TunnelDestGroupIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -437,18 +636,6 @@ type tunnelDestGroupIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -465,18 +652,6 @@ type TunnelDestGroupIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The region of the tunnel group. Must be the same as the network resources in the group. // Used to find the parent resource to bind the IAM policy to. If not specified, @@ -589,18 +764,6 @@ func (o TunnelDestGroupIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelDestGroupIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TunnelDestGroupIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/tunnelIamBinding.go b/sdk/go/gcp/iap/tunnelIamBinding.go index 50f9e415c0..e4a5b6b1f9 100644 --- a/sdk/go/gcp/iap/tunnelIamBinding.go +++ b/sdk/go/gcp/iap/tunnelIamBinding.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_iap\_tunnel\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.TunnelIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.TunnelIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -291,13 +514,9 @@ type TunnelIamBinding struct { // Structure is documented below. Condition TunnelIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -307,6 +526,9 @@ type TunnelIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format @@ -354,13 +576,9 @@ type tunnelIamBindingState struct { // Structure is documented below. Condition *TunnelIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -370,6 +588,9 @@ type tunnelIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format @@ -382,13 +603,9 @@ type TunnelIamBindingState struct { // Structure is documented below. Condition TunnelIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -398,6 +615,9 @@ type TunnelIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format @@ -413,12 +633,8 @@ type tunnelIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *TunnelIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -428,6 +644,9 @@ type tunnelIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format @@ -440,12 +659,8 @@ type TunnelIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -455,6 +670,9 @@ type TunnelIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format @@ -560,24 +778,23 @@ func (o TunnelIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TunnelIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *TunnelIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TunnelIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/tunnelIamMember.go b/sdk/go/gcp/iap/tunnelIamMember.go index a6ff5bf6df..d5a5059380 100644 --- a/sdk/go/gcp/iap/tunnelIamMember.go +++ b/sdk/go/gcp/iap/tunnelIamMember.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_iap\_tunnel\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.TunnelIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.TunnelIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -291,13 +514,9 @@ type TunnelIamMember struct { // Structure is documented below. Condition TunnelIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -307,6 +526,9 @@ type TunnelIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format @@ -354,13 +576,9 @@ type tunnelIamMemberState struct { // Structure is documented below. Condition *TunnelIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -370,6 +588,9 @@ type tunnelIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format @@ -382,13 +603,9 @@ type TunnelIamMemberState struct { // Structure is documented below. Condition TunnelIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -398,6 +615,9 @@ type TunnelIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format @@ -413,12 +633,8 @@ type tunnelIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *TunnelIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -428,6 +644,9 @@ type tunnelIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format @@ -440,12 +659,8 @@ type TunnelIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition TunnelIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -455,6 +670,9 @@ type TunnelIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format @@ -560,24 +778,23 @@ func (o TunnelIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TunnelIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *TunnelIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TunnelIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/tunnelIamPolicy.go b/sdk/go/gcp/iap/tunnelIamPolicy.go index 765374a7fb..786b8d38e2 100644 --- a/sdk/go/gcp/iap/tunnelIamPolicy.go +++ b/sdk/go/gcp/iap/tunnelIamPolicy.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_iap\_tunnel\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelIamPolicy(ctx, "policy", &iap.TunnelIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelIamBinding(ctx, "binding", &iap.TunnelIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.TunnelIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelIamMember(ctx, "member", &iap.TunnelIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.TunnelIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -294,18 +517,6 @@ type TunnelIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -349,18 +560,6 @@ type tunnelIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -372,18 +571,6 @@ type TunnelIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -397,18 +584,6 @@ type tunnelIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -419,18 +594,6 @@ type TunnelIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -534,18 +697,6 @@ func (o TunnelIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TunnelIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/tunnelInstanceIAMBinding.go b/sdk/go/gcp/iap/tunnelInstanceIAMBinding.go index 79fba7852f..b40401195f 100644 --- a/sdk/go/gcp/iap/tunnelInstanceIAMBinding.go +++ b/sdk/go/gcp/iap/tunnelInstanceIAMBinding.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_iap\_tunnel\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.TunnelInstanceIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.TunnelInstanceIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -311,13 +546,9 @@ type TunnelInstanceIAMBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - Instance pulumi.StringOutput `pulumi:"instance"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringOutput `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -327,6 +558,9 @@ type TunnelInstanceIAMBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -380,13 +614,9 @@ type tunnelInstanceIAMBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - Instance *string `pulumi:"instance"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance *string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -396,6 +626,9 @@ type tunnelInstanceIAMBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -412,12 +645,8 @@ type TunnelInstanceIAMBindingState struct { Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -427,6 +656,9 @@ type TunnelInstanceIAMBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -444,13 +676,9 @@ type tunnelInstanceIAMBindingArgs struct { // Structure is documented below. Condition *TunnelInstanceIAMBindingCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - Instance string `pulumi:"instance"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -460,6 +688,9 @@ type tunnelInstanceIAMBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -475,12 +706,8 @@ type TunnelInstanceIAMBindingArgs struct { Condition TunnelInstanceIAMBindingConditionPtrInput // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -490,6 +717,9 @@ type TunnelInstanceIAMBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -601,24 +831,23 @@ func (o TunnelInstanceIAMBindingOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *TunnelInstanceIAMBinding) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelInstanceIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *TunnelInstanceIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelInstanceIAMBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TunnelInstanceIAMBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/tunnelInstanceIAMMember.go b/sdk/go/gcp/iap/tunnelInstanceIAMMember.go index 682c18a2a0..a85e609765 100644 --- a/sdk/go/gcp/iap/tunnelInstanceIAMMember.go +++ b/sdk/go/gcp/iap/tunnelInstanceIAMMember.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_iap\_tunnel\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.TunnelInstanceIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.TunnelInstanceIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -312,12 +547,8 @@ type TunnelInstanceIAMMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringOutput `pulumi:"instance"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -327,6 +558,9 @@ type TunnelInstanceIAMMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -381,12 +615,8 @@ type tunnelInstanceIAMMemberState struct { Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to Instance *string `pulumi:"instance"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -396,6 +626,9 @@ type tunnelInstanceIAMMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -412,12 +645,8 @@ type TunnelInstanceIAMMemberState struct { Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -427,6 +656,9 @@ type TunnelInstanceIAMMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -445,12 +677,8 @@ type tunnelInstanceIAMMemberArgs struct { Condition *TunnelInstanceIAMMemberCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to Instance string `pulumi:"instance"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -460,6 +688,9 @@ type tunnelInstanceIAMMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -475,12 +706,8 @@ type TunnelInstanceIAMMemberArgs struct { Condition TunnelInstanceIAMMemberConditionPtrInput // Used to find the parent resource to bind the IAM policy to Instance pulumi.StringInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -490,6 +717,9 @@ type TunnelInstanceIAMMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format @@ -601,24 +831,23 @@ func (o TunnelInstanceIAMMemberOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *TunnelInstanceIAMMember) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelInstanceIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *TunnelInstanceIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelInstanceIAMMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TunnelInstanceIAMMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/tunnelInstanceIAMPolicy.go b/sdk/go/gcp/iap/tunnelInstanceIAMPolicy.go index 89796cce41..419c7ccade 100644 --- a/sdk/go/gcp/iap/tunnelInstanceIAMPolicy.go +++ b/sdk/go/gcp/iap/tunnelInstanceIAMPolicy.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_iap\_tunnel\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.tunnelResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewTunnelInstanceIAMPolicy(ctx, "policy", &iap.TunnelInstanceIAMPolicyArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelInstanceIAMBinding(ctx, "binding", &iap.TunnelInstanceIAMBindingArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.TunnelInstanceIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_tunnel\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewTunnelInstanceIAMMember(ctx, "member", &iap.TunnelInstanceIAMMemberArgs{ +// Project: pulumi.Any(tunnelvm.Project), +// Zone: pulumi.Any(tunnelvm.Zone), +// Instance: pulumi.Any(tunnelvm.Name), +// Role: pulumi.String("roles/iap.tunnelResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.TunnelInstanceIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -314,18 +549,6 @@ type TunnelInstanceIAMPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` Zone pulumi.StringOutput `pulumi:"zone"` } @@ -375,18 +598,6 @@ type tunnelInstanceIAMPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Zone *string `pulumi:"zone"` } @@ -401,18 +612,6 @@ type TunnelInstanceIAMPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Zone pulumi.StringPtrInput } @@ -429,18 +628,6 @@ type tunnelInstanceIAMPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Zone *string `pulumi:"zone"` } @@ -454,18 +641,6 @@ type TunnelInstanceIAMPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Zone pulumi.StringPtrInput } @@ -575,18 +750,6 @@ func (o TunnelInstanceIAMPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TunnelInstanceIAMPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TunnelInstanceIAMPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webBackendServiceIamBinding.go b/sdk/go/gcp/iap/webBackendServiceIamBinding.go index 4e3aceffbb..f31c57d219 100644 --- a/sdk/go/gcp/iap/webBackendServiceIamBinding.go +++ b/sdk/go/gcp/iap/webBackendServiceIamBinding.go @@ -257,6 +257,235 @@ import ( // ``` // // +// ## google\_iap\_web\_backend\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_backend\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebBackendServiceIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_backend\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebBackendServiceIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -299,13 +528,9 @@ type WebBackendServiceIamBinding struct { // Structure is documented below. Condition WebBackendServiceIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -315,6 +540,9 @@ type WebBackendServiceIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -367,13 +595,9 @@ type webBackendServiceIamBindingState struct { // Structure is documented below. Condition *WebBackendServiceIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -383,6 +607,9 @@ type webBackendServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -397,13 +624,9 @@ type WebBackendServiceIamBindingState struct { // Structure is documented below. Condition WebBackendServiceIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -413,6 +636,9 @@ type WebBackendServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -430,12 +656,8 @@ type webBackendServiceIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *WebBackendServiceIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -445,6 +667,9 @@ type webBackendServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -459,12 +684,8 @@ type WebBackendServiceIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebBackendServiceIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -474,6 +695,9 @@ type WebBackendServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -581,24 +805,23 @@ func (o WebBackendServiceIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *WebBackendServiceIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebBackendServiceIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *WebBackendServiceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebBackendServiceIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebBackendServiceIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webBackendServiceIamMember.go b/sdk/go/gcp/iap/webBackendServiceIamMember.go index 98197a0f59..3de1c43ac9 100644 --- a/sdk/go/gcp/iap/webBackendServiceIamMember.go +++ b/sdk/go/gcp/iap/webBackendServiceIamMember.go @@ -257,6 +257,235 @@ import ( // ``` // // +// ## google\_iap\_web\_backend\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_backend\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebBackendServiceIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_backend\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebBackendServiceIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -299,13 +528,9 @@ type WebBackendServiceIamMember struct { // Structure is documented below. Condition WebBackendServiceIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -315,6 +540,9 @@ type WebBackendServiceIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -367,13 +595,9 @@ type webBackendServiceIamMemberState struct { // Structure is documented below. Condition *WebBackendServiceIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -383,6 +607,9 @@ type webBackendServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -397,13 +624,9 @@ type WebBackendServiceIamMemberState struct { // Structure is documented below. Condition WebBackendServiceIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -413,6 +636,9 @@ type WebBackendServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -430,12 +656,8 @@ type webBackendServiceIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *WebBackendServiceIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -445,6 +667,9 @@ type webBackendServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -459,12 +684,8 @@ type WebBackendServiceIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebBackendServiceIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -474,6 +695,9 @@ type WebBackendServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -581,24 +805,23 @@ func (o WebBackendServiceIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *WebBackendServiceIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebBackendServiceIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *WebBackendServiceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebBackendServiceIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebBackendServiceIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webBackendServiceIamPolicy.go b/sdk/go/gcp/iap/webBackendServiceIamPolicy.go index ea2c9bc560..a232d2ca33 100644 --- a/sdk/go/gcp/iap/webBackendServiceIamPolicy.go +++ b/sdk/go/gcp/iap/webBackendServiceIamPolicy.go @@ -257,6 +257,235 @@ import ( // ``` // // +// ## google\_iap\_web\_backend\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebBackendServiceIamPolicy(ctx, "policy", &iap.WebBackendServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_backend\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebBackendServiceIamBinding(ctx, "binding", &iap.WebBackendServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebBackendServiceIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_backend\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebBackendServiceIamMember(ctx, "member", &iap.WebBackendServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// WebBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebBackendServiceIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -302,18 +531,6 @@ type WebBackendServiceIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringOutput `pulumi:"webBackendService"` @@ -362,18 +579,6 @@ type webBackendServiceIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to WebBackendService *string `pulumi:"webBackendService"` @@ -387,18 +592,6 @@ type WebBackendServiceIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringPtrInput @@ -414,18 +607,6 @@ type webBackendServiceIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to WebBackendService string `pulumi:"webBackendService"` @@ -438,18 +619,6 @@ type WebBackendServiceIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to WebBackendService pulumi.StringInput @@ -555,18 +724,6 @@ func (o WebBackendServiceIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebBackendServiceIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebBackendServiceIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webIamBinding.go b/sdk/go/gcp/iap/webIamBinding.go index a49122003b..b338c88d62 100644 --- a/sdk/go/gcp/iap/webIamBinding.go +++ b/sdk/go/gcp/iap/webIamBinding.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_iap\_web\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -291,13 +514,9 @@ type WebIamBinding struct { // Structure is documented below. Condition WebIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -307,6 +526,9 @@ type WebIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format @@ -354,13 +576,9 @@ type webIamBindingState struct { // Structure is documented below. Condition *WebIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -370,6 +588,9 @@ type webIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format @@ -382,13 +603,9 @@ type WebIamBindingState struct { // Structure is documented below. Condition WebIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -398,6 +615,9 @@ type WebIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format @@ -413,12 +633,8 @@ type webIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *WebIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -428,6 +644,9 @@ type webIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format @@ -440,12 +659,8 @@ type WebIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -455,6 +670,9 @@ type WebIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format @@ -560,24 +778,23 @@ func (o WebIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *WebIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *WebIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webIamMember.go b/sdk/go/gcp/iap/webIamMember.go index 6efafcef07..aecdcdef71 100644 --- a/sdk/go/gcp/iap/webIamMember.go +++ b/sdk/go/gcp/iap/webIamMember.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_iap\_web\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -291,13 +514,9 @@ type WebIamMember struct { // Structure is documented below. Condition WebIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -307,6 +526,9 @@ type WebIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format @@ -354,13 +576,9 @@ type webIamMemberState struct { // Structure is documented below. Condition *WebIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -370,6 +588,9 @@ type webIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format @@ -382,13 +603,9 @@ type WebIamMemberState struct { // Structure is documented below. Condition WebIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -398,6 +615,9 @@ type WebIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format @@ -413,12 +633,8 @@ type webIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *WebIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -428,6 +644,9 @@ type webIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format @@ -440,12 +659,8 @@ type WebIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -455,6 +670,9 @@ type WebIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format @@ -560,24 +778,23 @@ func (o WebIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *WebIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *WebIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webIamPolicy.go b/sdk/go/gcp/iap/webIamPolicy.go index 30ad87d0a8..f9fce636ac 100644 --- a/sdk/go/gcp/iap/webIamPolicy.go +++ b/sdk/go/gcp/iap/webIamPolicy.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_iap\_web\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebIamPolicy(ctx, "policy", &iap.WebIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebIamBinding(ctx, "binding", &iap.WebIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebIamMember(ctx, "member", &iap.WebIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -294,18 +517,6 @@ type WebIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -349,18 +560,6 @@ type webIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -372,18 +571,6 @@ type WebIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -397,18 +584,6 @@ type webIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -419,18 +594,6 @@ type WebIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -534,18 +697,6 @@ func (o WebIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webRegionBackendServiceIamBinding.go b/sdk/go/gcp/iap/webRegionBackendServiceIamBinding.go index 3c76118286..21adecb8d3 100644 --- a/sdk/go/gcp/iap/webRegionBackendServiceIamBinding.go +++ b/sdk/go/gcp/iap/webRegionBackendServiceIamBinding.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_iap\_web\_region\_backend\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, "policy", &iap.WebRegionBackendServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, "policy", &iap.WebRegionBackendServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_region\_backend\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebRegionBackendServiceIamBinding(ctx, "binding", &iap.WebRegionBackendServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebRegionBackendServiceIamBinding(ctx, "binding", &iap.WebRegionBackendServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebRegionBackendServiceIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_region\_backend\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebRegionBackendServiceIamMember(ctx, "member", &iap.WebRegionBackendServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebRegionBackendServiceIamMember(ctx, "member", &iap.WebRegionBackendServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebRegionBackendServiceIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -307,13 +542,9 @@ type WebRegionBackendServiceIamBinding struct { // Structure is documented below. Condition WebRegionBackendServiceIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -323,6 +554,9 @@ type WebRegionBackendServiceIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // The role that should be applied. Only one @@ -376,13 +610,9 @@ type webRegionBackendServiceIamBindingState struct { // Structure is documented below. Condition *WebRegionBackendServiceIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -392,6 +622,9 @@ type webRegionBackendServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -407,13 +640,9 @@ type WebRegionBackendServiceIamBindingState struct { // Structure is documented below. Condition WebRegionBackendServiceIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -423,6 +652,9 @@ type WebRegionBackendServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -441,12 +673,8 @@ type webRegionBackendServiceIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *WebRegionBackendServiceIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -456,6 +684,9 @@ type webRegionBackendServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -471,12 +702,8 @@ type WebRegionBackendServiceIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebRegionBackendServiceIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -486,6 +713,9 @@ type WebRegionBackendServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -596,24 +826,23 @@ func (o WebRegionBackendServiceIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *WebRegionBackendServiceIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebRegionBackendServiceIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *WebRegionBackendServiceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebRegionBackendServiceIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebRegionBackendServiceIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webRegionBackendServiceIamMember.go b/sdk/go/gcp/iap/webRegionBackendServiceIamMember.go index 4677995060..6d64cc901c 100644 --- a/sdk/go/gcp/iap/webRegionBackendServiceIamMember.go +++ b/sdk/go/gcp/iap/webRegionBackendServiceIamMember.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_iap\_web\_region\_backend\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, "policy", &iap.WebRegionBackendServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, "policy", &iap.WebRegionBackendServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_region\_backend\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebRegionBackendServiceIamBinding(ctx, "binding", &iap.WebRegionBackendServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebRegionBackendServiceIamBinding(ctx, "binding", &iap.WebRegionBackendServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebRegionBackendServiceIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_region\_backend\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebRegionBackendServiceIamMember(ctx, "member", &iap.WebRegionBackendServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebRegionBackendServiceIamMember(ctx, "member", &iap.WebRegionBackendServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebRegionBackendServiceIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -307,13 +542,9 @@ type WebRegionBackendServiceIamMember struct { // Structure is documented below. Condition WebRegionBackendServiceIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -323,6 +554,9 @@ type WebRegionBackendServiceIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // The role that should be applied. Only one @@ -376,13 +610,9 @@ type webRegionBackendServiceIamMemberState struct { // Structure is documented below. Condition *WebRegionBackendServiceIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -392,6 +622,9 @@ type webRegionBackendServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -407,13 +640,9 @@ type WebRegionBackendServiceIamMemberState struct { // Structure is documented below. Condition WebRegionBackendServiceIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -423,6 +652,9 @@ type WebRegionBackendServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -441,12 +673,8 @@ type webRegionBackendServiceIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *WebRegionBackendServiceIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -456,6 +684,9 @@ type webRegionBackendServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Region *string `pulumi:"region"` // The role that should be applied. Only one @@ -471,12 +702,8 @@ type WebRegionBackendServiceIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebRegionBackendServiceIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -486,6 +713,9 @@ type WebRegionBackendServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Region pulumi.StringPtrInput // The role that should be applied. Only one @@ -596,24 +826,23 @@ func (o WebRegionBackendServiceIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *WebRegionBackendServiceIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebRegionBackendServiceIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *WebRegionBackendServiceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebRegionBackendServiceIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebRegionBackendServiceIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webRegionBackendServiceIamPolicy.go b/sdk/go/gcp/iap/webRegionBackendServiceIamPolicy.go index 01eb1dcc0b..0232caf9c6 100644 --- a/sdk/go/gcp/iap/webRegionBackendServiceIamPolicy.go +++ b/sdk/go/gcp/iap/webRegionBackendServiceIamPolicy.go @@ -263,6 +263,241 @@ import ( // ``` // // +// ## google\_iap\_web\_region\_backend\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, "policy", &iap.WebRegionBackendServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebRegionBackendServiceIamPolicy(ctx, "policy", &iap.WebRegionBackendServiceIamPolicyArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_region\_backend\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebRegionBackendServiceIamBinding(ctx, "binding", &iap.WebRegionBackendServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebRegionBackendServiceIamBinding(ctx, "binding", &iap.WebRegionBackendServiceIamBindingArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebRegionBackendServiceIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_region\_backend\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebRegionBackendServiceIamMember(ctx, "member", &iap.WebRegionBackendServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebRegionBackendServiceIamMember(ctx, "member", &iap.WebRegionBackendServiceIamMemberArgs{ +// Project: pulumi.Any(_default.Project), +// Region: pulumi.Any(_default.Region), +// WebRegionBackendService: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebRegionBackendServiceIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -310,18 +545,6 @@ type WebRegionBackendServiceIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` Region pulumi.StringOutput `pulumi:"region"` // Used to find the parent resource to bind the IAM policy to @@ -371,18 +594,6 @@ type webRegionBackendServiceIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Region *string `pulumi:"region"` // Used to find the parent resource to bind the IAM policy to @@ -397,18 +608,6 @@ type WebRegionBackendServiceIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Region pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to @@ -425,18 +624,6 @@ type webRegionBackendServiceIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Region *string `pulumi:"region"` // Used to find the parent resource to bind the IAM policy to @@ -450,18 +637,6 @@ type WebRegionBackendServiceIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Region pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to @@ -568,18 +743,6 @@ func (o WebRegionBackendServiceIamPolicyOutput) PolicyData() pulumi.StringOutput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebRegionBackendServiceIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebRegionBackendServiceIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webTypeAppEngingIamBinding.go b/sdk/go/gcp/iap/webTypeAppEngingIamBinding.go index d260fb1a6f..9e6515adae 100644 --- a/sdk/go/gcp/iap/webTypeAppEngingIamBinding.go +++ b/sdk/go/gcp/iap/webTypeAppEngingIamBinding.go @@ -257,6 +257,235 @@ import ( // ``` // // +// ## google\_iap\_web\_type\_app\_engine\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_type\_app\_engine\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebTypeAppEngingIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_type\_app\_engine\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebTypeAppEngingIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -301,13 +530,9 @@ type WebTypeAppEngingIamBinding struct { // Structure is documented below. Condition WebTypeAppEngingIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -317,6 +542,9 @@ type WebTypeAppEngingIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format @@ -369,13 +597,9 @@ type webTypeAppEngingIamBindingState struct { // Structure is documented below. Condition *WebTypeAppEngingIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -385,6 +609,9 @@ type webTypeAppEngingIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format @@ -399,13 +626,9 @@ type WebTypeAppEngingIamBindingState struct { // Structure is documented below. Condition WebTypeAppEngingIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -415,6 +638,9 @@ type WebTypeAppEngingIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format @@ -432,12 +658,8 @@ type webTypeAppEngingIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *WebTypeAppEngingIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -447,6 +669,9 @@ type webTypeAppEngingIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format @@ -461,12 +686,8 @@ type WebTypeAppEngingIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeAppEngingIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -476,6 +697,9 @@ type WebTypeAppEngingIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format @@ -586,24 +810,23 @@ func (o WebTypeAppEngingIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *WebTypeAppEngingIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebTypeAppEngingIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *WebTypeAppEngingIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebTypeAppEngingIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebTypeAppEngingIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webTypeAppEngingIamMember.go b/sdk/go/gcp/iap/webTypeAppEngingIamMember.go index 11ec37299f..a8584276ab 100644 --- a/sdk/go/gcp/iap/webTypeAppEngingIamMember.go +++ b/sdk/go/gcp/iap/webTypeAppEngingIamMember.go @@ -257,6 +257,235 @@ import ( // ``` // // +// ## google\_iap\_web\_type\_app\_engine\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_type\_app\_engine\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebTypeAppEngingIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_type\_app\_engine\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebTypeAppEngingIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -301,13 +530,9 @@ type WebTypeAppEngingIamMember struct { // Structure is documented below. Condition WebTypeAppEngingIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -317,6 +542,9 @@ type WebTypeAppEngingIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format @@ -369,13 +597,9 @@ type webTypeAppEngingIamMemberState struct { // Structure is documented below. Condition *WebTypeAppEngingIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -385,6 +609,9 @@ type webTypeAppEngingIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format @@ -399,13 +626,9 @@ type WebTypeAppEngingIamMemberState struct { // Structure is documented below. Condition WebTypeAppEngingIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -415,6 +638,9 @@ type WebTypeAppEngingIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format @@ -432,12 +658,8 @@ type webTypeAppEngingIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *WebTypeAppEngingIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -447,6 +669,9 @@ type webTypeAppEngingIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format @@ -461,12 +686,8 @@ type WebTypeAppEngingIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeAppEngingIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -476,6 +697,9 @@ type WebTypeAppEngingIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format @@ -586,24 +810,23 @@ func (o WebTypeAppEngingIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *WebTypeAppEngingIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebTypeAppEngingIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *WebTypeAppEngingIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebTypeAppEngingIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebTypeAppEngingIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webTypeAppEngingIamPolicy.go b/sdk/go/gcp/iap/webTypeAppEngingIamPolicy.go index 2d817a8984..84db553fde 100644 --- a/sdk/go/gcp/iap/webTypeAppEngingIamPolicy.go +++ b/sdk/go/gcp/iap/webTypeAppEngingIamPolicy.go @@ -257,6 +257,235 @@ import ( // ``` // // +// ## google\_iap\_web\_type\_app\_engine\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebTypeAppEngingIamPolicy(ctx, "policy", &iap.WebTypeAppEngingIamPolicyArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_type\_app\_engine\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeAppEngingIamBinding(ctx, "binding", &iap.WebTypeAppEngingIamBindingArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebTypeAppEngingIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_type\_app\_engine\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeAppEngingIamMember(ctx, "member", &iap.WebTypeAppEngingIamMemberArgs{ +// Project: pulumi.Any(app.Project), +// AppId: pulumi.Any(app.AppId), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebTypeAppEngingIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -304,18 +533,6 @@ type WebTypeAppEngingIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -364,18 +581,6 @@ type webTypeAppEngingIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -389,18 +594,6 @@ type WebTypeAppEngingIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -416,18 +609,6 @@ type webTypeAppEngingIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -440,18 +621,6 @@ type WebTypeAppEngingIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -560,18 +729,6 @@ func (o WebTypeAppEngingIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebTypeAppEngingIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebTypeAppEngingIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webTypeComputeIamBinding.go b/sdk/go/gcp/iap/webTypeComputeIamBinding.go index dc1546ba54..13e0472698 100644 --- a/sdk/go/gcp/iap/webTypeComputeIamBinding.go +++ b/sdk/go/gcp/iap/webTypeComputeIamBinding.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_iap\_web\_type\_compute\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_type\_compute\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebTypeComputeIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_type\_compute\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebTypeComputeIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -291,13 +514,9 @@ type WebTypeComputeIamBinding struct { // Structure is documented below. Condition WebTypeComputeIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -307,6 +526,9 @@ type WebTypeComputeIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format @@ -354,13 +576,9 @@ type webTypeComputeIamBindingState struct { // Structure is documented below. Condition *WebTypeComputeIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -370,6 +588,9 @@ type webTypeComputeIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format @@ -382,13 +603,9 @@ type WebTypeComputeIamBindingState struct { // Structure is documented below. Condition WebTypeComputeIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -398,6 +615,9 @@ type WebTypeComputeIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format @@ -413,12 +633,8 @@ type webTypeComputeIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *WebTypeComputeIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -428,6 +644,9 @@ type webTypeComputeIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format @@ -440,12 +659,8 @@ type WebTypeComputeIamBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeComputeIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -455,6 +670,9 @@ type WebTypeComputeIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format @@ -560,24 +778,23 @@ func (o WebTypeComputeIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *WebTypeComputeIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebTypeComputeIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *WebTypeComputeIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebTypeComputeIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebTypeComputeIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webTypeComputeIamMember.go b/sdk/go/gcp/iap/webTypeComputeIamMember.go index d026dc0d68..3954dedbc1 100644 --- a/sdk/go/gcp/iap/webTypeComputeIamMember.go +++ b/sdk/go/gcp/iap/webTypeComputeIamMember.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_iap\_web\_type\_compute\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_type\_compute\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebTypeComputeIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_type\_compute\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebTypeComputeIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -291,13 +514,9 @@ type WebTypeComputeIamMember struct { // Structure is documented below. Condition WebTypeComputeIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -307,6 +526,9 @@ type WebTypeComputeIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format @@ -354,13 +576,9 @@ type webTypeComputeIamMemberState struct { // Structure is documented below. Condition *WebTypeComputeIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -370,6 +588,9 @@ type webTypeComputeIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format @@ -382,13 +603,9 @@ type WebTypeComputeIamMemberState struct { // Structure is documented below. Condition WebTypeComputeIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -398,6 +615,9 @@ type WebTypeComputeIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format @@ -413,12 +633,8 @@ type webTypeComputeIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *WebTypeComputeIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -428,6 +644,9 @@ type webTypeComputeIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format @@ -440,12 +659,8 @@ type WebTypeComputeIamMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition WebTypeComputeIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -455,6 +670,9 @@ type WebTypeComputeIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format @@ -560,24 +778,23 @@ func (o WebTypeComputeIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *WebTypeComputeIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebTypeComputeIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *WebTypeComputeIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebTypeComputeIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebTypeComputeIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/iap/webTypeComputeIamPolicy.go b/sdk/go/gcp/iap/webTypeComputeIamPolicy.go index 53497be839..f8e0a913d2 100644 --- a/sdk/go/gcp/iap/webTypeComputeIamPolicy.go +++ b/sdk/go/gcp/iap/webTypeComputeIamPolicy.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_iap\_web\_type\_compute\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iap.httpsResourceAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = iap.NewWebTypeComputeIamPolicy(ctx, "policy", &iap.WebTypeComputeIamPolicyArgs{ +// Project: pulumi.Any(projectService.Project), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_type\_compute\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeComputeIamBinding(ctx, "binding", &iap.WebTypeComputeIamBindingArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &iap.WebTypeComputeIamBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_iap\_web\_type\_compute\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/iap" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := iap.NewWebTypeComputeIamMember(ctx, "member", &iap.WebTypeComputeIamMemberArgs{ +// Project: pulumi.Any(projectService.Project), +// Role: pulumi.String("roles/iap.httpsResourceAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &iap.WebTypeComputeIamMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -294,18 +517,6 @@ type WebTypeComputeIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -349,18 +560,6 @@ type webTypeComputeIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -372,18 +571,6 @@ type WebTypeComputeIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -397,18 +584,6 @@ type webTypeComputeIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -419,18 +594,6 @@ type WebTypeComputeIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -534,18 +697,6 @@ func (o WebTypeComputeIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WebTypeComputeIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WebTypeComputeIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/kms/cryptoKeyIAMBinding.go b/sdk/go/gcp/kms/cryptoKeyIAMBinding.go index 69c58ebbaa..7e1f31ebac 100644 --- a/sdk/go/gcp/kms/cryptoKeyIAMBinding.go +++ b/sdk/go/gcp/kms/cryptoKeyIAMBinding.go @@ -283,18 +283,17 @@ type CryptoKeyIAMBinding struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"` + // (Computed) The etag of the project's IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"` - // (Computed) The etag of the project's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -347,18 +346,17 @@ type cryptoKeyIAMBindingState struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + CryptoKeyId *string `pulumi:"cryptoKeyId"` + // (Computed) The etag of the project's IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - CryptoKeyId *string `pulumi:"cryptoKeyId"` - // (Computed) The etag of the project's IAM policy. - Etag *string `pulumi:"etag"` Members []string `pulumi:"members"` // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -373,18 +371,17 @@ type CryptoKeyIAMBindingState struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + CryptoKeyId pulumi.StringPtrInput + // (Computed) The etag of the project's IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - CryptoKeyId pulumi.StringPtrInput - // (Computed) The etag of the project's IAM policy. - Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -403,17 +400,16 @@ type cryptoKeyIAMBindingArgs struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + CryptoKeyId string `pulumi:"cryptoKeyId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - CryptoKeyId string `pulumi:"cryptoKeyId"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role string `pulumi:"role"` @@ -428,17 +424,16 @@ type CryptoKeyIAMBindingArgs struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + CryptoKeyId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - CryptoKeyId pulumi.StringInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput @@ -541,15 +536,6 @@ func (o CryptoKeyIAMBindingOutput) Condition() CryptoKeyIAMBindingConditionPtrOu // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o CryptoKeyIAMBindingOutput) CryptoKeyId() pulumi.StringOutput { return o.ApplyT(func(v *CryptoKeyIAMBinding) pulumi.StringOutput { return v.CryptoKeyId }).(pulumi.StringOutput) } @@ -559,6 +545,14 @@ func (o CryptoKeyIAMBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *CryptoKeyIAMBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o CryptoKeyIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *CryptoKeyIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/kms/cryptoKeyIAMMember.go b/sdk/go/gcp/kms/cryptoKeyIAMMember.go index 72ebaff78e..eb8ddc04de 100644 --- a/sdk/go/gcp/kms/cryptoKeyIAMMember.go +++ b/sdk/go/gcp/kms/cryptoKeyIAMMember.go @@ -283,18 +283,17 @@ type CryptoKeyIAMMember struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"` + // (Computed) The etag of the project's IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"` - // (Computed) The etag of the project's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -347,18 +346,17 @@ type cryptoKeyIAMMemberState struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + CryptoKeyId *string `pulumi:"cryptoKeyId"` + // (Computed) The etag of the project's IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - CryptoKeyId *string `pulumi:"cryptoKeyId"` - // (Computed) The etag of the project's IAM policy. - Etag *string `pulumi:"etag"` Member *string `pulumi:"member"` // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -373,18 +371,17 @@ type CryptoKeyIAMMemberState struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + CryptoKeyId pulumi.StringPtrInput + // (Computed) The etag of the project's IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - CryptoKeyId pulumi.StringPtrInput - // (Computed) The etag of the project's IAM policy. - Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -403,17 +400,16 @@ type cryptoKeyIAMMemberArgs struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + CryptoKeyId string `pulumi:"cryptoKeyId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - CryptoKeyId string `pulumi:"cryptoKeyId"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role string `pulumi:"role"` @@ -428,17 +424,16 @@ type CryptoKeyIAMMemberArgs struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + CryptoKeyId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - CryptoKeyId pulumi.StringInput - Member pulumi.StringInput + Member pulumi.StringInput // The role that should be applied. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput @@ -541,15 +536,6 @@ func (o CryptoKeyIAMMemberOutput) Condition() CryptoKeyIAMMemberConditionPtrOutp // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o CryptoKeyIAMMemberOutput) CryptoKeyId() pulumi.StringOutput { return o.ApplyT(func(v *CryptoKeyIAMMember) pulumi.StringOutput { return v.CryptoKeyId }).(pulumi.StringOutput) } @@ -559,6 +545,14 @@ func (o CryptoKeyIAMMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *CryptoKeyIAMMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o CryptoKeyIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *CryptoKeyIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/kms/cryptoKeyIAMPolicy.go b/sdk/go/gcp/kms/cryptoKeyIAMPolicy.go index 9f4b727cfd..e744016532 100644 --- a/sdk/go/gcp/kms/cryptoKeyIAMPolicy.go +++ b/sdk/go/gcp/kms/cryptoKeyIAMPolicy.go @@ -280,15 +280,6 @@ type CryptoKeyIAMPolicy struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. CryptoKeyId pulumi.StringOutput `pulumi:"cryptoKeyId"` // (Computed) The etag of the project's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` @@ -337,15 +328,6 @@ type cryptoKeyIAMPolicyState struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. CryptoKeyId *string `pulumi:"cryptoKeyId"` // (Computed) The etag of the project's IAM policy. Etag *string `pulumi:"etag"` @@ -359,15 +341,6 @@ type CryptoKeyIAMPolicyState struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. CryptoKeyId pulumi.StringPtrInput // (Computed) The etag of the project's IAM policy. Etag pulumi.StringPtrInput @@ -385,15 +358,6 @@ type cryptoKeyIAMPolicyArgs struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. CryptoKeyId string `pulumi:"cryptoKeyId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -406,15 +370,6 @@ type CryptoKeyIAMPolicyArgs struct { // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. CryptoKeyId pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -512,15 +467,6 @@ func (o CryptoKeyIAMPolicyOutput) ToCryptoKeyIAMPolicyOutputWithContext(ctx cont // `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or // `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, // the provider's project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o CryptoKeyIAMPolicyOutput) CryptoKeyId() pulumi.StringOutput { return o.ApplyT(func(v *CryptoKeyIAMPolicy) pulumi.StringOutput { return v.CryptoKeyId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/kms/keyRingIAMBinding.go b/sdk/go/gcp/kms/keyRingIAMBinding.go index e14f3dac40..99a11a444a 100644 --- a/sdk/go/gcp/kms/keyRingIAMBinding.go +++ b/sdk/go/gcp/kms/keyRingIAMBinding.go @@ -261,6 +261,245 @@ import ( // ``` // // +// ## google\_kms\_key\_ring\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ +// Name: pulumi.String("keyring-example"), +// Location: pulumi.String("global"), +// }) +// if err != nil { +// return err +// } +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{ +// KeyRingId: keyring.ID(), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ +// Name: pulumi.String("keyring-example"), +// Location: pulumi.String("global"), +// }) +// if err != nil { +// return err +// } +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{ +// KeyRingId: keyring.ID(), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_kms\_key\_ring\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ +// KeyRingId: pulumi.String("your-key-ring-id"), +// Role: pulumi.String("roles/cloudkms.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ +// KeyRingId: pulumi.String("your-key-ring-id"), +// Role: pulumi.String("roles/cloudkms.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &kms.KeyRingIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_kms\_key\_ring\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ +// KeyRingId: pulumi.String("your-key-ring-id"), +// Role: pulumi.String("roles/cloudkms.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ +// KeyRingId: pulumi.String("your-key-ring-id"), +// Role: pulumi.String("roles/cloudkms.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &kms.KeyRingIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -298,17 +537,16 @@ type KeyRingIAMBinding struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + KeyRingId pulumi.StringOutput `pulumi:"keyRingId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - KeyRingId pulumi.StringOutput `pulumi:"keyRingId"` - Members pulumi.StringArrayOutput `pulumi:"members"` + Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -363,17 +601,16 @@ type keyRingIAMBindingState struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + KeyRingId *string `pulumi:"keyRingId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - KeyRingId *string `pulumi:"keyRingId"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -390,17 +627,16 @@ type KeyRingIAMBindingState struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + KeyRingId pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - KeyRingId pulumi.StringPtrInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -419,17 +655,16 @@ type keyRingIAMBindingArgs struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + KeyRingId string `pulumi:"keyRingId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - KeyRingId string `pulumi:"keyRingId"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -445,17 +680,16 @@ type KeyRingIAMBindingArgs struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + KeyRingId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - KeyRingId pulumi.StringInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -564,19 +798,18 @@ func (o KeyRingIAMBindingOutput) Etag() pulumi.StringOutput { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o KeyRingIAMBindingOutput) KeyRingId() pulumi.StringOutput { return o.ApplyT(func(v *KeyRingIAMBinding) pulumi.StringOutput { return v.KeyRingId }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o KeyRingIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *KeyRingIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/kms/keyRingIAMMember.go b/sdk/go/gcp/kms/keyRingIAMMember.go index 31b06ec882..c28073838e 100644 --- a/sdk/go/gcp/kms/keyRingIAMMember.go +++ b/sdk/go/gcp/kms/keyRingIAMMember.go @@ -261,6 +261,245 @@ import ( // ``` // // +// ## google\_kms\_key\_ring\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ +// Name: pulumi.String("keyring-example"), +// Location: pulumi.String("global"), +// }) +// if err != nil { +// return err +// } +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{ +// KeyRingId: keyring.ID(), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ +// Name: pulumi.String("keyring-example"), +// Location: pulumi.String("global"), +// }) +// if err != nil { +// return err +// } +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{ +// KeyRingId: keyring.ID(), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_kms\_key\_ring\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ +// KeyRingId: pulumi.String("your-key-ring-id"), +// Role: pulumi.String("roles/cloudkms.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ +// KeyRingId: pulumi.String("your-key-ring-id"), +// Role: pulumi.String("roles/cloudkms.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &kms.KeyRingIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_kms\_key\_ring\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ +// KeyRingId: pulumi.String("your-key-ring-id"), +// Role: pulumi.String("roles/cloudkms.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ +// KeyRingId: pulumi.String("your-key-ring-id"), +// Role: pulumi.String("roles/cloudkms.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &kms.KeyRingIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -298,17 +537,16 @@ type KeyRingIAMMember struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + KeyRingId pulumi.StringOutput `pulumi:"keyRingId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - KeyRingId pulumi.StringOutput `pulumi:"keyRingId"` - Member pulumi.StringOutput `pulumi:"member"` + Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -363,17 +601,16 @@ type keyRingIAMMemberState struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + KeyRingId *string `pulumi:"keyRingId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - KeyRingId *string `pulumi:"keyRingId"` - Member *string `pulumi:"member"` + Member *string `pulumi:"member"` // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -390,17 +627,16 @@ type KeyRingIAMMemberState struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + KeyRingId pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - KeyRingId pulumi.StringPtrInput - Member pulumi.StringPtrInput + Member pulumi.StringPtrInput // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -419,17 +655,16 @@ type keyRingIAMMemberArgs struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + KeyRingId string `pulumi:"keyRingId"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - KeyRingId string `pulumi:"keyRingId"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -445,17 +680,16 @@ type KeyRingIAMMemberArgs struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + KeyRingId pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - KeyRingId pulumi.StringInput - Member pulumi.StringInput + Member pulumi.StringInput // The role that should be applied. Only one // `kms.KeyRingIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -564,19 +798,18 @@ func (o KeyRingIAMMemberOutput) Etag() pulumi.StringOutput { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o KeyRingIAMMemberOutput) KeyRingId() pulumi.StringOutput { return o.ApplyT(func(v *KeyRingIAMMember) pulumi.StringOutput { return v.KeyRingId }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o KeyRingIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *KeyRingIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/kms/keyRingIAMPolicy.go b/sdk/go/gcp/kms/keyRingIAMPolicy.go index 4ab4613ebe..9e3d912c82 100644 --- a/sdk/go/gcp/kms/keyRingIAMPolicy.go +++ b/sdk/go/gcp/kms/keyRingIAMPolicy.go @@ -261,6 +261,245 @@ import ( // ``` // // +// ## google\_kms\_key\_ring\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ +// Name: pulumi.String("keyring-example"), +// Location: pulumi.String("global"), +// }) +// if err != nil { +// return err +// } +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{ +// KeyRingId: keyring.ID(), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{ +// Name: pulumi.String("keyring-example"), +// Location: pulumi.String("global"), +// }) +// if err != nil { +// return err +// } +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = kms.NewKeyRingIAMPolicy(ctx, "key_ring", &kms.KeyRingIAMPolicyArgs{ +// KeyRingId: keyring.ID(), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_kms\_key\_ring\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ +// KeyRingId: pulumi.String("your-key-ring-id"), +// Role: pulumi.String("roles/cloudkms.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := kms.NewKeyRingIAMBinding(ctx, "key_ring", &kms.KeyRingIAMBindingArgs{ +// KeyRingId: pulumi.String("your-key-ring-id"), +// Role: pulumi.String("roles/cloudkms.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &kms.KeyRingIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_kms\_key\_ring\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ +// KeyRingId: pulumi.String("your-key-ring-id"), +// Role: pulumi.String("roles/cloudkms.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := kms.NewKeyRingIAMMember(ctx, "key_ring", &kms.KeyRingIAMMemberArgs{ +// KeyRingId: pulumi.String("your-key-ring-id"), +// Role: pulumi.String("roles/cloudkms.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &kms.KeyRingIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -295,15 +534,6 @@ type KeyRingIAMPolicy struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. KeyRingId pulumi.StringOutput `pulumi:"keyRingId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -352,15 +582,6 @@ type keyRingIAMPolicyState struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. KeyRingId *string `pulumi:"keyRingId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -374,15 +595,6 @@ type KeyRingIAMPolicyState struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. KeyRingId pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -398,15 +610,6 @@ type keyRingIAMPolicyArgs struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. KeyRingId string `pulumi:"keyRingId"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -419,15 +622,6 @@ type KeyRingIAMPolicyArgs struct { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. KeyRingId pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -530,15 +724,6 @@ func (o KeyRingIAMPolicyOutput) Etag() pulumi.StringOutput { // `{project_id}/{location_name}/{key_ring_name}` or // `{location_name}/{key_ring_name}`. In the second form, the provider's // project setting will be used as a fallback. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o KeyRingIAMPolicyOutput) KeyRingId() pulumi.StringOutput { return o.ApplyT(func(v *KeyRingIAMPolicy) pulumi.StringOutput { return v.KeyRingId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/networksecurity/addressGroupIamPolicy.go b/sdk/go/gcp/networksecurity/addressGroupIamPolicy.go index 34ca9063e1..885b5e6941 100644 --- a/sdk/go/gcp/networksecurity/addressGroupIamPolicy.go +++ b/sdk/go/gcp/networksecurity/addressGroupIamPolicy.go @@ -78,18 +78,6 @@ type AddressGroupIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -138,18 +126,6 @@ type addressGroupIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -166,18 +142,6 @@ type AddressGroupIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -196,18 +160,6 @@ type addressGroupIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -223,18 +175,6 @@ type AddressGroupIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -349,18 +289,6 @@ func (o AddressGroupIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AddressGroupIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AddressGroupIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/notebooks/instanceIamBinding.go b/sdk/go/gcp/notebooks/instanceIamBinding.go index d7245e2d60..58ac62dc31 100644 --- a/sdk/go/gcp/notebooks/instanceIamBinding.go +++ b/sdk/go/gcp/notebooks/instanceIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_notebooks\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = notebooks.NewInstanceIamPolicy(ctx, "policy", ¬ebooks.InstanceIamPolicyArgs{ +// Project: pulumi.Any(instance.Project), +// Location: pulumi.Any(instance.Location), +// InstanceName: pulumi.Any(instance.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_notebooks\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := notebooks.NewInstanceIamBinding(ctx, "binding", ¬ebooks.InstanceIamBindingArgs{ +// Project: pulumi.Any(instance.Project), +// Location: pulumi.Any(instance.Location), +// InstanceName: pulumi.Any(instance.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_notebooks\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := notebooks.NewInstanceIamMember(ctx, "member", ¬ebooks.InstanceIamMemberArgs{ +// Project: pulumi.Any(instance.Project), +// Location: pulumi.Any(instance.Location), +// InstanceName: pulumi.Any(instance.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -183,13 +294,9 @@ type InstanceIamBinding struct { // Used to find the parent resource to bind the IAM policy to InstanceName pulumi.StringOutput `pulumi:"instanceName"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +306,9 @@ type InstanceIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format @@ -251,13 +361,9 @@ type instanceIamBindingState struct { // Used to find the parent resource to bind the IAM policy to InstanceName *string `pulumi:"instanceName"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +373,9 @@ type instanceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format @@ -282,12 +391,8 @@ type InstanceIamBindingState struct { InstanceName pulumi.StringPtrInput // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +402,9 @@ type InstanceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format @@ -313,13 +421,9 @@ type instanceIamBindingArgs struct { // Used to find the parent resource to bind the IAM policy to InstanceName string `pulumi:"instanceName"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -329,6 +433,9 @@ type instanceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format @@ -343,12 +450,8 @@ type InstanceIamBindingArgs struct { InstanceName pulumi.StringInput // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -358,6 +461,9 @@ type InstanceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format @@ -471,24 +577,23 @@ func (o InstanceIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o InstanceIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *InstanceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o InstanceIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/notebooks/instanceIamMember.go b/sdk/go/gcp/notebooks/instanceIamMember.go index f9c5c2724d..6a7bb7d0d4 100644 --- a/sdk/go/gcp/notebooks/instanceIamMember.go +++ b/sdk/go/gcp/notebooks/instanceIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_notebooks\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = notebooks.NewInstanceIamPolicy(ctx, "policy", ¬ebooks.InstanceIamPolicyArgs{ +// Project: pulumi.Any(instance.Project), +// Location: pulumi.Any(instance.Location), +// InstanceName: pulumi.Any(instance.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_notebooks\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := notebooks.NewInstanceIamBinding(ctx, "binding", ¬ebooks.InstanceIamBindingArgs{ +// Project: pulumi.Any(instance.Project), +// Location: pulumi.Any(instance.Location), +// InstanceName: pulumi.Any(instance.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_notebooks\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := notebooks.NewInstanceIamMember(ctx, "member", ¬ebooks.InstanceIamMemberArgs{ +// Project: pulumi.Any(instance.Project), +// Location: pulumi.Any(instance.Location), +// InstanceName: pulumi.Any(instance.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -184,12 +295,8 @@ type InstanceIamMember struct { InstanceName pulumi.StringOutput `pulumi:"instanceName"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,6 +306,9 @@ type InstanceIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format @@ -252,12 +362,8 @@ type instanceIamMemberState struct { InstanceName *string `pulumi:"instanceName"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +373,9 @@ type instanceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format @@ -282,12 +391,8 @@ type InstanceIamMemberState struct { InstanceName pulumi.StringPtrInput // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +402,9 @@ type InstanceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format @@ -314,12 +422,8 @@ type instanceIamMemberArgs struct { InstanceName string `pulumi:"instanceName"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -329,6 +433,9 @@ type instanceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format @@ -343,12 +450,8 @@ type InstanceIamMemberArgs struct { InstanceName pulumi.StringInput // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -358,6 +461,9 @@ type InstanceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format @@ -471,24 +577,23 @@ func (o InstanceIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o InstanceIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o InstanceIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/notebooks/instanceIamPolicy.go b/sdk/go/gcp/notebooks/instanceIamPolicy.go index be155781c4..fe6ab95d5d 100644 --- a/sdk/go/gcp/notebooks/instanceIamPolicy.go +++ b/sdk/go/gcp/notebooks/instanceIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_notebooks\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = notebooks.NewInstanceIamPolicy(ctx, "policy", ¬ebooks.InstanceIamPolicyArgs{ +// Project: pulumi.Any(instance.Project), +// Location: pulumi.Any(instance.Location), +// InstanceName: pulumi.Any(instance.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_notebooks\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := notebooks.NewInstanceIamBinding(ctx, "binding", ¬ebooks.InstanceIamBindingArgs{ +// Project: pulumi.Any(instance.Project), +// Location: pulumi.Any(instance.Location), +// InstanceName: pulumi.Any(instance.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_notebooks\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := notebooks.NewInstanceIamMember(ctx, "member", ¬ebooks.InstanceIamMemberArgs{ +// Project: pulumi.Any(instance.Project), +// Location: pulumi.Any(instance.Location), +// InstanceName: pulumi.Any(instance.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -188,18 +299,6 @@ type InstanceIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -250,18 +349,6 @@ type instanceIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -277,18 +364,6 @@ type InstanceIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -306,18 +381,6 @@ type instanceIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -332,18 +395,6 @@ type InstanceIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -457,18 +508,6 @@ func (o InstanceIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o InstanceIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/notebooks/runtimeIamBinding.go b/sdk/go/gcp/notebooks/runtimeIamBinding.go index bad6fa581c..626d865df2 100644 --- a/sdk/go/gcp/notebooks/runtimeIamBinding.go +++ b/sdk/go/gcp/notebooks/runtimeIamBinding.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_notebooks\_runtime\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = notebooks.NewRuntimeIamPolicy(ctx, "policy", ¬ebooks.RuntimeIamPolicyArgs{ +// Project: pulumi.Any(runtime.Project), +// Location: pulumi.Any(runtime.Location), +// RuntimeName: pulumi.Any(runtime.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_notebooks\_runtime\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := notebooks.NewRuntimeIamBinding(ctx, "binding", ¬ebooks.RuntimeIamBindingArgs{ +// Project: pulumi.Any(runtime.Project), +// Location: pulumi.Any(runtime.Location), +// RuntimeName: pulumi.Any(runtime.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_notebooks\_runtime\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := notebooks.NewRuntimeIamMember(ctx, "member", ¬ebooks.RuntimeIamMemberArgs{ +// Project: pulumi.Any(runtime.Project), +// Location: pulumi.Any(runtime.Location), +// RuntimeName: pulumi.Any(runtime.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -181,13 +292,9 @@ type RuntimeIamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,6 +304,9 @@ type RuntimeIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format @@ -249,13 +359,9 @@ type runtimeIamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -265,6 +371,9 @@ type runtimeIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format @@ -280,12 +389,8 @@ type RuntimeIamBindingState struct { Etag pulumi.StringPtrInput // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -295,6 +400,9 @@ type RuntimeIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format @@ -311,13 +419,9 @@ func (RuntimeIamBindingState) ElementType() reflect.Type { type runtimeIamBindingArgs struct { Condition *RuntimeIamBindingCondition `pulumi:"condition"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -327,6 +431,9 @@ type runtimeIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format @@ -341,12 +448,8 @@ type RuntimeIamBindingArgs struct { Condition RuntimeIamBindingConditionPtrInput // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -356,6 +459,9 @@ type RuntimeIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format @@ -466,24 +572,23 @@ func (o RuntimeIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *RuntimeIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RuntimeIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *RuntimeIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RuntimeIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RuntimeIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/notebooks/runtimeIamMember.go b/sdk/go/gcp/notebooks/runtimeIamMember.go index e0a114ad91..c30279716a 100644 --- a/sdk/go/gcp/notebooks/runtimeIamMember.go +++ b/sdk/go/gcp/notebooks/runtimeIamMember.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_notebooks\_runtime\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = notebooks.NewRuntimeIamPolicy(ctx, "policy", ¬ebooks.RuntimeIamPolicyArgs{ +// Project: pulumi.Any(runtime.Project), +// Location: pulumi.Any(runtime.Location), +// RuntimeName: pulumi.Any(runtime.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_notebooks\_runtime\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := notebooks.NewRuntimeIamBinding(ctx, "binding", ¬ebooks.RuntimeIamBindingArgs{ +// Project: pulumi.Any(runtime.Project), +// Location: pulumi.Any(runtime.Location), +// RuntimeName: pulumi.Any(runtime.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_notebooks\_runtime\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := notebooks.NewRuntimeIamMember(ctx, "member", ¬ebooks.RuntimeIamMemberArgs{ +// Project: pulumi.Any(runtime.Project), +// Location: pulumi.Any(runtime.Location), +// RuntimeName: pulumi.Any(runtime.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -182,12 +293,8 @@ type RuntimeIamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,6 +304,9 @@ type RuntimeIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format @@ -250,12 +360,8 @@ type runtimeIamMemberState struct { Etag *string `pulumi:"etag"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -265,6 +371,9 @@ type runtimeIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format @@ -280,12 +389,8 @@ type RuntimeIamMemberState struct { Etag pulumi.StringPtrInput // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -295,6 +400,9 @@ type RuntimeIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format @@ -312,12 +420,8 @@ type runtimeIamMemberArgs struct { Condition *RuntimeIamMemberCondition `pulumi:"condition"` // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -327,6 +431,9 @@ type runtimeIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format @@ -341,12 +448,8 @@ type RuntimeIamMemberArgs struct { Condition RuntimeIamMemberConditionPtrInput // A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -356,6 +459,9 @@ type RuntimeIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format @@ -466,24 +572,23 @@ func (o RuntimeIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *RuntimeIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RuntimeIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *RuntimeIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RuntimeIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RuntimeIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/notebooks/runtimeIamPolicy.go b/sdk/go/gcp/notebooks/runtimeIamPolicy.go index a6415c1c3b..cd84674957 100644 --- a/sdk/go/gcp/notebooks/runtimeIamPolicy.go +++ b/sdk/go/gcp/notebooks/runtimeIamPolicy.go @@ -137,6 +137,117 @@ import ( // ``` // // +// ## google\_notebooks\_runtime\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = notebooks.NewRuntimeIamPolicy(ctx, "policy", ¬ebooks.RuntimeIamPolicyArgs{ +// Project: pulumi.Any(runtime.Project), +// Location: pulumi.Any(runtime.Location), +// RuntimeName: pulumi.Any(runtime.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_notebooks\_runtime\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := notebooks.NewRuntimeIamBinding(ctx, "binding", ¬ebooks.RuntimeIamBindingArgs{ +// Project: pulumi.Any(runtime.Project), +// Location: pulumi.Any(runtime.Location), +// RuntimeName: pulumi.Any(runtime.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_notebooks\_runtime\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/notebooks" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := notebooks.NewRuntimeIamMember(ctx, "member", ¬ebooks.RuntimeIamMemberArgs{ +// Project: pulumi.Any(runtime.Project), +// Location: pulumi.Any(runtime.Location), +// RuntimeName: pulumi.Any(runtime.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -186,18 +297,6 @@ type RuntimeIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to RuntimeName pulumi.StringOutput `pulumi:"runtimeName"` @@ -248,18 +347,6 @@ type runtimeIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to RuntimeName *string `pulumi:"runtimeName"` @@ -275,18 +362,6 @@ type RuntimeIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to RuntimeName pulumi.StringPtrInput @@ -304,18 +379,6 @@ type runtimeIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to RuntimeName string `pulumi:"runtimeName"` @@ -330,18 +393,6 @@ type RuntimeIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to RuntimeName pulumi.StringInput @@ -452,18 +503,6 @@ func (o RuntimeIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RuntimeIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RuntimeIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/organizations/iammember.go b/sdk/go/gcp/organizations/iammember.go index 6a30966d2d..8d7c9e616d 100644 --- a/sdk/go/gcp/organizations/iammember.go +++ b/sdk/go/gcp/organizations/iammember.go @@ -301,6 +301,284 @@ import ( // ``` // // +// ## google\_organization\_iam\_policy +// +// !> **Warning:** New organizations have several default policies which will, +// +// without extreme caution, be **overwritten** by use of this resource. +// The safest alternative is to use multiple `organizations.IAMBinding` +// resources. This resource makes it easy to remove your own access to +// an organization, which will require a call to Google Support to have +// fixed, and can take multiple days to resolve. +// +// In general, this resource should only be used with organizations +// fully managed by this provider.I f you do use this resource, +// the best way to be sure that you are not making dangerous changes is to start +// by **importing** your existing policy, and examining the diff very closely. +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = organizations.NewIAMPolicy(ctx, "organization", &organizations.IAMPolicyArgs{ +// OrgId: pulumi.String("1234567890"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = organizations.NewIAMPolicy(ctx, "organization", &organizations.IAMPolicyArgs{ +// OrgId: pulumi.String("1234567890"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_organization\_iam\_binding +// +// > **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization. +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := organizations.NewIAMBinding(ctx, "organization", &organizations.IAMBindingArgs{ +// OrgId: pulumi.String("1234567890"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := organizations.NewIAMBinding(ctx, "organization", &organizations.IAMBindingArgs{ +// OrgId: pulumi.String("1234567890"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &organizations.IAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_organization\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := organizations.NewIAMMember(ctx, "organization", &organizations.IAMMemberArgs{ +// OrgId: pulumi.String("1234567890"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := organizations.NewIAMMember(ctx, "organization", &organizations.IAMMemberArgs{ +// OrgId: pulumi.String("1234567890"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &organizations.IAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_organization\_iam\_audit\_config +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := organizations.NewIamAuditConfig(ctx, "organization", &organizations.IamAuditConfigArgs{ +// OrgId: pulumi.String("1234567890"), +// Service: pulumi.String("allServices"), +// AuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{ +// &organizations.IamAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("ADMIN_READ"), +// }, +// &organizations.IamAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("DATA_READ"), +// ExemptedMembers: pulumi.StringArray{ +// pulumi.String("user:joebloggs@example.com"), +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing Audit Configs @@ -333,7 +611,13 @@ type IAMMember struct { // Structure is documented below. Condition IAMMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the organization's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringOutput `pulumi:"member"` // The organization id of the target organization. OrgId pulumi.StringOutput `pulumi:"orgId"` @@ -386,7 +670,13 @@ type iammemberState struct { // Structure is documented below. Condition *IAMMemberCondition `pulumi:"condition"` // (Computed) The etag of the organization's IAM policy. - Etag *string `pulumi:"etag"` + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member *string `pulumi:"member"` // The organization id of the target organization. OrgId *string `pulumi:"orgId"` @@ -401,7 +691,13 @@ type IAMMemberState struct { // Structure is documented below. Condition IAMMemberConditionPtrInput // (Computed) The etag of the organization's IAM policy. - Etag pulumi.StringPtrInput + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringPtrInput // The organization id of the target organization. OrgId pulumi.StringPtrInput @@ -419,7 +715,13 @@ type iammemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *IAMMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member string `pulumi:"member"` // The organization id of the target organization. OrgId string `pulumi:"orgId"` // The role that should be applied. Only one @@ -433,7 +735,13 @@ type IAMMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition IAMMemberConditionPtrInput - Member pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member pulumi.StringInput // The organization id of the target organization. OrgId pulumi.StringInput // The role that should be applied. Only one @@ -540,6 +848,12 @@ func (o IAMMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *IAMMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o IAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *IAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/organizations/iampolicy.go b/sdk/go/gcp/organizations/iampolicy.go index 83d475b6f4..d2c9641dc7 100644 --- a/sdk/go/gcp/organizations/iampolicy.go +++ b/sdk/go/gcp/organizations/iampolicy.go @@ -301,6 +301,284 @@ import ( // ``` // // +// ## google\_organization\_iam\_policy +// +// !> **Warning:** New organizations have several default policies which will, +// +// without extreme caution, be **overwritten** by use of this resource. +// The safest alternative is to use multiple `organizations.IAMBinding` +// resources. This resource makes it easy to remove your own access to +// an organization, which will require a call to Google Support to have +// fixed, and can take multiple days to resolve. +// +// In general, this resource should only be used with organizations +// fully managed by this provider.I f you do use this resource, +// the best way to be sure that you are not making dangerous changes is to start +// by **importing** your existing policy, and examining the diff very closely. +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = organizations.NewIAMPolicy(ctx, "organization", &organizations.IAMPolicyArgs{ +// OrgId: pulumi.String("1234567890"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = organizations.NewIAMPolicy(ctx, "organization", &organizations.IAMPolicyArgs{ +// OrgId: pulumi.String("1234567890"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_organization\_iam\_binding +// +// > **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization. +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := organizations.NewIAMBinding(ctx, "organization", &organizations.IAMBindingArgs{ +// OrgId: pulumi.String("1234567890"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := organizations.NewIAMBinding(ctx, "organization", &organizations.IAMBindingArgs{ +// OrgId: pulumi.String("1234567890"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &organizations.IAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_organization\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := organizations.NewIAMMember(ctx, "organization", &organizations.IAMMemberArgs{ +// OrgId: pulumi.String("1234567890"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := organizations.NewIAMMember(ctx, "organization", &organizations.IAMMemberArgs{ +// OrgId: pulumi.String("1234567890"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &organizations.IAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_organization\_iam\_audit\_config +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := organizations.NewIamAuditConfig(ctx, "organization", &organizations.IamAuditConfigArgs{ +// OrgId: pulumi.String("1234567890"), +// Service: pulumi.String("allServices"), +// AuditLogConfigs: organizations.IamAuditConfigAuditLogConfigArray{ +// &organizations.IamAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("ADMIN_READ"), +// }, +// &organizations.IamAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("DATA_READ"), +// ExemptedMembers: pulumi.StringArray{ +// pulumi.String("user:joebloggs@example.com"), +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing Audit Configs diff --git a/sdk/go/gcp/projects/iamauditConfig.go b/sdk/go/gcp/projects/iamauditConfig.go index 155bc7900c..c8b2ef5b4a 100644 --- a/sdk/go/gcp/projects/iamauditConfig.go +++ b/sdk/go/gcp/projects/iamauditConfig.go @@ -301,6 +301,280 @@ import ( // ``` // // +// ## google\_project\_iam\_policy +// +// !> **Be careful!** You can accidentally lock yourself out of your project +// +// using this resource. Deleting a `projects.IAMPolicy` removes access +// from anyone without organization-level access to the project. Proceed with caution. +// It's not recommended to use `projects.IAMPolicy` with your provider project +// to avoid locking yourself out, and it should generally only be used with projects +// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before +// applying the change. +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{ +// Project: pulumi.String("your-project-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{ +// Project: pulumi.String("your-project-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_project\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/container.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &projects.IAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_project\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/firebase.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &projects.IAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_project\_iam\_audit\_config +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMAuditConfig(ctx, "project", &projects.IAMAuditConfigArgs{ +// Project: pulumi.String("your-project-id"), +// Service: pulumi.String("allServices"), +// AuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{ +// &projects.IAMAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("ADMIN_READ"), +// }, +// &projects.IAMAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("DATA_READ"), +// ExemptedMembers: pulumi.StringArray{ +// pulumi.String("user:joebloggs@example.com"), +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing Audit Configs diff --git a/sdk/go/gcp/projects/iambinding.go b/sdk/go/gcp/projects/iambinding.go index c35c1688ed..07d3d63988 100644 --- a/sdk/go/gcp/projects/iambinding.go +++ b/sdk/go/gcp/projects/iambinding.go @@ -301,6 +301,280 @@ import ( // ``` // // +// ## google\_project\_iam\_policy +// +// !> **Be careful!** You can accidentally lock yourself out of your project +// +// using this resource. Deleting a `projects.IAMPolicy` removes access +// from anyone without organization-level access to the project. Proceed with caution. +// It's not recommended to use `projects.IAMPolicy` with your provider project +// to avoid locking yourself out, and it should generally only be used with projects +// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before +// applying the change. +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{ +// Project: pulumi.String("your-project-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{ +// Project: pulumi.String("your-project-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_project\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/container.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &projects.IAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_project\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/firebase.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &projects.IAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_project\_iam\_audit\_config +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMAuditConfig(ctx, "project", &projects.IAMAuditConfigArgs{ +// Project: pulumi.String("your-project-id"), +// Service: pulumi.String("allServices"), +// AuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{ +// &projects.IAMAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("ADMIN_READ"), +// }, +// &projects.IAMAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("DATA_READ"), +// ExemptedMembers: pulumi.StringArray{ +// pulumi.String("user:joebloggs@example.com"), +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing Audit Configs @@ -333,7 +607,13 @@ type IAMBinding struct { // Structure is documented below. Condition IAMBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the project's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayOutput `pulumi:"members"` // The project id of the target project. This is not // inferred from the provider. @@ -387,7 +667,13 @@ type iambindingState struct { // Structure is documented below. Condition *IAMBindingCondition `pulumi:"condition"` // (Computed) The etag of the project's IAM policy. - Etag *string `pulumi:"etag"` + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members []string `pulumi:"members"` // The project id of the target project. This is not // inferred from the provider. @@ -403,7 +689,13 @@ type IAMBindingState struct { // Structure is documented below. Condition IAMBindingConditionPtrInput // (Computed) The etag of the project's IAM policy. - Etag pulumi.StringPtrInput + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayInput // The project id of the target project. This is not // inferred from the provider. @@ -422,7 +714,13 @@ type iambindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *IAMBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` + // Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members []string `pulumi:"members"` // The project id of the target project. This is not // inferred from the provider. Project string `pulumi:"project"` @@ -437,7 +735,13 @@ type IAMBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition IAMBindingConditionPtrInput - Members pulumi.StringArrayInput + // Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members pulumi.StringArrayInput // The project id of the target project. This is not // inferred from the provider. Project pulumi.StringInput @@ -545,6 +849,12 @@ func (o IAMBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *IAMBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. +// Each entry can have one of the following values: +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o IAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *IAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/projects/iammember.go b/sdk/go/gcp/projects/iammember.go index 8bb7ad05c4..5800bfe145 100644 --- a/sdk/go/gcp/projects/iammember.go +++ b/sdk/go/gcp/projects/iammember.go @@ -301,6 +301,280 @@ import ( // ``` // // +// ## google\_project\_iam\_policy +// +// !> **Be careful!** You can accidentally lock yourself out of your project +// +// using this resource. Deleting a `projects.IAMPolicy` removes access +// from anyone without organization-level access to the project. Proceed with caution. +// It's not recommended to use `projects.IAMPolicy` with your provider project +// to avoid locking yourself out, and it should generally only be used with projects +// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before +// applying the change. +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{ +// Project: pulumi.String("your-project-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{ +// Project: pulumi.String("your-project-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_project\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/container.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &projects.IAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_project\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/firebase.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &projects.IAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_project\_iam\_audit\_config +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMAuditConfig(ctx, "project", &projects.IAMAuditConfigArgs{ +// Project: pulumi.String("your-project-id"), +// Service: pulumi.String("allServices"), +// AuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{ +// &projects.IAMAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("ADMIN_READ"), +// }, +// &projects.IAMAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("DATA_READ"), +// ExemptedMembers: pulumi.StringArray{ +// pulumi.String("user:joebloggs@example.com"), +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing Audit Configs @@ -333,7 +607,13 @@ type IAMMember struct { // Structure is documented below. Condition IAMMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the project's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringOutput `pulumi:"member"` // The project id of the target project. This is not // inferred from the provider. @@ -387,7 +667,13 @@ type iammemberState struct { // Structure is documented below. Condition *IAMMemberCondition `pulumi:"condition"` // (Computed) The etag of the project's IAM policy. - Etag *string `pulumi:"etag"` + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member *string `pulumi:"member"` // The project id of the target project. This is not // inferred from the provider. @@ -403,7 +689,13 @@ type IAMMemberState struct { // Structure is documented below. Condition IAMMemberConditionPtrInput // (Computed) The etag of the project's IAM policy. - Etag pulumi.StringPtrInput + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringPtrInput // The project id of the target project. This is not // inferred from the provider. @@ -422,7 +714,13 @@ type iammemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *IAMMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` + // Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member string `pulumi:"member"` // The project id of the target project. This is not // inferred from the provider. Project string `pulumi:"project"` @@ -437,7 +735,13 @@ type IAMMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition IAMMemberConditionPtrInput - Member pulumi.StringInput + // Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + // Each entry can have one of the following values: + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member pulumi.StringInput // The project id of the target project. This is not // inferred from the provider. Project pulumi.StringInput @@ -545,6 +849,12 @@ func (o IAMMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *IAMMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. +// Each entry can have one of the following values: +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o IAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *IAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/projects/iampolicy.go b/sdk/go/gcp/projects/iampolicy.go index 92d2a55fc1..401d310a55 100644 --- a/sdk/go/gcp/projects/iampolicy.go +++ b/sdk/go/gcp/projects/iampolicy.go @@ -301,6 +301,280 @@ import ( // ``` // // +// ## google\_project\_iam\_policy +// +// !> **Be careful!** You can accidentally lock yourself out of your project +// +// using this resource. Deleting a `projects.IAMPolicy` removes access +// from anyone without organization-level access to the project. Proceed with caution. +// It's not recommended to use `projects.IAMPolicy` with your provider project +// to avoid locking yourself out, and it should generally only be used with projects +// fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before +// applying the change. +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{ +// Project: pulumi.String("your-project-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/compute.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = projects.NewIAMPolicy(ctx, "project", &projects.IAMPolicyArgs{ +// Project: pulumi.String("your-project-id"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_project\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMBinding(ctx, "project", &projects.IAMBindingArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/container.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &projects.IAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_project\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMMember(ctx, "project", &projects.IAMMemberArgs{ +// Project: pulumi.String("your-project-id"), +// Role: pulumi.String("roles/firebase.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &projects.IAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_project\_iam\_audit\_config +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/projects" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := projects.NewIAMAuditConfig(ctx, "project", &projects.IAMAuditConfigArgs{ +// Project: pulumi.String("your-project-id"), +// Service: pulumi.String("allServices"), +// AuditLogConfigs: projects.IAMAuditConfigAuditLogConfigArray{ +// &projects.IAMAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("ADMIN_READ"), +// }, +// &projects.IAMAuditConfigAuditLogConfigArgs{ +// LogType: pulumi.String("DATA_READ"), +// ExemptedMembers: pulumi.StringArray{ +// pulumi.String("user:joebloggs@example.com"), +// }, +// }, +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing Audit Configs diff --git a/sdk/go/gcp/pubsub/schemaIamBinding.go b/sdk/go/gcp/pubsub/schemaIamBinding.go index 4c67e69c6f..6f0ad6b1ac 100644 --- a/sdk/go/gcp/pubsub/schemaIamBinding.go +++ b/sdk/go/gcp/pubsub/schemaIamBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_pubsub\_schema\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = pubsub.NewSchemaIamPolicy(ctx, "policy", &pubsub.SchemaIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Schema: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_schema\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewSchemaIamBinding(ctx, "binding", &pubsub.SchemaIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Schema: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_schema\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewSchemaIamMember(ctx, "member", &pubsub.SchemaIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Schema: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,13 +282,9 @@ type SchemaIamBinding struct { Condition SchemaIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,6 +294,9 @@ type SchemaIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format @@ -240,13 +347,9 @@ func GetSchemaIamBinding(ctx *pulumi.Context, type schemaIamBindingState struct { Condition *SchemaIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,6 +359,9 @@ type schemaIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format @@ -268,13 +374,9 @@ type schemaIamBindingState struct { type SchemaIamBindingState struct { Condition SchemaIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -284,6 +386,9 @@ type SchemaIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format @@ -299,12 +404,8 @@ func (SchemaIamBindingState) ElementType() reflect.Type { type schemaIamBindingArgs struct { Condition *SchemaIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -314,6 +415,9 @@ type schemaIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format @@ -326,12 +430,8 @@ type schemaIamBindingArgs struct { // The set of arguments for constructing a SchemaIamBinding resource. type SchemaIamBindingArgs struct { Condition SchemaIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -341,6 +441,9 @@ type SchemaIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format @@ -446,24 +549,23 @@ func (o SchemaIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *SchemaIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SchemaIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *SchemaIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SchemaIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *SchemaIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/pubsub/schemaIamMember.go b/sdk/go/gcp/pubsub/schemaIamMember.go index c7100b7c16..271c8118f8 100644 --- a/sdk/go/gcp/pubsub/schemaIamMember.go +++ b/sdk/go/gcp/pubsub/schemaIamMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_pubsub\_schema\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = pubsub.NewSchemaIamPolicy(ctx, "policy", &pubsub.SchemaIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Schema: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_schema\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewSchemaIamBinding(ctx, "binding", &pubsub.SchemaIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Schema: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_schema\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewSchemaIamMember(ctx, "member", &pubsub.SchemaIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Schema: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,13 +282,9 @@ type SchemaIamMember struct { Condition SchemaIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,6 +294,9 @@ type SchemaIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format @@ -240,13 +347,9 @@ func GetSchemaIamMember(ctx *pulumi.Context, type schemaIamMemberState struct { Condition *SchemaIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,6 +359,9 @@ type schemaIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format @@ -268,13 +374,9 @@ type schemaIamMemberState struct { type SchemaIamMemberState struct { Condition SchemaIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -284,6 +386,9 @@ type SchemaIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format @@ -299,12 +404,8 @@ func (SchemaIamMemberState) ElementType() reflect.Type { type schemaIamMemberArgs struct { Condition *SchemaIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -314,6 +415,9 @@ type schemaIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format @@ -326,12 +430,8 @@ type schemaIamMemberArgs struct { // The set of arguments for constructing a SchemaIamMember resource. type SchemaIamMemberArgs struct { Condition SchemaIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -341,6 +441,9 @@ type SchemaIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format @@ -446,24 +549,23 @@ func (o SchemaIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *SchemaIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SchemaIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *SchemaIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SchemaIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *SchemaIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/pubsub/schemaIamPolicy.go b/sdk/go/gcp/pubsub/schemaIamPolicy.go index e75ad94298..bd11ae788b 100644 --- a/sdk/go/gcp/pubsub/schemaIamPolicy.go +++ b/sdk/go/gcp/pubsub/schemaIamPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_pubsub\_schema\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = pubsub.NewSchemaIamPolicy(ctx, "policy", &pubsub.SchemaIamPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Schema: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_schema\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewSchemaIamBinding(ctx, "binding", &pubsub.SchemaIamBindingArgs{ +// Project: pulumi.Any(example.Project), +// Schema: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_schema\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewSchemaIamMember(ctx, "member", &pubsub.SchemaIamMemberArgs{ +// Project: pulumi.Any(example.Project), +// Schema: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -179,18 +287,6 @@ type SchemaIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Schema pulumi.StringOutput `pulumi:"schema"` @@ -239,18 +335,6 @@ type schemaIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Schema *string `pulumi:"schema"` @@ -264,18 +348,6 @@ type SchemaIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Schema pulumi.StringPtrInput @@ -291,18 +363,6 @@ type schemaIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Schema string `pulumi:"schema"` @@ -315,18 +375,6 @@ type SchemaIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Schema pulumi.StringInput @@ -432,18 +480,6 @@ func (o SchemaIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SchemaIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *SchemaIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/pubsub/subscriptionIAMBinding.go b/sdk/go/gcp/pubsub/subscriptionIAMBinding.go index 6dadc2a4fa..e9f2b5a23b 100644 --- a/sdk/go/gcp/pubsub/subscriptionIAMBinding.go +++ b/sdk/go/gcp/pubsub/subscriptionIAMBinding.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_pubsub\_subscription\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = pubsub.NewSubscriptionIAMPolicy(ctx, "editor", &pubsub.SubscriptionIAMPolicyArgs{ +// Subscription: pulumi.String("your-subscription-name"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_subscription\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewSubscriptionIAMBinding(ctx, "editor", &pubsub.SubscriptionIAMBindingArgs{ +// Subscription: pulumi.String("your-subscription-name"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_subscription\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewSubscriptionIAMMember(ctx, "editor", &pubsub.SubscriptionIAMMemberArgs{ +// Subscription: pulumi.String("your-subscription-name"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -157,7 +262,15 @@ type SubscriptionIAMBinding struct { Condition SubscriptionIAMBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the subscription's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayOutput `pulumi:"members"` // The project in which the resource belongs. If it // is not provided, the provider project is used. @@ -167,15 +280,6 @@ type SubscriptionIAMBinding struct { // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription pulumi.StringOutput `pulumi:"subscription"` } @@ -220,7 +324,15 @@ func GetSubscriptionIAMBinding(ctx *pulumi.Context, type subscriptionIAMBindingState struct { Condition *SubscriptionIAMBindingCondition `pulumi:"condition"` // (Computed) The etag of the subscription's IAM policy. - Etag *string `pulumi:"etag"` + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members []string `pulumi:"members"` // The project in which the resource belongs. If it // is not provided, the provider project is used. @@ -230,22 +342,21 @@ type subscriptionIAMBindingState struct { // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role *string `pulumi:"role"` // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription *string `pulumi:"subscription"` } type SubscriptionIAMBindingState struct { Condition SubscriptionIAMBindingConditionPtrInput // (Computed) The etag of the subscription's IAM policy. - Etag pulumi.StringPtrInput + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Members pulumi.StringArrayInput // The project in which the resource belongs. If it // is not provided, the provider project is used. @@ -255,15 +366,6 @@ type SubscriptionIAMBindingState struct { // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription pulumi.StringPtrInput } @@ -273,7 +375,15 @@ func (SubscriptionIAMBindingState) ElementType() reflect.Type { type subscriptionIAMBindingArgs struct { Condition *SubscriptionIAMBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members []string `pulumi:"members"` // The project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -282,22 +392,21 @@ type subscriptionIAMBindingArgs struct { // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role string `pulumi:"role"` // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription string `pulumi:"subscription"` } // The set of arguments for constructing a SubscriptionIAMBinding resource. type SubscriptionIAMBindingArgs struct { Condition SubscriptionIAMBindingConditionPtrInput - Members pulumi.StringArrayInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members pulumi.StringArrayInput // The project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -306,15 +415,6 @@ type SubscriptionIAMBindingArgs struct { // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription pulumi.StringInput } @@ -414,6 +514,14 @@ func (o SubscriptionIAMBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *SubscriptionIAMBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o SubscriptionIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *SubscriptionIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -432,15 +540,6 @@ func (o SubscriptionIAMBindingOutput) Role() pulumi.StringOutput { } // The subscription name or id to bind to attach IAM policy to. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o SubscriptionIAMBindingOutput) Subscription() pulumi.StringOutput { return o.ApplyT(func(v *SubscriptionIAMBinding) pulumi.StringOutput { return v.Subscription }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/pubsub/subscriptionIAMMember.go b/sdk/go/gcp/pubsub/subscriptionIAMMember.go index 72713ed2bb..b9f8d769f6 100644 --- a/sdk/go/gcp/pubsub/subscriptionIAMMember.go +++ b/sdk/go/gcp/pubsub/subscriptionIAMMember.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_pubsub\_subscription\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = pubsub.NewSubscriptionIAMPolicy(ctx, "editor", &pubsub.SubscriptionIAMPolicyArgs{ +// Subscription: pulumi.String("your-subscription-name"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_subscription\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewSubscriptionIAMBinding(ctx, "editor", &pubsub.SubscriptionIAMBindingArgs{ +// Subscription: pulumi.String("your-subscription-name"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_subscription\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewSubscriptionIAMMember(ctx, "editor", &pubsub.SubscriptionIAMMemberArgs{ +// Subscription: pulumi.String("your-subscription-name"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -157,7 +262,15 @@ type SubscriptionIAMMember struct { Condition SubscriptionIAMMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the subscription's IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringOutput `pulumi:"member"` // The project in which the resource belongs. If it // is not provided, the provider project is used. @@ -167,15 +280,6 @@ type SubscriptionIAMMember struct { // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringOutput `pulumi:"role"` // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription pulumi.StringOutput `pulumi:"subscription"` } @@ -220,7 +324,15 @@ func GetSubscriptionIAMMember(ctx *pulumi.Context, type subscriptionIAMMemberState struct { Condition *SubscriptionIAMMemberCondition `pulumi:"condition"` // (Computed) The etag of the subscription's IAM policy. - Etag *string `pulumi:"etag"` + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member *string `pulumi:"member"` // The project in which the resource belongs. If it // is not provided, the provider project is used. @@ -230,22 +342,21 @@ type subscriptionIAMMemberState struct { // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role *string `pulumi:"role"` // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription *string `pulumi:"subscription"` } type SubscriptionIAMMemberState struct { Condition SubscriptionIAMMemberConditionPtrInput // (Computed) The etag of the subscription's IAM policy. - Etag pulumi.StringPtrInput + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Member pulumi.StringPtrInput // The project in which the resource belongs. If it // is not provided, the provider project is used. @@ -255,15 +366,6 @@ type SubscriptionIAMMemberState struct { // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringPtrInput // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription pulumi.StringPtrInput } @@ -273,7 +375,15 @@ func (SubscriptionIAMMemberState) ElementType() reflect.Type { type subscriptionIAMMemberArgs struct { Condition *SubscriptionIAMMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member string `pulumi:"member"` // The project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -282,22 +392,21 @@ type subscriptionIAMMemberArgs struct { // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role string `pulumi:"role"` // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription string `pulumi:"subscription"` } // The set of arguments for constructing a SubscriptionIAMMember resource. type SubscriptionIAMMemberArgs struct { Condition SubscriptionIAMMemberConditionPtrInput - Member pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: + // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member pulumi.StringInput // The project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -306,15 +415,6 @@ type SubscriptionIAMMemberArgs struct { // `[projects|organizations]/{parent-name}/roles/{role-name}`. Role pulumi.StringInput // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription pulumi.StringInput } @@ -414,6 +514,14 @@ func (o SubscriptionIAMMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *SubscriptionIAMMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o SubscriptionIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *SubscriptionIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -432,15 +540,6 @@ func (o SubscriptionIAMMemberOutput) Role() pulumi.StringOutput { } // The subscription name or id to bind to attach IAM policy to. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o SubscriptionIAMMemberOutput) Subscription() pulumi.StringOutput { return o.ApplyT(func(v *SubscriptionIAMMember) pulumi.StringOutput { return v.Subscription }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/pubsub/subscriptionIAMPolicy.go b/sdk/go/gcp/pubsub/subscriptionIAMPolicy.go index 9c0226d433..e74e9cccf6 100644 --- a/sdk/go/gcp/pubsub/subscriptionIAMPolicy.go +++ b/sdk/go/gcp/pubsub/subscriptionIAMPolicy.go @@ -127,6 +127,111 @@ import ( // ``` // // +// ## google\_pubsub\_subscription\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = pubsub.NewSubscriptionIAMPolicy(ctx, "editor", &pubsub.SubscriptionIAMPolicyArgs{ +// Subscription: pulumi.String("your-subscription-name"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_subscription\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewSubscriptionIAMBinding(ctx, "editor", &pubsub.SubscriptionIAMBindingArgs{ +// Subscription: pulumi.String("your-subscription-name"), +// Role: pulumi.String("roles/editor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_subscription\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewSubscriptionIAMMember(ctx, "editor", &pubsub.SubscriptionIAMMemberArgs{ +// Subscription: pulumi.String("your-subscription-name"), +// Role: pulumi.String("roles/editor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -166,15 +271,6 @@ type SubscriptionIAMPolicy struct { // is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription pulumi.StringOutput `pulumi:"subscription"` } @@ -225,15 +321,6 @@ type subscriptionIAMPolicyState struct { // is not provided, the provider project is used. Project *string `pulumi:"project"` // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription *string `pulumi:"subscription"` } @@ -249,15 +336,6 @@ type SubscriptionIAMPolicyState struct { // is not provided, the provider project is used. Project pulumi.StringPtrInput // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription pulumi.StringPtrInput } @@ -275,15 +353,6 @@ type subscriptionIAMPolicyArgs struct { // is not provided, the provider project is used. Project *string `pulumi:"project"` // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription string `pulumi:"subscription"` } @@ -298,15 +367,6 @@ type SubscriptionIAMPolicyArgs struct { // is not provided, the provider project is used. Project pulumi.StringPtrInput // The subscription name or id to bind to attach IAM policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Subscription pulumi.StringInput } @@ -417,15 +477,6 @@ func (o SubscriptionIAMPolicyOutput) Project() pulumi.StringOutput { } // The subscription name or id to bind to attach IAM policy to. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o SubscriptionIAMPolicyOutput) Subscription() pulumi.StringOutput { return o.ApplyT(func(v *SubscriptionIAMPolicy) pulumi.StringOutput { return v.Subscription }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/pubsub/topicIAMBinding.go b/sdk/go/gcp/pubsub/topicIAMBinding.go index 6f93b7ce54..0ba63df21c 100644 --- a/sdk/go/gcp/pubsub/topicIAMBinding.go +++ b/sdk/go/gcp/pubsub/topicIAMBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_pubsub\_topic\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = pubsub.NewTopicIAMPolicy(ctx, "policy", &pubsub.TopicIAMPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_topic\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewTopicIAMBinding(ctx, "binding", &pubsub.TopicIAMBindingArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_topic\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewTopicIAMMember(ctx, "member", &pubsub.TopicIAMMemberArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,13 +282,9 @@ type TopicIAMBinding struct { Condition TopicIAMBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,6 +294,9 @@ type TopicIAMBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format @@ -240,13 +347,9 @@ func GetTopicIAMBinding(ctx *pulumi.Context, type topicIAMBindingState struct { Condition *TopicIAMBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,6 +359,9 @@ type topicIAMBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format @@ -268,13 +374,9 @@ type topicIAMBindingState struct { type TopicIAMBindingState struct { Condition TopicIAMBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -284,6 +386,9 @@ type TopicIAMBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format @@ -299,12 +404,8 @@ func (TopicIAMBindingState) ElementType() reflect.Type { type topicIAMBindingArgs struct { Condition *TopicIAMBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -314,6 +415,9 @@ type topicIAMBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format @@ -326,12 +430,8 @@ type topicIAMBindingArgs struct { // The set of arguments for constructing a TopicIAMBinding resource. type TopicIAMBindingArgs struct { Condition TopicIAMBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -341,6 +441,9 @@ type TopicIAMBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format @@ -446,24 +549,23 @@ func (o TopicIAMBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TopicIAMBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TopicIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *TopicIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TopicIAMBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TopicIAMBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/pubsub/topicIAMMember.go b/sdk/go/gcp/pubsub/topicIAMMember.go index 8c55d39e1d..f024531f83 100644 --- a/sdk/go/gcp/pubsub/topicIAMMember.go +++ b/sdk/go/gcp/pubsub/topicIAMMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_pubsub\_topic\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = pubsub.NewTopicIAMPolicy(ctx, "policy", &pubsub.TopicIAMPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_topic\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewTopicIAMBinding(ctx, "binding", &pubsub.TopicIAMBindingArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_topic\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewTopicIAMMember(ctx, "member", &pubsub.TopicIAMMemberArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,13 +282,9 @@ type TopicIAMMember struct { Condition TopicIAMMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,6 +294,9 @@ type TopicIAMMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format @@ -240,13 +347,9 @@ func GetTopicIAMMember(ctx *pulumi.Context, type topicIAMMemberState struct { Condition *TopicIAMMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,6 +359,9 @@ type topicIAMMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format @@ -268,13 +374,9 @@ type topicIAMMemberState struct { type TopicIAMMemberState struct { Condition TopicIAMMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -284,6 +386,9 @@ type TopicIAMMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format @@ -299,12 +404,8 @@ func (TopicIAMMemberState) ElementType() reflect.Type { type topicIAMMemberArgs struct { Condition *TopicIAMMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -314,6 +415,9 @@ type topicIAMMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format @@ -326,12 +430,8 @@ type topicIAMMemberArgs struct { // The set of arguments for constructing a TopicIAMMember resource. type TopicIAMMemberArgs struct { Condition TopicIAMMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -341,6 +441,9 @@ type TopicIAMMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format @@ -446,24 +549,23 @@ func (o TopicIAMMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TopicIAMMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TopicIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *TopicIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TopicIAMMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TopicIAMMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/pubsub/topicIAMPolicy.go b/sdk/go/gcp/pubsub/topicIAMPolicy.go index aaf60592be..25bc136e3f 100644 --- a/sdk/go/gcp/pubsub/topicIAMPolicy.go +++ b/sdk/go/gcp/pubsub/topicIAMPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_pubsub\_topic\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = pubsub.NewTopicIAMPolicy(ctx, "policy", &pubsub.TopicIAMPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_topic\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewTopicIAMBinding(ctx, "binding", &pubsub.TopicIAMBindingArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_topic\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewTopicIAMMember(ctx, "member", &pubsub.TopicIAMMemberArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -179,18 +287,6 @@ type TopicIAMPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Topic pulumi.StringOutput `pulumi:"topic"` @@ -239,18 +335,6 @@ type topicIAMPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Topic *string `pulumi:"topic"` @@ -264,18 +348,6 @@ type TopicIAMPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Topic pulumi.StringPtrInput @@ -291,18 +363,6 @@ type topicIAMPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // Used to find the parent resource to bind the IAM policy to Topic string `pulumi:"topic"` @@ -315,18 +375,6 @@ type TopicIAMPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Topic pulumi.StringInput @@ -432,18 +480,6 @@ func (o TopicIAMPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TopicIAMPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *TopicIAMPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/runtimeconfig/configIamBinding.go b/sdk/go/gcp/runtimeconfig/configIamBinding.go index eaec16eb0e..3a1e118fea 100644 --- a/sdk/go/gcp/runtimeconfig/configIamBinding.go +++ b/sdk/go/gcp/runtimeconfig/configIamBinding.go @@ -54,13 +54,9 @@ type ConfigIamBinding struct { // Used to find the parent resource to bind the IAM policy to Config pulumi.StringOutput `pulumi:"config"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -70,6 +66,9 @@ type ConfigIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -120,13 +119,9 @@ type configIamBindingState struct { // Used to find the parent resource to bind the IAM policy to Config *string `pulumi:"config"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -136,6 +131,9 @@ type configIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -148,13 +146,9 @@ type ConfigIamBindingState struct { // Used to find the parent resource to bind the IAM policy to Config pulumi.StringPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -164,6 +158,9 @@ type ConfigIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -178,13 +175,9 @@ func (ConfigIamBindingState) ElementType() reflect.Type { type configIamBindingArgs struct { Condition *ConfigIamBindingCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - Config string `pulumi:"config"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Config string `pulumi:"config"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -194,6 +187,9 @@ type configIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -205,13 +201,9 @@ type configIamBindingArgs struct { type ConfigIamBindingArgs struct { Condition ConfigIamBindingConditionPtrInput // Used to find the parent resource to bind the IAM policy to - Config pulumi.StringInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Config pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -221,6 +213,9 @@ type ConfigIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -329,24 +324,23 @@ func (o ConfigIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ConfigIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConfigIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ConfigIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConfigIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ConfigIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/runtimeconfig/configIamMember.go b/sdk/go/gcp/runtimeconfig/configIamMember.go index f3b64df0b6..7be1cf8f7a 100644 --- a/sdk/go/gcp/runtimeconfig/configIamMember.go +++ b/sdk/go/gcp/runtimeconfig/configIamMember.go @@ -54,13 +54,9 @@ type ConfigIamMember struct { // Used to find the parent resource to bind the IAM policy to Config pulumi.StringOutput `pulumi:"config"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -70,6 +66,9 @@ type ConfigIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -120,13 +119,9 @@ type configIamMemberState struct { // Used to find the parent resource to bind the IAM policy to Config *string `pulumi:"config"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -136,6 +131,9 @@ type configIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -148,13 +146,9 @@ type ConfigIamMemberState struct { // Used to find the parent resource to bind the IAM policy to Config pulumi.StringPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -164,6 +158,9 @@ type ConfigIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -179,12 +176,8 @@ type configIamMemberArgs struct { Condition *ConfigIamMemberCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to Config string `pulumi:"config"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -194,6 +187,9 @@ type configIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -206,12 +202,8 @@ type ConfigIamMemberArgs struct { Condition ConfigIamMemberConditionPtrInput // Used to find the parent resource to bind the IAM policy to Config pulumi.StringInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -221,6 +213,9 @@ type ConfigIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -329,24 +324,23 @@ func (o ConfigIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ConfigIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConfigIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ConfigIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConfigIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ConfigIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/runtimeconfig/configIamPolicy.go b/sdk/go/gcp/runtimeconfig/configIamPolicy.go index 59120a4ceb..e12c417a05 100644 --- a/sdk/go/gcp/runtimeconfig/configIamPolicy.go +++ b/sdk/go/gcp/runtimeconfig/configIamPolicy.go @@ -59,18 +59,6 @@ type ConfigIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` } @@ -119,18 +107,6 @@ type configIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -144,18 +120,6 @@ type ConfigIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -171,18 +135,6 @@ type configIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` } @@ -195,18 +147,6 @@ type ConfigIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput } @@ -315,18 +255,6 @@ func (o ConfigIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ConfigIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *ConfigIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/secretmanager/secretIamBinding.go b/sdk/go/gcp/secretmanager/secretIamBinding.go index 14835a7b97..9279e5cf9b 100644 --- a/sdk/go/gcp/secretmanager/secretIamBinding.go +++ b/sdk/go/gcp/secretmanager/secretIamBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_secret\_manager\_secret\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/secretmanager.secretAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = secretmanager.NewSecretIamPolicy(ctx, "policy", &secretmanager.SecretIamPolicyArgs{ +// Project: pulumi.Any(secret_basic.Project), +// SecretId: pulumi.Any(secret_basic.SecretId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_secret\_manager\_secret\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := secretmanager.NewSecretIamBinding(ctx, "binding", &secretmanager.SecretIamBindingArgs{ +// Project: pulumi.Any(secret_basic.Project), +// SecretId: pulumi.Any(secret_basic.SecretId), +// Role: pulumi.String("roles/secretmanager.secretAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_secret\_manager\_secret\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := secretmanager.NewSecretIamMember(ctx, "member", &secretmanager.SecretIamMemberArgs{ +// Project: pulumi.Any(secret_basic.Project), +// SecretId: pulumi.Any(secret_basic.SecretId), +// Role: pulumi.String("roles/secretmanager.secretAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,13 +282,9 @@ type SecretIamBinding struct { Condition SecretIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,6 +294,9 @@ type SecretIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format @@ -239,13 +346,9 @@ func GetSecretIamBinding(ctx *pulumi.Context, type secretIamBindingState struct { Condition *SecretIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,6 +358,9 @@ type secretIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format @@ -266,13 +372,9 @@ type secretIamBindingState struct { type SecretIamBindingState struct { Condition SecretIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -282,6 +384,9 @@ type SecretIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format @@ -296,12 +401,8 @@ func (SecretIamBindingState) ElementType() reflect.Type { type secretIamBindingArgs struct { Condition *SecretIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -311,6 +412,9 @@ type secretIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format @@ -322,12 +426,8 @@ type secretIamBindingArgs struct { // The set of arguments for constructing a SecretIamBinding resource. type SecretIamBindingArgs struct { Condition SecretIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -337,6 +437,9 @@ type SecretIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format @@ -441,24 +544,23 @@ func (o SecretIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *SecretIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SecretIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *SecretIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SecretIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *SecretIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/secretmanager/secretIamMember.go b/sdk/go/gcp/secretmanager/secretIamMember.go index 7b039e3311..d80841421b 100644 --- a/sdk/go/gcp/secretmanager/secretIamMember.go +++ b/sdk/go/gcp/secretmanager/secretIamMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_secret\_manager\_secret\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/secretmanager.secretAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = secretmanager.NewSecretIamPolicy(ctx, "policy", &secretmanager.SecretIamPolicyArgs{ +// Project: pulumi.Any(secret_basic.Project), +// SecretId: pulumi.Any(secret_basic.SecretId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_secret\_manager\_secret\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := secretmanager.NewSecretIamBinding(ctx, "binding", &secretmanager.SecretIamBindingArgs{ +// Project: pulumi.Any(secret_basic.Project), +// SecretId: pulumi.Any(secret_basic.SecretId), +// Role: pulumi.String("roles/secretmanager.secretAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_secret\_manager\_secret\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := secretmanager.NewSecretIamMember(ctx, "member", &secretmanager.SecretIamMemberArgs{ +// Project: pulumi.Any(secret_basic.Project), +// SecretId: pulumi.Any(secret_basic.SecretId), +// Role: pulumi.String("roles/secretmanager.secretAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,13 +282,9 @@ type SecretIamMember struct { Condition SecretIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,6 +294,9 @@ type SecretIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format @@ -239,13 +346,9 @@ func GetSecretIamMember(ctx *pulumi.Context, type secretIamMemberState struct { Condition *SecretIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,6 +358,9 @@ type secretIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format @@ -266,13 +372,9 @@ type secretIamMemberState struct { type SecretIamMemberState struct { Condition SecretIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -282,6 +384,9 @@ type SecretIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format @@ -296,12 +401,8 @@ func (SecretIamMemberState) ElementType() reflect.Type { type secretIamMemberArgs struct { Condition *SecretIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -311,6 +412,9 @@ type secretIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format @@ -322,12 +426,8 @@ type secretIamMemberArgs struct { // The set of arguments for constructing a SecretIamMember resource. type SecretIamMemberArgs struct { Condition SecretIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -337,6 +437,9 @@ type SecretIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format @@ -441,24 +544,23 @@ func (o SecretIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *SecretIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SecretIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *SecretIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SecretIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *SecretIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/secretmanager/secretIamPolicy.go b/sdk/go/gcp/secretmanager/secretIamPolicy.go index a513c49b6c..d73a20fe13 100644 --- a/sdk/go/gcp/secretmanager/secretIamPolicy.go +++ b/sdk/go/gcp/secretmanager/secretIamPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_secret\_manager\_secret\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/secretmanager.secretAccessor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = secretmanager.NewSecretIamPolicy(ctx, "policy", &secretmanager.SecretIamPolicyArgs{ +// Project: pulumi.Any(secret_basic.Project), +// SecretId: pulumi.Any(secret_basic.SecretId), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_secret\_manager\_secret\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := secretmanager.NewSecretIamBinding(ctx, "binding", &secretmanager.SecretIamBindingArgs{ +// Project: pulumi.Any(secret_basic.Project), +// SecretId: pulumi.Any(secret_basic.SecretId), +// Role: pulumi.String("roles/secretmanager.secretAccessor"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_secret\_manager\_secret\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/secretmanager" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := secretmanager.NewSecretIamMember(ctx, "member", &secretmanager.SecretIamMemberArgs{ +// Project: pulumi.Any(secret_basic.Project), +// SecretId: pulumi.Any(secret_basic.SecretId), +// Role: pulumi.String("roles/secretmanager.secretAccessor"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -179,18 +287,6 @@ type SecretIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` SecretId pulumi.StringOutput `pulumi:"secretId"` } @@ -238,18 +334,6 @@ type secretIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` SecretId *string `pulumi:"secretId"` } @@ -262,18 +346,6 @@ type SecretIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput SecretId pulumi.StringPtrInput } @@ -288,18 +360,6 @@ type secretIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` SecretId string `pulumi:"secretId"` } @@ -311,18 +371,6 @@ type SecretIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput SecretId pulumi.StringInput } @@ -427,18 +475,6 @@ func (o SecretIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o SecretIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *SecretIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/serviceaccount/iambinding.go b/sdk/go/gcp/serviceaccount/iambinding.go index 88fe469f3e..befe582d4a 100644 --- a/sdk/go/gcp/serviceaccount/iambinding.go +++ b/sdk/go/gcp/serviceaccount/iambinding.go @@ -256,6 +256,238 @@ import ( // ``` // // +// ### Additional Examples +// +// ### Service Account IAM Policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iam.serviceAccountUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that only Jane can interact with"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMPolicy(ctx, "admin-account-iam", &serviceaccount.IAMPolicyArgs{ +// ServiceAccountId: sa.Name, +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ### Service Account IAM Binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that only Jane can use"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMBinding(ctx, "admin-account-iam", &serviceaccount.IAMBindingArgs{ +// ServiceAccountId: sa.Name, +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ### Service Account IAM Binding With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that only Jane can use"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMBinding(ctx, "admin-account-iam", &serviceaccount.IAMBindingArgs{ +// ServiceAccountId: sa.Name, +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &serviceaccount.IAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ### Service Account IAM Member +// +// +// ```go +// package main +// +// import ( +// +// "fmt" +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _default, err := compute.GetDefaultServiceAccount(ctx, nil, nil) +// if err != nil { +// return err +// } +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that Jane can use"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMMember(ctx, "admin-account-iam", &serviceaccount.IAMMemberArgs{ +// ServiceAccountId: sa.Name, +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// // Allow SA service account use the default GCE account +// _, err = serviceaccount.NewIAMMember(ctx, "gce-default-account-iam", &serviceaccount.IAMMemberArgs{ +// ServiceAccountId: pulumi.String(_default.Name), +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Member: sa.Email.ApplyT(func(email string) (string, error) { +// return fmt.Sprintf("serviceAccount:%v", email), nil +// }).(pulumi.StringOutput), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ### Service Account IAM Member With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that Jane can use"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMMember(ctx, "admin-account-iam", &serviceaccount.IAMMemberArgs{ +// ServiceAccountId: sa.Name, +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &serviceaccount.IAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing with conditions: @@ -276,22 +508,21 @@ type IAMBinding struct { // Structure is documented below. Condition IAMBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the service account IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The role that should be applied. Only one - // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringOutput `pulumi:"role"` - // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members pulumi.StringArrayOutput `pulumi:"members"` + // The role that should be applied. Only one + // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringOutput `pulumi:"role"` + // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"` } @@ -344,22 +575,21 @@ type iambindingState struct { // Structure is documented below. Condition *IAMBindingCondition `pulumi:"condition"` // (Computed) The etag of the service account IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The role that should be applied. Only one - // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role *string `pulumi:"role"` - // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members []string `pulumi:"members"` + // The role that should be applied. Only one + // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role *string `pulumi:"role"` + // The fully-qualified name of the service account to apply policy to. ServiceAccountId *string `pulumi:"serviceAccountId"` } @@ -368,22 +598,21 @@ type IAMBindingState struct { // Structure is documented below. Condition IAMBindingConditionPtrInput // (Computed) The etag of the service account IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The role that should be applied. Only one - // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringPtrInput - // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members pulumi.StringArrayInput + // The role that should be applied. Only one + // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringPtrInput + // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringPtrInput } @@ -395,21 +624,20 @@ type iambindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *IAMBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The role that should be applied. Only one - // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role string `pulumi:"role"` - // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members []string `pulumi:"members"` + // The role that should be applied. Only one + // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role string `pulumi:"role"` + // The fully-qualified name of the service account to apply policy to. ServiceAccountId string `pulumi:"serviceAccountId"` } @@ -418,21 +646,20 @@ type IAMBindingArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition IAMBindingConditionPtrInput - Members pulumi.StringArrayInput - // The role that should be applied. Only one - // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringInput - // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Members pulumi.StringArrayInput + // The role that should be applied. Only one + // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringInput + // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringInput } @@ -534,6 +761,14 @@ func (o IAMBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *IAMBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o IAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *IAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -546,15 +781,6 @@ func (o IAMBindingOutput) Role() pulumi.StringOutput { } // The fully-qualified name of the service account to apply policy to. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o IAMBindingOutput) ServiceAccountId() pulumi.StringOutput { return o.ApplyT(func(v *IAMBinding) pulumi.StringOutput { return v.ServiceAccountId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/serviceaccount/iammember.go b/sdk/go/gcp/serviceaccount/iammember.go index 862f919766..2fbb7a30d1 100644 --- a/sdk/go/gcp/serviceaccount/iammember.go +++ b/sdk/go/gcp/serviceaccount/iammember.go @@ -256,6 +256,238 @@ import ( // ``` // // +// ### Additional Examples +// +// ### Service Account IAM Policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iam.serviceAccountUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that only Jane can interact with"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMPolicy(ctx, "admin-account-iam", &serviceaccount.IAMPolicyArgs{ +// ServiceAccountId: sa.Name, +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ### Service Account IAM Binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that only Jane can use"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMBinding(ctx, "admin-account-iam", &serviceaccount.IAMBindingArgs{ +// ServiceAccountId: sa.Name, +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ### Service Account IAM Binding With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that only Jane can use"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMBinding(ctx, "admin-account-iam", &serviceaccount.IAMBindingArgs{ +// ServiceAccountId: sa.Name, +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &serviceaccount.IAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ### Service Account IAM Member +// +// +// ```go +// package main +// +// import ( +// +// "fmt" +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _default, err := compute.GetDefaultServiceAccount(ctx, nil, nil) +// if err != nil { +// return err +// } +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that Jane can use"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMMember(ctx, "admin-account-iam", &serviceaccount.IAMMemberArgs{ +// ServiceAccountId: sa.Name, +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// // Allow SA service account use the default GCE account +// _, err = serviceaccount.NewIAMMember(ctx, "gce-default-account-iam", &serviceaccount.IAMMemberArgs{ +// ServiceAccountId: pulumi.String(_default.Name), +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Member: sa.Email.ApplyT(func(email string) (string, error) { +// return fmt.Sprintf("serviceAccount:%v", email), nil +// }).(pulumi.StringOutput), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ### Service Account IAM Member With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that Jane can use"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMMember(ctx, "admin-account-iam", &serviceaccount.IAMMemberArgs{ +// ServiceAccountId: sa.Name, +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &serviceaccount.IAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing with conditions: @@ -276,22 +508,21 @@ type IAMMember struct { // Structure is documented below. Condition IAMMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the service account IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The role that should be applied. Only one - // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringOutput `pulumi:"role"` - // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member pulumi.StringOutput `pulumi:"member"` + // The role that should be applied. Only one + // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringOutput `pulumi:"role"` + // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"` } @@ -344,22 +575,21 @@ type iammemberState struct { // Structure is documented below. Condition *IAMMemberCondition `pulumi:"condition"` // (Computed) The etag of the service account IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The role that should be applied. Only one - // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role *string `pulumi:"role"` - // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member *string `pulumi:"member"` + // The role that should be applied. Only one + // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role *string `pulumi:"role"` + // The fully-qualified name of the service account to apply policy to. ServiceAccountId *string `pulumi:"serviceAccountId"` } @@ -368,22 +598,21 @@ type IAMMemberState struct { // Structure is documented below. Condition IAMMemberConditionPtrInput // (Computed) The etag of the service account IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The role that should be applied. Only one - // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringPtrInput - // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member pulumi.StringPtrInput + // The role that should be applied. Only one + // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringPtrInput + // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringPtrInput } @@ -395,21 +624,20 @@ type iammemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition *IAMMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The role that should be applied. Only one - // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role string `pulumi:"role"` - // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member string `pulumi:"member"` + // The role that should be applied. Only one + // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role string `pulumi:"role"` + // The fully-qualified name of the service account to apply policy to. ServiceAccountId string `pulumi:"serviceAccountId"` } @@ -418,21 +646,20 @@ type IAMMemberArgs struct { // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. // Structure is documented below. Condition IAMMemberConditionPtrInput - Member pulumi.StringInput - // The role that should be applied. Only one - // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringInput - // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + Member pulumi.StringInput + // The role that should be applied. Only one + // `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringInput + // The fully-qualified name of the service account to apply policy to. ServiceAccountId pulumi.StringInput } @@ -534,6 +761,14 @@ func (o IAMMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *IAMMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o IAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *IAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -546,15 +781,6 @@ func (o IAMMemberOutput) Role() pulumi.StringOutput { } // The fully-qualified name of the service account to apply policy to. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o IAMMemberOutput) ServiceAccountId() pulumi.StringOutput { return o.ApplyT(func(v *IAMMember) pulumi.StringOutput { return v.ServiceAccountId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/serviceaccount/iampolicy.go b/sdk/go/gcp/serviceaccount/iampolicy.go index 58a71a9764..39d4beee7b 100644 --- a/sdk/go/gcp/serviceaccount/iampolicy.go +++ b/sdk/go/gcp/serviceaccount/iampolicy.go @@ -256,6 +256,238 @@ import ( // ``` // // +// ### Additional Examples +// +// ### Service Account IAM Policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/iam.serviceAccountUser", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that only Jane can interact with"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMPolicy(ctx, "admin-account-iam", &serviceaccount.IAMPolicyArgs{ +// ServiceAccountId: sa.Name, +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ### Service Account IAM Binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that only Jane can use"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMBinding(ctx, "admin-account-iam", &serviceaccount.IAMBindingArgs{ +// ServiceAccountId: sa.Name, +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ### Service Account IAM Binding With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that only Jane can use"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMBinding(ctx, "admin-account-iam", &serviceaccount.IAMBindingArgs{ +// ServiceAccountId: sa.Name, +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &serviceaccount.IAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ### Service Account IAM Member +// +// +// ```go +// package main +// +// import ( +// +// "fmt" +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/compute" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _default, err := compute.GetDefaultServiceAccount(ctx, nil, nil) +// if err != nil { +// return err +// } +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that Jane can use"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMMember(ctx, "admin-account-iam", &serviceaccount.IAMMemberArgs{ +// ServiceAccountId: sa.Name, +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// // Allow SA service account use the default GCE account +// _, err = serviceaccount.NewIAMMember(ctx, "gce-default-account-iam", &serviceaccount.IAMMemberArgs{ +// ServiceAccountId: pulumi.String(_default.Name), +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Member: sa.Email.ApplyT(func(email string) (string, error) { +// return fmt.Sprintf("serviceAccount:%v", email), nil +// }).(pulumi.StringOutput), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ### Service Account IAM Member With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/serviceaccount" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// sa, err := serviceaccount.NewAccount(ctx, "sa", &serviceaccount.AccountArgs{ +// AccountId: pulumi.String("my-service-account"), +// DisplayName: pulumi.String("A service account that Jane can use"), +// }) +// if err != nil { +// return err +// } +// _, err = serviceaccount.NewIAMMember(ctx, "admin-account-iam", &serviceaccount.IAMMemberArgs{ +// ServiceAccountId: sa.Name, +// Role: pulumi.String("roles/iam.serviceAccountUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &serviceaccount.IAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing with conditions: @@ -278,15 +510,6 @@ type IAMPolicy struct { // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. ServiceAccountId pulumi.StringOutput `pulumi:"serviceAccountId"` } @@ -338,15 +561,6 @@ type iampolicyState struct { // a `organizations.getIAMPolicy` data source. PolicyData *string `pulumi:"policyData"` // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. ServiceAccountId *string `pulumi:"serviceAccountId"` } @@ -357,15 +571,6 @@ type IAMPolicyState struct { // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. ServiceAccountId pulumi.StringPtrInput } @@ -378,15 +583,6 @@ type iampolicyArgs struct { // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. ServiceAccountId string `pulumi:"serviceAccountId"` } @@ -396,15 +592,6 @@ type IAMPolicyArgs struct { // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // The fully-qualified name of the service account to apply policy to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. ServiceAccountId pulumi.StringInput } @@ -507,15 +694,6 @@ func (o IAMPolicyOutput) PolicyData() pulumi.StringOutput { } // The fully-qualified name of the service account to apply policy to. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o IAMPolicyOutput) ServiceAccountId() pulumi.StringOutput { return o.ApplyT(func(v *IAMPolicy) pulumi.StringOutput { return v.ServiceAccountId }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/servicedirectory/namespaceIamBinding.go b/sdk/go/gcp/servicedirectory/namespaceIamBinding.go index ca97edaaf3..536e0aa620 100644 --- a/sdk/go/gcp/servicedirectory/namespaceIamBinding.go +++ b/sdk/go/gcp/servicedirectory/namespaceIamBinding.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_service\_directory\_namespace\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = servicedirectory.NewNamespaceIamPolicy(ctx, "policy", &servicedirectory.NamespaceIamPolicyArgs{ +// Name: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_service\_directory\_namespace\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := servicedirectory.NewNamespaceIamBinding(ctx, "binding", &servicedirectory.NamespaceIamBindingArgs{ +// Name: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_service\_directory\_namespace\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := servicedirectory.NewNamespaceIamMember(ctx, "member", &servicedirectory.NamespaceIamMemberArgs{ +// Name: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,12 +276,9 @@ type NamespaceIamBinding struct { Condition NamespaceIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -186,6 +288,8 @@ type NamespaceIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringOutput `pulumi:"name"` // The role that should be applied. Only one // `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format @@ -231,12 +335,9 @@ func GetNamespaceIamBinding(ctx *pulumi.Context, type namespaceIamBindingState struct { Condition *NamespaceIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -246,6 +347,8 @@ type namespaceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to Name *string `pulumi:"name"` // The role that should be applied. Only one // `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format @@ -256,12 +359,9 @@ type namespaceIamBindingState struct { type NamespaceIamBindingState struct { Condition NamespaceIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -271,6 +371,8 @@ type NamespaceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The role that should be applied. Only one // `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format @@ -284,11 +386,8 @@ func (NamespaceIamBindingState) ElementType() reflect.Type { type namespaceIamBindingArgs struct { Condition *NamespaceIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -298,6 +397,8 @@ type namespaceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to Name *string `pulumi:"name"` // The role that should be applied. Only one // `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format @@ -308,11 +409,8 @@ type namespaceIamBindingArgs struct { // The set of arguments for constructing a NamespaceIamBinding resource. type NamespaceIamBindingArgs struct { Condition NamespaceIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -322,6 +420,8 @@ type NamespaceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The role that should be applied. Only one // `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format @@ -425,23 +525,22 @@ func (o NamespaceIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *NamespaceIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o NamespaceIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *NamespaceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o NamespaceIamBindingOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *NamespaceIamBinding) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/servicedirectory/namespaceIamMember.go b/sdk/go/gcp/servicedirectory/namespaceIamMember.go index 70e57e2fad..ce4c76b6f3 100644 --- a/sdk/go/gcp/servicedirectory/namespaceIamMember.go +++ b/sdk/go/gcp/servicedirectory/namespaceIamMember.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_service\_directory\_namespace\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = servicedirectory.NewNamespaceIamPolicy(ctx, "policy", &servicedirectory.NamespaceIamPolicyArgs{ +// Name: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_service\_directory\_namespace\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := servicedirectory.NewNamespaceIamBinding(ctx, "binding", &servicedirectory.NamespaceIamBindingArgs{ +// Name: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_service\_directory\_namespace\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := servicedirectory.NewNamespaceIamMember(ctx, "member", &servicedirectory.NamespaceIamMemberArgs{ +// Name: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,12 +276,9 @@ type NamespaceIamMember struct { Condition NamespaceIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -186,6 +288,8 @@ type NamespaceIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringOutput `pulumi:"name"` // The role that should be applied. Only one // `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format @@ -231,12 +335,9 @@ func GetNamespaceIamMember(ctx *pulumi.Context, type namespaceIamMemberState struct { Condition *NamespaceIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -246,6 +347,8 @@ type namespaceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to Name *string `pulumi:"name"` // The role that should be applied. Only one // `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format @@ -256,12 +359,9 @@ type namespaceIamMemberState struct { type NamespaceIamMemberState struct { Condition NamespaceIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -271,6 +371,8 @@ type NamespaceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The role that should be applied. Only one // `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format @@ -284,11 +386,8 @@ func (NamespaceIamMemberState) ElementType() reflect.Type { type namespaceIamMemberArgs struct { Condition *NamespaceIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -298,6 +397,8 @@ type namespaceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to Name *string `pulumi:"name"` // The role that should be applied. Only one // `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format @@ -308,11 +409,8 @@ type namespaceIamMemberArgs struct { // The set of arguments for constructing a NamespaceIamMember resource. type NamespaceIamMemberArgs struct { Condition NamespaceIamMemberConditionPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -322,6 +420,8 @@ type NamespaceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The role that should be applied. Only one // `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format @@ -425,23 +525,22 @@ func (o NamespaceIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *NamespaceIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o NamespaceIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *NamespaceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o NamespaceIamMemberOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *NamespaceIamMember) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/servicedirectory/namespaceIamPolicy.go b/sdk/go/gcp/servicedirectory/namespaceIamPolicy.go index 67ae9804fd..36773d0f07 100644 --- a/sdk/go/gcp/servicedirectory/namespaceIamPolicy.go +++ b/sdk/go/gcp/servicedirectory/namespaceIamPolicy.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_service\_directory\_namespace\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = servicedirectory.NewNamespaceIamPolicy(ctx, "policy", &servicedirectory.NamespaceIamPolicyArgs{ +// Name: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_service\_directory\_namespace\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := servicedirectory.NewNamespaceIamBinding(ctx, "binding", &servicedirectory.NamespaceIamBindingArgs{ +// Name: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_service\_directory\_namespace\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := servicedirectory.NewNamespaceIamMember(ctx, "member", &servicedirectory.NamespaceIamMemberArgs{ +// Name: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -172,18 +277,6 @@ type NamespaceIamPolicy struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name pulumi.StringOutput `pulumi:"name"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -226,18 +319,6 @@ type namespaceIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name *string `pulumi:"name"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -248,18 +329,6 @@ type NamespaceIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -272,18 +341,6 @@ func (NamespaceIamPolicyState) ElementType() reflect.Type { type namespaceIamPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name *string `pulumi:"name"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -293,18 +350,6 @@ type namespaceIamPolicyArgs struct { // The set of arguments for constructing a NamespaceIamPolicy resource. type NamespaceIamPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -404,18 +449,6 @@ func (o NamespaceIamPolicyOutput) Etag() pulumi.StringOutput { } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o NamespaceIamPolicyOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *NamespaceIamPolicy) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/servicedirectory/serviceIamBinding.go b/sdk/go/gcp/servicedirectory/serviceIamBinding.go index 43b90bf3dd..808b5dddf6 100644 --- a/sdk/go/gcp/servicedirectory/serviceIamBinding.go +++ b/sdk/go/gcp/servicedirectory/serviceIamBinding.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_service\_directory\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = servicedirectory.NewServiceIamPolicy(ctx, "policy", &servicedirectory.ServiceIamPolicyArgs{ +// Name: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_service\_directory\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := servicedirectory.NewServiceIamBinding(ctx, "binding", &servicedirectory.ServiceIamBindingArgs{ +// Name: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_service\_directory\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := servicedirectory.NewServiceIamMember(ctx, "member", &servicedirectory.ServiceIamMemberArgs{ +// Name: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,12 +276,9 @@ type ServiceIamBinding struct { Condition ServiceIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -186,6 +288,8 @@ type ServiceIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringOutput `pulumi:"name"` // The role that should be applied. Only one // `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -231,12 +335,9 @@ func GetServiceIamBinding(ctx *pulumi.Context, type serviceIamBindingState struct { Condition *ServiceIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -246,6 +347,8 @@ type serviceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to Name *string `pulumi:"name"` // The role that should be applied. Only one // `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -256,12 +359,9 @@ type serviceIamBindingState struct { type ServiceIamBindingState struct { Condition ServiceIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -271,6 +371,8 @@ type ServiceIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The role that should be applied. Only one // `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -284,11 +386,8 @@ func (ServiceIamBindingState) ElementType() reflect.Type { type serviceIamBindingArgs struct { Condition *ServiceIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -298,6 +397,8 @@ type serviceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // Used to find the parent resource to bind the IAM policy to Name *string `pulumi:"name"` // The role that should be applied. Only one // `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -308,11 +409,8 @@ type serviceIamBindingArgs struct { // The set of arguments for constructing a ServiceIamBinding resource. type ServiceIamBindingArgs struct { Condition ServiceIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -322,6 +420,8 @@ type ServiceIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The role that should be applied. Only one // `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -425,23 +525,22 @@ func (o ServiceIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ServiceIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *ServiceIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ServiceIamBindingOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamBinding) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/servicedirectory/serviceIamMember.go b/sdk/go/gcp/servicedirectory/serviceIamMember.go index e4f40fb1c4..56cbf8132e 100644 --- a/sdk/go/gcp/servicedirectory/serviceIamMember.go +++ b/sdk/go/gcp/servicedirectory/serviceIamMember.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_service\_directory\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = servicedirectory.NewServiceIamPolicy(ctx, "policy", &servicedirectory.ServiceIamPolicyArgs{ +// Name: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_service\_directory\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := servicedirectory.NewServiceIamBinding(ctx, "binding", &servicedirectory.ServiceIamBindingArgs{ +// Name: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_service\_directory\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := servicedirectory.NewServiceIamMember(ctx, "member", &servicedirectory.ServiceIamMemberArgs{ +// Name: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -171,12 +276,9 @@ type ServiceIamMember struct { Condition ServiceIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -186,6 +288,8 @@ type ServiceIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringOutput `pulumi:"name"` // The role that should be applied. Only one // `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -231,12 +335,9 @@ func GetServiceIamMember(ctx *pulumi.Context, type serviceIamMemberState struct { Condition *ServiceIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -246,6 +347,8 @@ type serviceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to Name *string `pulumi:"name"` // The role that should be applied. Only one // `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -256,12 +359,9 @@ type serviceIamMemberState struct { type ServiceIamMemberState struct { Condition ServiceIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -271,6 +371,8 @@ type ServiceIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The role that should be applied. Only one // `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -284,11 +386,8 @@ func (ServiceIamMemberState) ElementType() reflect.Type { type serviceIamMemberArgs struct { Condition *ServiceIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -298,6 +397,8 @@ type serviceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // Used to find the parent resource to bind the IAM policy to Name *string `pulumi:"name"` // The role that should be applied. Only one // `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -308,11 +409,8 @@ type serviceIamMemberArgs struct { // The set of arguments for constructing a ServiceIamMember resource. type ServiceIamMemberArgs struct { Condition ServiceIamMemberConditionPtrInput - Member pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -322,6 +420,8 @@ type ServiceIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to Name pulumi.StringPtrInput // The role that should be applied. Only one // `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format @@ -425,23 +525,22 @@ func (o ServiceIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ServiceIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ServiceIamMemberOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamMember) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/servicedirectory/serviceIamPolicy.go b/sdk/go/gcp/servicedirectory/serviceIamPolicy.go index 1d27866d48..ad350969df 100644 --- a/sdk/go/gcp/servicedirectory/serviceIamPolicy.go +++ b/sdk/go/gcp/servicedirectory/serviceIamPolicy.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_service\_directory\_service\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = servicedirectory.NewServiceIamPolicy(ctx, "policy", &servicedirectory.ServiceIamPolicyArgs{ +// Name: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_service\_directory\_service\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := servicedirectory.NewServiceIamBinding(ctx, "binding", &servicedirectory.ServiceIamBindingArgs{ +// Name: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_service\_directory\_service\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/servicedirectory" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := servicedirectory.NewServiceIamMember(ctx, "member", &servicedirectory.ServiceIamMemberArgs{ +// Name: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -172,18 +277,6 @@ type ServiceIamPolicy struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name pulumi.StringOutput `pulumi:"name"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -226,18 +319,6 @@ type serviceIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name *string `pulumi:"name"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -248,18 +329,6 @@ type ServiceIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -272,18 +341,6 @@ func (ServiceIamPolicyState) ElementType() reflect.Type { type serviceIamPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name *string `pulumi:"name"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -293,18 +350,6 @@ type serviceIamPolicyArgs struct { // The set of arguments for constructing a ServiceIamPolicy resource. type ServiceIamPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Name pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -404,18 +449,6 @@ func (o ServiceIamPolicyOutput) Etag() pulumi.StringOutput { } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o ServiceIamPolicyOutput) Name() pulumi.StringOutput { return o.ApplyT(func(v *ServiceIamPolicy) pulumi.StringOutput { return v.Name }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/sourcerepo/repositoryIamBinding.go b/sdk/go/gcp/sourcerepo/repositoryIamBinding.go index 34f50c3c92..49d786ad98 100644 --- a/sdk/go/gcp/sourcerepo/repositoryIamBinding.go +++ b/sdk/go/gcp/sourcerepo/repositoryIamBinding.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_pubsub\_topic\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = pubsub.NewTopicIAMPolicy(ctx, "policy", &pubsub.TopicIAMPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_topic\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewTopicIAMBinding(ctx, "binding", &pubsub.TopicIAMBindingArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_topic\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewTopicIAMMember(ctx, "member", &pubsub.TopicIAMMemberArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,13 +282,9 @@ type RepositoryIamBinding struct { Condition RepositoryIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,6 +294,9 @@ type RepositoryIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` Repository pulumi.StringOutput `pulumi:"repository"` // The role that should be applied. Only one @@ -239,13 +346,9 @@ func GetRepositoryIamBinding(ctx *pulumi.Context, type repositoryIamBindingState struct { Condition *RepositoryIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,6 +358,9 @@ type repositoryIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Repository *string `pulumi:"repository"` // The role that should be applied. Only one @@ -266,13 +372,9 @@ type repositoryIamBindingState struct { type RepositoryIamBindingState struct { Condition RepositoryIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -282,6 +384,9 @@ type RepositoryIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Repository pulumi.StringPtrInput // The role that should be applied. Only one @@ -296,12 +401,8 @@ func (RepositoryIamBindingState) ElementType() reflect.Type { type repositoryIamBindingArgs struct { Condition *RepositoryIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -311,6 +412,9 @@ type repositoryIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Repository string `pulumi:"repository"` // The role that should be applied. Only one @@ -322,12 +426,8 @@ type repositoryIamBindingArgs struct { // The set of arguments for constructing a RepositoryIamBinding resource. type RepositoryIamBindingArgs struct { Condition RepositoryIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -337,6 +437,9 @@ type RepositoryIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Repository pulumi.StringInput // The role that should be applied. Only one @@ -441,24 +544,23 @@ func (o RepositoryIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RepositoryIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *RepositoryIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RepositoryIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/sourcerepo/repositoryIamMember.go b/sdk/go/gcp/sourcerepo/repositoryIamMember.go index f2c39b05ab..d15be8a4f2 100644 --- a/sdk/go/gcp/sourcerepo/repositoryIamMember.go +++ b/sdk/go/gcp/sourcerepo/repositoryIamMember.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_pubsub\_topic\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = pubsub.NewTopicIAMPolicy(ctx, "policy", &pubsub.TopicIAMPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_topic\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewTopicIAMBinding(ctx, "binding", &pubsub.TopicIAMBindingArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_topic\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewTopicIAMMember(ctx, "member", &pubsub.TopicIAMMemberArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -174,13 +282,9 @@ type RepositoryIamMember struct { Condition RepositoryIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,6 +294,9 @@ type RepositoryIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` Repository pulumi.StringOutput `pulumi:"repository"` // The role that should be applied. Only one @@ -239,13 +346,9 @@ func GetRepositoryIamMember(ctx *pulumi.Context, type repositoryIamMemberState struct { Condition *RepositoryIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,6 +358,9 @@ type repositoryIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Repository *string `pulumi:"repository"` // The role that should be applied. Only one @@ -266,13 +372,9 @@ type repositoryIamMemberState struct { type RepositoryIamMemberState struct { Condition RepositoryIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -282,6 +384,9 @@ type RepositoryIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Repository pulumi.StringPtrInput // The role that should be applied. Only one @@ -296,12 +401,8 @@ func (RepositoryIamMemberState) ElementType() reflect.Type { type repositoryIamMemberArgs struct { Condition *RepositoryIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -311,6 +412,9 @@ type repositoryIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` Repository string `pulumi:"repository"` // The role that should be applied. Only one @@ -322,12 +426,8 @@ type repositoryIamMemberArgs struct { // The set of arguments for constructing a RepositoryIamMember resource. type RepositoryIamMemberArgs struct { Condition RepositoryIamMemberConditionPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -337,6 +437,9 @@ type RepositoryIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput Repository pulumi.StringInput // The role that should be applied. Only one @@ -441,24 +544,23 @@ func (o RepositoryIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RepositoryIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RepositoryIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/sourcerepo/repositoryIamPolicy.go b/sdk/go/gcp/sourcerepo/repositoryIamPolicy.go index 8a6679d43e..9e176bb2ea 100644 --- a/sdk/go/gcp/sourcerepo/repositoryIamPolicy.go +++ b/sdk/go/gcp/sourcerepo/repositoryIamPolicy.go @@ -134,6 +134,114 @@ import ( // ``` // // +// ## google\_pubsub\_topic\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = pubsub.NewTopicIAMPolicy(ctx, "policy", &pubsub.TopicIAMPolicyArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_topic\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewTopicIAMBinding(ctx, "binding", &pubsub.TopicIAMBindingArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_pubsub\_topic\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/pubsub" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := pubsub.NewTopicIAMMember(ctx, "member", &pubsub.TopicIAMMemberArgs{ +// Project: pulumi.Any(example.Project), +// Topic: pulumi.Any(example.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -179,18 +287,6 @@ type RepositoryIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` Repository pulumi.StringOutput `pulumi:"repository"` } @@ -238,18 +334,6 @@ type repositoryIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Repository *string `pulumi:"repository"` } @@ -262,18 +346,6 @@ type RepositoryIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Repository pulumi.StringPtrInput } @@ -288,18 +360,6 @@ type repositoryIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` Repository string `pulumi:"repository"` } @@ -311,18 +371,6 @@ type RepositoryIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput Repository pulumi.StringInput } @@ -427,18 +475,6 @@ func (o RepositoryIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o RepositoryIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *RepositoryIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/spanner/databaseIAMBinding.go b/sdk/go/gcp/spanner/databaseIAMBinding.go index 9587b2421b..fb5dc5205d 100644 --- a/sdk/go/gcp/spanner/databaseIAMBinding.go +++ b/sdk/go/gcp/spanner/databaseIAMBinding.go @@ -256,6 +256,237 @@ import ( // ``` // // +// ## google\_spanner\_database\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = spanner.NewDatabaseIAMPolicy(ctx, "database", &spanner.DatabaseIAMPolicyArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "My Role", +// Description: pulumi.StringRef("Grant permissions on my_role"), +// Expression: "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = spanner.NewDatabaseIAMPolicy(ctx, "database", &spanner.DatabaseIAMPolicyArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_spanner\_database\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewDatabaseIAMBinding(ctx, "database", &spanner.DatabaseIAMBindingArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// Role: pulumi.String("roles/compute.networkUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewDatabaseIAMBinding(ctx, "database", &spanner.DatabaseIAMBindingArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// Role: pulumi.String("roles/compute.networkUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &spanner.DatabaseIAMBindingConditionArgs{ +// Title: pulumi.String("My Role"), +// Description: pulumi.String("Grant permissions on my_role"), +// Expression: pulumi.String("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_spanner\_database\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewDatabaseIAMMember(ctx, "database", &spanner.DatabaseIAMMemberArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// Role: pulumi.String("roles/compute.networkUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewDatabaseIAMMember(ctx, "database", &spanner.DatabaseIAMMemberArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// Role: pulumi.String("roles/compute.networkUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &spanner.DatabaseIAMMemberConditionArgs{ +// Title: pulumi.String("My Role"), +// Description: pulumi.String("Grant permissions on my_role"), +// Expression: pulumi.String("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -292,17 +523,16 @@ type DatabaseIAMBinding struct { // (Computed) The etag of the database's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringOutput `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringOutput `pulumi:"instance"` - Members pulumi.StringArrayOutput `pulumi:"members"` + Members pulumi.StringArrayOutput `pulumi:"members"` // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` @@ -362,17 +592,16 @@ type databaseIAMBindingState struct { // (Computed) The etag of the database's IAM policy. Etag *string `pulumi:"etag"` // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance *string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance *string `pulumi:"instance"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -391,17 +620,16 @@ type DatabaseIAMBindingState struct { // (Computed) The etag of the database's IAM policy. Etag pulumi.StringPtrInput // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringPtrInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -422,17 +650,16 @@ type databaseIAMBindingArgs struct { // The name of the Spanner database. Database string `pulumi:"database"` // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance string `pulumi:"instance"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -450,17 +677,16 @@ type DatabaseIAMBindingArgs struct { // The name of the Spanner database. Database pulumi.StringInput // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -574,19 +800,18 @@ func (o DatabaseIAMBindingOutput) Etag() pulumi.StringOutput { } // The name of the Spanner instance the database belongs to. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DatabaseIAMBindingOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *DatabaseIAMBinding) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DatabaseIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *DatabaseIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/spanner/databaseIAMMember.go b/sdk/go/gcp/spanner/databaseIAMMember.go index 8101830bd9..c3aabde5a0 100644 --- a/sdk/go/gcp/spanner/databaseIAMMember.go +++ b/sdk/go/gcp/spanner/databaseIAMMember.go @@ -256,6 +256,237 @@ import ( // ``` // // +// ## google\_spanner\_database\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = spanner.NewDatabaseIAMPolicy(ctx, "database", &spanner.DatabaseIAMPolicyArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "My Role", +// Description: pulumi.StringRef("Grant permissions on my_role"), +// Expression: "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = spanner.NewDatabaseIAMPolicy(ctx, "database", &spanner.DatabaseIAMPolicyArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_spanner\_database\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewDatabaseIAMBinding(ctx, "database", &spanner.DatabaseIAMBindingArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// Role: pulumi.String("roles/compute.networkUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewDatabaseIAMBinding(ctx, "database", &spanner.DatabaseIAMBindingArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// Role: pulumi.String("roles/compute.networkUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &spanner.DatabaseIAMBindingConditionArgs{ +// Title: pulumi.String("My Role"), +// Description: pulumi.String("Grant permissions on my_role"), +// Expression: pulumi.String("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_spanner\_database\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewDatabaseIAMMember(ctx, "database", &spanner.DatabaseIAMMemberArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// Role: pulumi.String("roles/compute.networkUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewDatabaseIAMMember(ctx, "database", &spanner.DatabaseIAMMemberArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// Role: pulumi.String("roles/compute.networkUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &spanner.DatabaseIAMMemberConditionArgs{ +// Title: pulumi.String("My Role"), +// Description: pulumi.String("Grant permissions on my_role"), +// Expression: pulumi.String("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -292,17 +523,16 @@ type DatabaseIAMMember struct { // (Computed) The etag of the database's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringOutput `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringOutput `pulumi:"instance"` - Member pulumi.StringOutput `pulumi:"member"` + Member pulumi.StringOutput `pulumi:"member"` // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` @@ -362,17 +592,16 @@ type databaseIAMMemberState struct { // (Computed) The etag of the database's IAM policy. Etag *string `pulumi:"etag"` // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance *string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance *string `pulumi:"instance"` - Member *string `pulumi:"member"` + Member *string `pulumi:"member"` // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -391,17 +620,16 @@ type DatabaseIAMMemberState struct { // (Computed) The etag of the database's IAM policy. Etag pulumi.StringPtrInput // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringPtrInput - Member pulumi.StringPtrInput + Member pulumi.StringPtrInput // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -422,17 +650,16 @@ type databaseIAMMemberArgs struct { // The name of the Spanner database. Database string `pulumi:"database"` // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance string `pulumi:"instance"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -450,17 +677,16 @@ type DatabaseIAMMemberArgs struct { // The name of the Spanner database. Database pulumi.StringInput // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringInput - Member pulumi.StringInput + Member pulumi.StringInput // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -574,19 +800,18 @@ func (o DatabaseIAMMemberOutput) Etag() pulumi.StringOutput { } // The name of the Spanner instance the database belongs to. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DatabaseIAMMemberOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *DatabaseIAMMember) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DatabaseIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *DatabaseIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/spanner/databaseIAMPolicy.go b/sdk/go/gcp/spanner/databaseIAMPolicy.go index 75d385d481..6341bb3308 100644 --- a/sdk/go/gcp/spanner/databaseIAMPolicy.go +++ b/sdk/go/gcp/spanner/databaseIAMPolicy.go @@ -256,6 +256,237 @@ import ( // ``` // // +// ## google\_spanner\_database\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = spanner.NewDatabaseIAMPolicy(ctx, "database", &spanner.DatabaseIAMPolicyArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "My Role", +// Description: pulumi.StringRef("Grant permissions on my_role"), +// Expression: "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = spanner.NewDatabaseIAMPolicy(ctx, "database", &spanner.DatabaseIAMPolicyArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_spanner\_database\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewDatabaseIAMBinding(ctx, "database", &spanner.DatabaseIAMBindingArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// Role: pulumi.String("roles/compute.networkUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewDatabaseIAMBinding(ctx, "database", &spanner.DatabaseIAMBindingArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// Role: pulumi.String("roles/compute.networkUser"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &spanner.DatabaseIAMBindingConditionArgs{ +// Title: pulumi.String("My Role"), +// Description: pulumi.String("Grant permissions on my_role"), +// Expression: pulumi.String("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_spanner\_database\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewDatabaseIAMMember(ctx, "database", &spanner.DatabaseIAMMemberArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// Role: pulumi.String("roles/compute.networkUser"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewDatabaseIAMMember(ctx, "database", &spanner.DatabaseIAMMemberArgs{ +// Instance: pulumi.String("your-instance-name"), +// Database: pulumi.String("your-database-name"), +// Role: pulumi.String("roles/compute.networkUser"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &spanner.DatabaseIAMMemberConditionArgs{ +// Title: pulumi.String("My Role"), +// Description: pulumi.String("Grant permissions on my_role"), +// Expression: pulumi.String("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -289,15 +520,6 @@ type DatabaseIAMPolicy struct { // (Computed) The etag of the database's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance pulumi.StringOutput `pulumi:"instance"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -351,15 +573,6 @@ type databaseIAMPolicyState struct { // (Computed) The etag of the database's IAM policy. Etag *string `pulumi:"etag"` // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance *string `pulumi:"instance"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -375,15 +588,6 @@ type DatabaseIAMPolicyState struct { // (Computed) The etag of the database's IAM policy. Etag pulumi.StringPtrInput // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -401,15 +605,6 @@ type databaseIAMPolicyArgs struct { // The name of the Spanner database. Database string `pulumi:"database"` // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance string `pulumi:"instance"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -424,15 +619,6 @@ type DatabaseIAMPolicyArgs struct { // The name of the Spanner database. Database pulumi.StringInput // The name of the Spanner instance the database belongs to. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -540,15 +726,6 @@ func (o DatabaseIAMPolicyOutput) Etag() pulumi.StringOutput { } // The name of the Spanner instance the database belongs to. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o DatabaseIAMPolicyOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *DatabaseIAMPolicy) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/spanner/instanceIAMBinding.go b/sdk/go/gcp/spanner/instanceIAMBinding.go index 9cc6720c00..b2fc7f5239 100644 --- a/sdk/go/gcp/spanner/instanceIAMBinding.go +++ b/sdk/go/gcp/spanner/instanceIAMBinding.go @@ -130,6 +130,111 @@ import ( // ``` // // +// ## google\_spanner\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = spanner.NewInstanceIAMPolicy(ctx, "instance", &spanner.InstanceIAMPolicyArgs{ +// Instance: pulumi.String("your-instance-name"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_spanner\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewInstanceIAMBinding(ctx, "instance", &spanner.InstanceIAMBindingArgs{ +// Instance: pulumi.String("your-instance-name"), +// Role: pulumi.String("roles/spanner.databaseAdmin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_spanner\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewInstanceIAMMember(ctx, "instance", &spanner.InstanceIAMMemberArgs{ +// Instance: pulumi.String("your-instance-name"), +// Role: pulumi.String("roles/spanner.databaseAdmin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -162,17 +267,16 @@ type InstanceIAMBinding struct { // (Computed) The etag of the instance's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringOutput `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringOutput `pulumi:"instance"` - Members pulumi.StringArrayOutput `pulumi:"members"` + Members pulumi.StringArrayOutput `pulumi:"members"` // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` @@ -225,17 +329,16 @@ type instanceIAMBindingState struct { // (Computed) The etag of the instance's IAM policy. Etag *string `pulumi:"etag"` // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance *string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance *string `pulumi:"instance"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -250,17 +353,16 @@ type InstanceIAMBindingState struct { // (Computed) The etag of the instance's IAM policy. Etag pulumi.StringPtrInput // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringPtrInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -277,17 +379,16 @@ func (InstanceIAMBindingState) ElementType() reflect.Type { type instanceIAMBindingArgs struct { Condition *InstanceIAMBindingCondition `pulumi:"condition"` // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance string `pulumi:"instance"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -301,17 +402,16 @@ type instanceIAMBindingArgs struct { type InstanceIAMBindingArgs struct { Condition InstanceIAMBindingConditionPtrInput // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -418,19 +518,18 @@ func (o InstanceIAMBindingOutput) Etag() pulumi.StringOutput { } // The name of the instance. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o InstanceIAMBindingOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIAMBinding) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o InstanceIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *InstanceIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/spanner/instanceIAMMember.go b/sdk/go/gcp/spanner/instanceIAMMember.go index d1e5d44ad1..d6ff2ea6de 100644 --- a/sdk/go/gcp/spanner/instanceIAMMember.go +++ b/sdk/go/gcp/spanner/instanceIAMMember.go @@ -130,6 +130,111 @@ import ( // ``` // // +// ## google\_spanner\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = spanner.NewInstanceIAMPolicy(ctx, "instance", &spanner.InstanceIAMPolicyArgs{ +// Instance: pulumi.String("your-instance-name"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_spanner\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewInstanceIAMBinding(ctx, "instance", &spanner.InstanceIAMBindingArgs{ +// Instance: pulumi.String("your-instance-name"), +// Role: pulumi.String("roles/spanner.databaseAdmin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_spanner\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewInstanceIAMMember(ctx, "instance", &spanner.InstanceIAMMemberArgs{ +// Instance: pulumi.String("your-instance-name"), +// Role: pulumi.String("roles/spanner.databaseAdmin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -162,17 +267,16 @@ type InstanceIAMMember struct { // (Computed) The etag of the instance's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringOutput `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringOutput `pulumi:"instance"` - Member pulumi.StringOutput `pulumi:"member"` + Member pulumi.StringOutput `pulumi:"member"` // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` @@ -225,17 +329,16 @@ type instanceIAMMemberState struct { // (Computed) The etag of the instance's IAM policy. Etag *string `pulumi:"etag"` // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance *string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance *string `pulumi:"instance"` - Member *string `pulumi:"member"` + Member *string `pulumi:"member"` // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -250,17 +353,16 @@ type InstanceIAMMemberState struct { // (Computed) The etag of the instance's IAM policy. Etag pulumi.StringPtrInput // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringPtrInput - Member pulumi.StringPtrInput + Member pulumi.StringPtrInput // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -277,17 +379,16 @@ func (InstanceIAMMemberState) ElementType() reflect.Type { type instanceIAMMemberArgs struct { Condition *InstanceIAMMemberCondition `pulumi:"condition"` // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance string `pulumi:"instance"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance string `pulumi:"instance"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project *string `pulumi:"project"` @@ -301,17 +402,16 @@ type instanceIAMMemberArgs struct { type InstanceIAMMemberArgs struct { Condition InstanceIAMMemberConditionPtrInput // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Instance pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - Instance pulumi.StringInput - Member pulumi.StringInput + Member pulumi.StringInput // The ID of the project in which the resource belongs. If it // is not provided, the provider project is used. Project pulumi.StringPtrInput @@ -418,19 +518,18 @@ func (o InstanceIAMMemberOutput) Etag() pulumi.StringOutput { } // The name of the instance. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o InstanceIAMMemberOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIAMMember) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o InstanceIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/spanner/instanceIAMPolicy.go b/sdk/go/gcp/spanner/instanceIAMPolicy.go index 951c0f83e1..a3f777b7ee 100644 --- a/sdk/go/gcp/spanner/instanceIAMPolicy.go +++ b/sdk/go/gcp/spanner/instanceIAMPolicy.go @@ -130,6 +130,111 @@ import ( // ``` // // +// ## google\_spanner\_instance\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/editor", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = spanner.NewInstanceIAMPolicy(ctx, "instance", &spanner.InstanceIAMPolicyArgs{ +// Instance: pulumi.String("your-instance-name"), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_spanner\_instance\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewInstanceIAMBinding(ctx, "instance", &spanner.InstanceIAMBindingArgs{ +// Instance: pulumi.String("your-instance-name"), +// Role: pulumi.String("roles/spanner.databaseAdmin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_spanner\_instance\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/spanner" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := spanner.NewInstanceIAMMember(ctx, "instance", &spanner.InstanceIAMMemberArgs{ +// Instance: pulumi.String("your-instance-name"), +// Role: pulumi.String("roles/spanner.databaseAdmin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // ### Importing IAM policies @@ -161,15 +266,6 @@ type InstanceIAMPolicy struct { // (Computed) The etag of the instance's IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance pulumi.StringOutput `pulumi:"instance"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -218,15 +314,6 @@ type instanceIAMPolicyState struct { // (Computed) The etag of the instance's IAM policy. Etag *string `pulumi:"etag"` // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance *string `pulumi:"instance"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -240,15 +327,6 @@ type InstanceIAMPolicyState struct { // (Computed) The etag of the instance's IAM policy. Etag pulumi.StringPtrInput // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -264,15 +342,6 @@ func (InstanceIAMPolicyState) ElementType() reflect.Type { type instanceIAMPolicyArgs struct { // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance string `pulumi:"instance"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -285,15 +354,6 @@ type instanceIAMPolicyArgs struct { // The set of arguments for constructing a InstanceIAMPolicy resource. type InstanceIAMPolicyArgs struct { // The name of the instance. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. Instance pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -396,15 +456,6 @@ func (o InstanceIAMPolicyOutput) Etag() pulumi.StringOutput { } // The name of the instance. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. func (o InstanceIAMPolicyOutput) Instance() pulumi.StringOutput { return o.ApplyT(func(v *InstanceIAMPolicy) pulumi.StringOutput { return v.Instance }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/storage/bucketIAMBinding.go b/sdk/go/gcp/storage/bucketIAMBinding.go index 38568aa6c8..5ec3457577 100644 --- a/sdk/go/gcp/storage/bucketIAMBinding.go +++ b/sdk/go/gcp/storage/bucketIAMBinding.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_storage\_bucket\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/storage.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = storage.NewBucketIAMPolicy(ctx, "policy", &storage.BucketIAMPolicyArgs{ +// Bucket: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/storage.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = storage.NewBucketIAMPolicy(ctx, "policy", &storage.BucketIAMPolicyArgs{ +// Bucket: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_storage\_bucket\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := storage.NewBucketIAMBinding(ctx, "binding", &storage.BucketIAMBindingArgs{ +// Bucket: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/storage.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := storage.NewBucketIAMBinding(ctx, "binding", &storage.BucketIAMBindingArgs{ +// Bucket: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/storage.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &storage.BucketIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_storage\_bucket\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := storage.NewBucketIAMMember(ctx, "member", &storage.BucketIAMMemberArgs{ +// Bucket: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/storage.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := storage.NewBucketIAMMember(ctx, "member", &storage.BucketIAMMemberArgs{ +// Bucket: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/storage.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &storage.BucketIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -288,9 +511,14 @@ type BucketIAMBinding struct { pulumi.CustomResourceState // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Bucket pulumi.StringOutput `pulumi:"bucket"` + // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + // Structure is documented below. + Condition BucketIAMBindingConditionPtrOutput `pulumi:"condition"` + // (Computed) The etag of the IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -300,12 +528,6 @@ type BucketIAMBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Bucket pulumi.StringOutput `pulumi:"bucket"` - // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - // Structure is documented below. - Condition BucketIAMBindingConditionPtrOutput `pulumi:"condition"` - // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format @@ -353,9 +575,14 @@ func GetBucketIAMBinding(ctx *pulumi.Context, // Input properties used for looking up and filtering BucketIAMBinding resources. type bucketIAMBindingState struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Bucket *string `pulumi:"bucket"` + // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + // Structure is documented below. + Condition *BucketIAMBindingCondition `pulumi:"condition"` + // (Computed) The etag of the IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -365,12 +592,6 @@ type bucketIAMBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Bucket *string `pulumi:"bucket"` - // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - // Structure is documented below. - Condition *BucketIAMBindingCondition `pulumi:"condition"` - // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` Members []string `pulumi:"members"` // The role that should be applied. Only one // `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format @@ -380,9 +601,14 @@ type bucketIAMBindingState struct { type BucketIAMBindingState struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Bucket pulumi.StringPtrInput + // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + // Structure is documented below. + Condition BucketIAMBindingConditionPtrInput + // (Computed) The etag of the IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -392,12 +618,6 @@ type BucketIAMBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Bucket pulumi.StringPtrInput - // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - // Structure is documented below. - Condition BucketIAMBindingConditionPtrInput - // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput Members pulumi.StringArrayInput // The role that should be applied. Only one // `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format @@ -411,9 +631,12 @@ func (BucketIAMBindingState) ElementType() reflect.Type { type bucketIAMBindingArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Bucket string `pulumi:"bucket"` + // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + // Structure is documented below. + Condition *BucketIAMBindingCondition `pulumi:"condition"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -423,11 +646,7 @@ type bucketIAMBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Bucket string `pulumi:"bucket"` - // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - // Structure is documented below. - Condition *BucketIAMBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Only one // `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -437,9 +656,12 @@ type bucketIAMBindingArgs struct { // The set of arguments for constructing a BucketIAMBinding resource. type BucketIAMBindingArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Bucket pulumi.StringInput + // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + // Structure is documented below. + Condition BucketIAMBindingConditionPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -449,11 +671,7 @@ type BucketIAMBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Bucket pulumi.StringInput - // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - // Structure is documented below. - Condition BucketIAMBindingConditionPtrInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Only one // `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -548,18 +766,6 @@ func (o BucketIAMBindingOutput) ToBucketIAMBindingOutputWithContext(ctx context. } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BucketIAMBindingOutput) Bucket() pulumi.StringOutput { return o.ApplyT(func(v *BucketIAMBinding) pulumi.StringOutput { return v.Bucket }).(pulumi.StringOutput) } @@ -575,6 +781,17 @@ func (o BucketIAMBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *BucketIAMBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BucketIAMBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *BucketIAMBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/storage/bucketIAMMember.go b/sdk/go/gcp/storage/bucketIAMMember.go index c1a860b852..198735604e 100644 --- a/sdk/go/gcp/storage/bucketIAMMember.go +++ b/sdk/go/gcp/storage/bucketIAMMember.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_storage\_bucket\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/storage.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = storage.NewBucketIAMPolicy(ctx, "policy", &storage.BucketIAMPolicyArgs{ +// Bucket: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/storage.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = storage.NewBucketIAMPolicy(ctx, "policy", &storage.BucketIAMPolicyArgs{ +// Bucket: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_storage\_bucket\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := storage.NewBucketIAMBinding(ctx, "binding", &storage.BucketIAMBindingArgs{ +// Bucket: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/storage.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := storage.NewBucketIAMBinding(ctx, "binding", &storage.BucketIAMBindingArgs{ +// Bucket: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/storage.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &storage.BucketIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_storage\_bucket\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := storage.NewBucketIAMMember(ctx, "member", &storage.BucketIAMMemberArgs{ +// Bucket: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/storage.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := storage.NewBucketIAMMember(ctx, "member", &storage.BucketIAMMemberArgs{ +// Bucket: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/storage.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &storage.BucketIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -288,9 +511,14 @@ type BucketIAMMember struct { pulumi.CustomResourceState // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Bucket pulumi.StringOutput `pulumi:"bucket"` + // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + // Structure is documented below. + Condition BucketIAMMemberConditionPtrOutput `pulumi:"condition"` + // (Computed) The etag of the IAM policy. + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -300,12 +528,6 @@ type BucketIAMMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Bucket pulumi.StringOutput `pulumi:"bucket"` - // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - // Structure is documented below. - Condition BucketIAMMemberConditionPtrOutput `pulumi:"condition"` - // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format @@ -353,9 +575,14 @@ func GetBucketIAMMember(ctx *pulumi.Context, // Input properties used for looking up and filtering BucketIAMMember resources. type bucketIAMMemberState struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Bucket *string `pulumi:"bucket"` + // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + // Structure is documented below. + Condition *BucketIAMMemberCondition `pulumi:"condition"` + // (Computed) The etag of the IAM policy. + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -365,12 +592,6 @@ type bucketIAMMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Bucket *string `pulumi:"bucket"` - // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - // Structure is documented below. - Condition *BucketIAMMemberCondition `pulumi:"condition"` - // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` Member *string `pulumi:"member"` // The role that should be applied. Only one // `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format @@ -380,9 +601,14 @@ type bucketIAMMemberState struct { type BucketIAMMemberState struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Bucket pulumi.StringPtrInput + // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + // Structure is documented below. + Condition BucketIAMMemberConditionPtrInput + // (Computed) The etag of the IAM policy. + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -392,12 +618,6 @@ type BucketIAMMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Bucket pulumi.StringPtrInput - // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - // Structure is documented below. - Condition BucketIAMMemberConditionPtrInput - // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput Member pulumi.StringPtrInput // The role that should be applied. Only one // `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format @@ -411,9 +631,12 @@ func (BucketIAMMemberState) ElementType() reflect.Type { type bucketIAMMemberArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Bucket string `pulumi:"bucket"` + // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + // Structure is documented below. + Condition *BucketIAMMemberCondition `pulumi:"condition"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -423,11 +646,7 @@ type bucketIAMMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Bucket string `pulumi:"bucket"` - // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - // Structure is documented below. - Condition *BucketIAMMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The role that should be applied. Only one // `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -437,9 +656,12 @@ type bucketIAMMemberArgs struct { // The set of arguments for constructing a BucketIAMMember resource. type BucketIAMMemberArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Bucket pulumi.StringInput + // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + // Structure is documented below. + Condition BucketIAMMemberConditionPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -449,11 +671,7 @@ type BucketIAMMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Bucket pulumi.StringInput - // An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - // Structure is documented below. - Condition BucketIAMMemberConditionPtrInput - Member pulumi.StringInput + Member pulumi.StringInput // The role that should be applied. Only one // `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -548,18 +766,6 @@ func (o BucketIAMMemberOutput) ToBucketIAMMemberOutputWithContext(ctx context.Co } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BucketIAMMemberOutput) Bucket() pulumi.StringOutput { return o.ApplyT(func(v *BucketIAMMember) pulumi.StringOutput { return v.Bucket }).(pulumi.StringOutput) } @@ -575,6 +781,17 @@ func (o BucketIAMMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *BucketIAMMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BucketIAMMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *BucketIAMMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/storage/bucketIAMPolicy.go b/sdk/go/gcp/storage/bucketIAMPolicy.go index 8460bff127..10f8ebe137 100644 --- a/sdk/go/gcp/storage/bucketIAMPolicy.go +++ b/sdk/go/gcp/storage/bucketIAMPolicy.go @@ -251,6 +251,229 @@ import ( // ``` // // +// ## google\_storage\_bucket\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/storage.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = storage.NewBucketIAMPolicy(ctx, "policy", &storage.BucketIAMPolicyArgs{ +// Bucket: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/storage.admin", +// Members: []string{ +// "user:jane@example.com", +// }, +// Condition: { +// Title: "expires_after_2019_12_31", +// Description: pulumi.StringRef("Expiring at midnight of 2019-12-31"), +// Expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = storage.NewBucketIAMPolicy(ctx, "policy", &storage.BucketIAMPolicyArgs{ +// Bucket: pulumi.Any(_default.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_storage\_bucket\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := storage.NewBucketIAMBinding(ctx, "binding", &storage.BucketIAMBindingArgs{ +// Bucket: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/storage.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := storage.NewBucketIAMBinding(ctx, "binding", &storage.BucketIAMBindingArgs{ +// Bucket: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/storage.admin"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// Condition: &storage.BucketIAMBindingConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// ## google\_storage\_bucket\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := storage.NewBucketIAMMember(ctx, "member", &storage.BucketIAMMemberArgs{ +// Bucket: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/storage.admin"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// With IAM Conditions: +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/storage" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := storage.NewBucketIAMMember(ctx, "member", &storage.BucketIAMMemberArgs{ +// Bucket: pulumi.Any(_default.Name), +// Role: pulumi.String("roles/storage.admin"), +// Member: pulumi.String("user:jane@example.com"), +// Condition: &storage.BucketIAMMemberConditionArgs{ +// Title: pulumi.String("expires_after_2019_12_31"), +// Description: pulumi.String("Expiring at midnight of 2019-12-31"), +// Expression: pulumi.String("request.time < timestamp(\"2020-01-01T00:00:00Z\")"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -288,18 +511,6 @@ type BucketIAMPolicy struct { pulumi.CustomResourceState // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Bucket pulumi.StringOutput `pulumi:"bucket"` // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` @@ -345,18 +556,6 @@ func GetBucketIAMPolicy(ctx *pulumi.Context, // Input properties used for looking up and filtering BucketIAMPolicy resources. type bucketIAMPolicyState struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Bucket *string `pulumi:"bucket"` // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` @@ -367,18 +566,6 @@ type bucketIAMPolicyState struct { type BucketIAMPolicyState struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Bucket pulumi.StringPtrInput // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput @@ -393,18 +580,6 @@ func (BucketIAMPolicyState) ElementType() reflect.Type { type bucketIAMPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Bucket string `pulumi:"bucket"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -414,18 +589,6 @@ type bucketIAMPolicyArgs struct { // The set of arguments for constructing a BucketIAMPolicy resource. type BucketIAMPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Bucket pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -520,18 +683,6 @@ func (o BucketIAMPolicyOutput) ToBucketIAMPolicyOutputWithContext(ctx context.Co } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o BucketIAMPolicyOutput) Bucket() pulumi.StringOutput { return o.ApplyT(func(v *BucketIAMPolicy) pulumi.StringOutput { return v.Bucket }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/tags/tagKeyIamBinding.go b/sdk/go/gcp/tags/tagKeyIamBinding.go index ad23bf38ef..97a6e4bd41 100644 --- a/sdk/go/gcp/tags/tagKeyIamBinding.go +++ b/sdk/go/gcp/tags/tagKeyIamBinding.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_tags\_tag\_key\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = tags.NewTagKeyIamPolicy(ctx, "policy", &tags.TagKeyIamPolicyArgs{ +// TagKey: pulumi.Any(key.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_tags\_tag\_key\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := tags.NewTagKeyIamBinding(ctx, "binding", &tags.TagKeyIamBindingArgs{ +// TagKey: pulumi.Any(key.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_tags\_tag\_key\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := tags.NewTagKeyIamMember(ctx, "member", &tags.TagKeyIamMemberArgs{ +// TagKey: pulumi.Any(key.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,16 +274,9 @@ type TagKeyIamBinding struct { Condition TagKeyIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The role that should be applied. Only one - // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringOutput `pulumi:"role"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -188,6 +286,12 @@ type TagKeyIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The role that should be applied. Only one + // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringOutput `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to TagKey pulumi.StringOutput `pulumi:"tagKey"` } @@ -232,16 +336,9 @@ func GetTagKeyIamBinding(ctx *pulumi.Context, type tagKeyIamBindingState struct { Condition *TagKeyIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The role that should be applied. Only one - // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role *string `pulumi:"role"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -251,22 +348,21 @@ type tagKeyIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The role that should be applied. Only one + // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role *string `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to TagKey *string `pulumi:"tagKey"` } type TagKeyIamBindingState struct { Condition TagKeyIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The role that should be applied. Only one - // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -276,6 +372,12 @@ type TagKeyIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The role that should be applied. Only one + // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to TagKey pulumi.StringPtrInput } @@ -285,15 +387,8 @@ func (TagKeyIamBindingState) ElementType() reflect.Type { type tagKeyIamBindingArgs struct { Condition *TagKeyIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The role that should be applied. Only one - // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role string `pulumi:"role"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -303,21 +398,20 @@ type tagKeyIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The role that should be applied. Only one + // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role string `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to TagKey string `pulumi:"tagKey"` } // The set of arguments for constructing a TagKeyIamBinding resource. type TagKeyIamBindingArgs struct { Condition TagKeyIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The role that should be applied. Only one - // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -327,6 +421,12 @@ type TagKeyIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The role that should be applied. Only one + // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to TagKey pulumi.StringInput } @@ -426,6 +526,17 @@ func (o TagKeyIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TagKeyIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagKeyIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *TagKeyIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -438,18 +549,6 @@ func (o TagKeyIamBindingOutput) Role() pulumi.StringOutput { } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagKeyIamBindingOutput) TagKey() pulumi.StringOutput { return o.ApplyT(func(v *TagKeyIamBinding) pulumi.StringOutput { return v.TagKey }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/tags/tagKeyIamMember.go b/sdk/go/gcp/tags/tagKeyIamMember.go index fafe964e2d..0012835edf 100644 --- a/sdk/go/gcp/tags/tagKeyIamMember.go +++ b/sdk/go/gcp/tags/tagKeyIamMember.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_tags\_tag\_key\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = tags.NewTagKeyIamPolicy(ctx, "policy", &tags.TagKeyIamPolicyArgs{ +// TagKey: pulumi.Any(key.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_tags\_tag\_key\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := tags.NewTagKeyIamBinding(ctx, "binding", &tags.TagKeyIamBindingArgs{ +// TagKey: pulumi.Any(key.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_tags\_tag\_key\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := tags.NewTagKeyIamMember(ctx, "member", &tags.TagKeyIamMemberArgs{ +// TagKey: pulumi.Any(key.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,16 +274,9 @@ type TagKeyIamMember struct { Condition TagKeyIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The role that should be applied. Only one - // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringOutput `pulumi:"role"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -188,6 +286,12 @@ type TagKeyIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The role that should be applied. Only one + // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringOutput `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to TagKey pulumi.StringOutput `pulumi:"tagKey"` } @@ -232,16 +336,9 @@ func GetTagKeyIamMember(ctx *pulumi.Context, type tagKeyIamMemberState struct { Condition *TagKeyIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The role that should be applied. Only one - // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role *string `pulumi:"role"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -251,22 +348,21 @@ type tagKeyIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The role that should be applied. Only one + // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role *string `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to TagKey *string `pulumi:"tagKey"` } type TagKeyIamMemberState struct { Condition TagKeyIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The role that should be applied. Only one - // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -276,6 +372,12 @@ type TagKeyIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The role that should be applied. Only one + // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to TagKey pulumi.StringPtrInput } @@ -285,15 +387,8 @@ func (TagKeyIamMemberState) ElementType() reflect.Type { type tagKeyIamMemberArgs struct { Condition *TagKeyIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The role that should be applied. Only one - // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role string `pulumi:"role"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -303,21 +398,20 @@ type tagKeyIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The role that should be applied. Only one + // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role string `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to TagKey string `pulumi:"tagKey"` } // The set of arguments for constructing a TagKeyIamMember resource. type TagKeyIamMemberArgs struct { Condition TagKeyIamMemberConditionPtrInput - Member pulumi.StringInput - // The role that should be applied. Only one - // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -327,6 +421,12 @@ type TagKeyIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The role that should be applied. Only one + // `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to TagKey pulumi.StringInput } @@ -426,6 +526,17 @@ func (o TagKeyIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TagKeyIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagKeyIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *TagKeyIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -438,18 +549,6 @@ func (o TagKeyIamMemberOutput) Role() pulumi.StringOutput { } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagKeyIamMemberOutput) TagKey() pulumi.StringOutput { return o.ApplyT(func(v *TagKeyIamMember) pulumi.StringOutput { return v.TagKey }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/tags/tagKeyIamPolicy.go b/sdk/go/gcp/tags/tagKeyIamPolicy.go index 1f26a73e69..bb42755b58 100644 --- a/sdk/go/gcp/tags/tagKeyIamPolicy.go +++ b/sdk/go/gcp/tags/tagKeyIamPolicy.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_tags\_tag\_key\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = tags.NewTagKeyIamPolicy(ctx, "policy", &tags.TagKeyIamPolicyArgs{ +// TagKey: pulumi.Any(key.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_tags\_tag\_key\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := tags.NewTagKeyIamBinding(ctx, "binding", &tags.TagKeyIamBindingArgs{ +// TagKey: pulumi.Any(key.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_tags\_tag\_key\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := tags.NewTagKeyIamMember(ctx, "member", &tags.TagKeyIamMemberArgs{ +// TagKey: pulumi.Any(key.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -173,18 +278,6 @@ type TagKeyIamPolicy struct { // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" TagKey pulumi.StringOutput `pulumi:"tagKey"` } @@ -230,18 +323,6 @@ type tagKeyIamPolicyState struct { // a `organizations.getIAMPolicy` data source. PolicyData *string `pulumi:"policyData"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" TagKey *string `pulumi:"tagKey"` } @@ -252,18 +333,6 @@ type TagKeyIamPolicyState struct { // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" TagKey pulumi.StringPtrInput } @@ -276,18 +345,6 @@ type tagKeyIamPolicyArgs struct { // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" TagKey string `pulumi:"tagKey"` } @@ -297,18 +354,6 @@ type TagKeyIamPolicyArgs struct { // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" TagKey pulumi.StringInput } @@ -411,18 +456,6 @@ func (o TagKeyIamPolicyOutput) PolicyData() pulumi.StringOutput { } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagKeyIamPolicyOutput) TagKey() pulumi.StringOutput { return o.ApplyT(func(v *TagKeyIamPolicy) pulumi.StringOutput { return v.TagKey }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/tags/tagValueIamBinding.go b/sdk/go/gcp/tags/tagValueIamBinding.go index f9136a289b..412f168e3e 100644 --- a/sdk/go/gcp/tags/tagValueIamBinding.go +++ b/sdk/go/gcp/tags/tagValueIamBinding.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_tags\_tag\_value\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = tags.NewTagValueIamPolicy(ctx, "policy", &tags.TagValueIamPolicyArgs{ +// TagValue: pulumi.Any(value.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_tags\_tag\_value\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := tags.NewTagValueIamBinding(ctx, "binding", &tags.TagValueIamBindingArgs{ +// TagValue: pulumi.Any(value.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_tags\_tag\_value\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := tags.NewTagValueIamMember(ctx, "member", &tags.TagValueIamMemberArgs{ +// TagValue: pulumi.Any(value.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,16 +274,9 @@ type TagValueIamBinding struct { Condition TagValueIamBindingConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The role that should be applied. Only one - // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringOutput `pulumi:"role"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -188,6 +286,12 @@ type TagValueIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The role that should be applied. Only one + // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringOutput `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to TagValue pulumi.StringOutput `pulumi:"tagValue"` } @@ -232,16 +336,9 @@ func GetTagValueIamBinding(ctx *pulumi.Context, type tagValueIamBindingState struct { Condition *TagValueIamBindingCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Members []string `pulumi:"members"` - // The role that should be applied. Only one - // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role *string `pulumi:"role"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -251,22 +348,21 @@ type tagValueIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The role that should be applied. Only one + // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role *string `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to TagValue *string `pulumi:"tagValue"` } type TagValueIamBindingState struct { Condition TagValueIamBindingConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The role that should be applied. Only one - // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -276,6 +372,12 @@ type TagValueIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The role that should be applied. Only one + // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to TagValue pulumi.StringPtrInput } @@ -285,15 +387,8 @@ func (TagValueIamBindingState) ElementType() reflect.Type { type tagValueIamBindingArgs struct { Condition *TagValueIamBindingCondition `pulumi:"condition"` - Members []string `pulumi:"members"` - // The role that should be applied. Only one - // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role string `pulumi:"role"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -303,21 +398,20 @@ type tagValueIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The role that should be applied. Only one + // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role string `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to TagValue string `pulumi:"tagValue"` } // The set of arguments for constructing a TagValueIamBinding resource. type TagValueIamBindingArgs struct { Condition TagValueIamBindingConditionPtrInput - Members pulumi.StringArrayInput - // The role that should be applied. Only one - // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -327,6 +421,12 @@ type TagValueIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The role that should be applied. Only one + // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to TagValue pulumi.StringInput } @@ -426,6 +526,17 @@ func (o TagValueIamBindingOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TagValueIamBinding) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagValueIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *TagValueIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } @@ -438,18 +549,6 @@ func (o TagValueIamBindingOutput) Role() pulumi.StringOutput { } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagValueIamBindingOutput) TagValue() pulumi.StringOutput { return o.ApplyT(func(v *TagValueIamBinding) pulumi.StringOutput { return v.TagValue }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/tags/tagValueIamMember.go b/sdk/go/gcp/tags/tagValueIamMember.go index 9468703292..a789cb6b44 100644 --- a/sdk/go/gcp/tags/tagValueIamMember.go +++ b/sdk/go/gcp/tags/tagValueIamMember.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_tags\_tag\_value\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = tags.NewTagValueIamPolicy(ctx, "policy", &tags.TagValueIamPolicyArgs{ +// TagValue: pulumi.Any(value.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_tags\_tag\_value\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := tags.NewTagValueIamBinding(ctx, "binding", &tags.TagValueIamBindingArgs{ +// TagValue: pulumi.Any(value.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_tags\_tag\_value\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := tags.NewTagValueIamMember(ctx, "member", &tags.TagValueIamMemberArgs{ +// TagValue: pulumi.Any(value.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,16 +274,9 @@ type TagValueIamMember struct { Condition TagValueIamMemberConditionPtrOutput `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag pulumi.StringOutput `pulumi:"etag"` - Member pulumi.StringOutput `pulumi:"member"` - // The role that should be applied. Only one - // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringOutput `pulumi:"role"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringOutput `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -188,6 +286,12 @@ type TagValueIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The role that should be applied. Only one + // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringOutput `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to TagValue pulumi.StringOutput `pulumi:"tagValue"` } @@ -232,16 +336,9 @@ func GetTagValueIamMember(ctx *pulumi.Context, type tagValueIamMemberState struct { Condition *TagValueIamMemberCondition `pulumi:"condition"` // (Computed) The etag of the IAM policy. - Etag *string `pulumi:"etag"` - Member *string `pulumi:"member"` - // The role that should be applied. Only one - // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role *string `pulumi:"role"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag *string `pulumi:"etag"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -251,22 +348,21 @@ type tagValueIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The role that should be applied. Only one + // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role *string `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to TagValue *string `pulumi:"tagValue"` } type TagValueIamMemberState struct { Condition TagValueIamMemberConditionPtrInput // (Computed) The etag of the IAM policy. - Etag pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The role that should be applied. Only one - // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringPtrInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Etag pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -276,6 +372,12 @@ type TagValueIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The role that should be applied. Only one + // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringPtrInput + // Used to find the parent resource to bind the IAM policy to TagValue pulumi.StringPtrInput } @@ -285,15 +387,8 @@ func (TagValueIamMemberState) ElementType() reflect.Type { type tagValueIamMemberArgs struct { Condition *TagValueIamMemberCondition `pulumi:"condition"` - Member string `pulumi:"member"` - // The role that should be applied. Only one - // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role string `pulumi:"role"` - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -303,21 +398,20 @@ type tagValueIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The role that should be applied. Only one + // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role string `pulumi:"role"` + // Used to find the parent resource to bind the IAM policy to TagValue string `pulumi:"tagValue"` } // The set of arguments for constructing a TagValueIamMember resource. type TagValueIamMemberArgs struct { Condition TagValueIamMemberConditionPtrInput - Member pulumi.StringInput - // The role that should be applied. Only one - // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - // `[projects|organizations]/{parent-name}/roles/{role-name}`. - Role pulumi.StringInput - // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -327,6 +421,12 @@ type TagValueIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The role that should be applied. Only one + // `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + // `[projects|organizations]/{parent-name}/roles/{role-name}`. + Role pulumi.StringInput + // Used to find the parent resource to bind the IAM policy to TagValue pulumi.StringInput } @@ -426,6 +526,17 @@ func (o TagValueIamMemberOutput) Etag() pulumi.StringOutput { return o.ApplyT(func(v *TagValueIamMember) pulumi.StringOutput { return v.Etag }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagValueIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *TagValueIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } @@ -438,18 +549,6 @@ func (o TagValueIamMemberOutput) Role() pulumi.StringOutput { } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagValueIamMemberOutput) TagValue() pulumi.StringOutput { return o.ApplyT(func(v *TagValueIamMember) pulumi.StringOutput { return v.TagValue }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/tags/tagValueIamPolicy.go b/sdk/go/gcp/tags/tagValueIamPolicy.go index c86c0ddd71..879cf7be78 100644 --- a/sdk/go/gcp/tags/tagValueIamPolicy.go +++ b/sdk/go/gcp/tags/tagValueIamPolicy.go @@ -131,6 +131,111 @@ import ( // ``` // // +// ## google\_tags\_tag\_value\_iam\_policy +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations" +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{ +// Bindings: []organizations.GetIAMPolicyBinding{ +// { +// Role: "roles/viewer", +// Members: []string{ +// "user:jane@example.com", +// }, +// }, +// }, +// }, nil) +// if err != nil { +// return err +// } +// _, err = tags.NewTagValueIamPolicy(ctx, "policy", &tags.TagValueIamPolicyArgs{ +// TagValue: pulumi.Any(value.Name), +// PolicyData: pulumi.String(admin.PolicyData), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_tags\_tag\_value\_iam\_binding +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := tags.NewTagValueIamBinding(ctx, "binding", &tags.TagValueIamBindingArgs{ +// TagValue: pulumi.Any(value.Name), +// Role: pulumi.String("roles/viewer"), +// Members: pulumi.StringArray{ +// pulumi.String("user:jane@example.com"), +// }, +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// +// ## google\_tags\_tag\_value\_iam\_member +// +// +// ```go +// package main +// +// import ( +// +// "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/tags" +// "github.com/pulumi/pulumi/sdk/v3/go/pulumi" +// +// ) +// +// func main() { +// pulumi.Run(func(ctx *pulumi.Context) error { +// _, err := tags.NewTagValueIamMember(ctx, "member", &tags.TagValueIamMemberArgs{ +// TagValue: pulumi.Any(value.Name), +// Role: pulumi.String("roles/viewer"), +// Member: pulumi.String("user:jane@example.com"), +// }) +// if err != nil { +// return err +// } +// return nil +// }) +// } +// +// ``` +// +// // ## Import // // For all import syntaxes, the "resource in question" can take any of the following forms: @@ -173,18 +278,6 @@ type TagValueIamPolicy struct { // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringOutput `pulumi:"policyData"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" TagValue pulumi.StringOutput `pulumi:"tagValue"` } @@ -230,18 +323,6 @@ type tagValueIamPolicyState struct { // a `organizations.getIAMPolicy` data source. PolicyData *string `pulumi:"policyData"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" TagValue *string `pulumi:"tagValue"` } @@ -252,18 +333,6 @@ type TagValueIamPolicyState struct { // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" TagValue pulumi.StringPtrInput } @@ -276,18 +345,6 @@ type tagValueIamPolicyArgs struct { // a `organizations.getIAMPolicy` data source. PolicyData string `pulumi:"policyData"` // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" TagValue string `pulumi:"tagValue"` } @@ -297,18 +354,6 @@ type TagValueIamPolicyArgs struct { // a `organizations.getIAMPolicy` data source. PolicyData pulumi.StringInput // Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" TagValue pulumi.StringInput } @@ -411,18 +456,6 @@ func (o TagValueIamPolicyOutput) PolicyData() pulumi.StringOutput { } // Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o TagValueIamPolicyOutput) TagValue() pulumi.StringOutput { return o.ApplyT(func(v *TagValueIamPolicy) pulumi.StringOutput { return v.TagValue }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/vertex/aiFeatureStoreEntityTypeIamBinding.go b/sdk/go/gcp/vertex/aiFeatureStoreEntityTypeIamBinding.go index f65a39cfa6..2617fd6007 100644 --- a/sdk/go/gcp/vertex/aiFeatureStoreEntityTypeIamBinding.go +++ b/sdk/go/gcp/vertex/aiFeatureStoreEntityTypeIamBinding.go @@ -54,9 +54,9 @@ type AiFeatureStoreEntityTypeIamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore pulumi.StringOutput `pulumi:"featurestore"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -66,8 +66,7 @@ type AiFeatureStoreEntityTypeIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Featurestore pulumi.StringOutput `pulumi:"featurestore"` - Members pulumi.StringArrayOutput `pulumi:"members"` + Members pulumi.StringArrayOutput `pulumi:"members"` // The role that should be applied. Only one // `vertex.AiFeatureStoreEntityTypeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -122,9 +121,9 @@ type aiFeatureStoreEntityTypeIamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore *string `pulumi:"featurestore"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -134,8 +133,7 @@ type aiFeatureStoreEntityTypeIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Featurestore *string `pulumi:"featurestore"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Only one // `vertex.AiFeatureStoreEntityTypeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -149,9 +147,9 @@ type AiFeatureStoreEntityTypeIamBindingState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -161,8 +159,7 @@ type AiFeatureStoreEntityTypeIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Featurestore pulumi.StringPtrInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Only one // `vertex.AiFeatureStoreEntityTypeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -178,9 +175,9 @@ type aiFeatureStoreEntityTypeIamBindingArgs struct { // Used to find the parent resource to bind the IAM policy to Entitytype string `pulumi:"entitytype"` // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore string `pulumi:"featurestore"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,8 +187,7 @@ type aiFeatureStoreEntityTypeIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Featurestore string `pulumi:"featurestore"` - Members []string `pulumi:"members"` + Members []string `pulumi:"members"` // The role that should be applied. Only one // `vertex.AiFeatureStoreEntityTypeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -204,9 +200,9 @@ type AiFeatureStoreEntityTypeIamBindingArgs struct { // Used to find the parent resource to bind the IAM policy to Entitytype pulumi.StringInput // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,8 +212,7 @@ type AiFeatureStoreEntityTypeIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Featurestore pulumi.StringInput - Members pulumi.StringArrayInput + Members pulumi.StringArrayInput // The role that should be applied. Only one // `vertex.AiFeatureStoreEntityTypeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -328,22 +323,21 @@ func (o AiFeatureStoreEntityTypeIamBindingOutput) Etag() pulumi.StringOutput { } // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AiFeatureStoreEntityTypeIamBindingOutput) Featurestore() pulumi.StringOutput { return o.ApplyT(func(v *AiFeatureStoreEntityTypeIamBinding) pulumi.StringOutput { return v.Featurestore }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AiFeatureStoreEntityTypeIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *AiFeatureStoreEntityTypeIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } diff --git a/sdk/go/gcp/vertex/aiFeatureStoreEntityTypeIamMember.go b/sdk/go/gcp/vertex/aiFeatureStoreEntityTypeIamMember.go index f7c2c98d74..94d85390ac 100644 --- a/sdk/go/gcp/vertex/aiFeatureStoreEntityTypeIamMember.go +++ b/sdk/go/gcp/vertex/aiFeatureStoreEntityTypeIamMember.go @@ -54,9 +54,9 @@ type AiFeatureStoreEntityTypeIamMember struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore pulumi.StringOutput `pulumi:"featurestore"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -66,8 +66,7 @@ type AiFeatureStoreEntityTypeIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Featurestore pulumi.StringOutput `pulumi:"featurestore"` - Member pulumi.StringOutput `pulumi:"member"` + Member pulumi.StringOutput `pulumi:"member"` // The role that should be applied. Only one // `vertex.AiFeatureStoreEntityTypeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -122,9 +121,9 @@ type aiFeatureStoreEntityTypeIamMemberState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore *string `pulumi:"featurestore"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -134,8 +133,7 @@ type aiFeatureStoreEntityTypeIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Featurestore *string `pulumi:"featurestore"` - Member *string `pulumi:"member"` + Member *string `pulumi:"member"` // The role that should be applied. Only one // `vertex.AiFeatureStoreEntityTypeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -149,9 +147,9 @@ type AiFeatureStoreEntityTypeIamMemberState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore pulumi.StringPtrInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -161,8 +159,7 @@ type AiFeatureStoreEntityTypeIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Featurestore pulumi.StringPtrInput - Member pulumi.StringPtrInput + Member pulumi.StringPtrInput // The role that should be applied. Only one // `vertex.AiFeatureStoreEntityTypeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -178,9 +175,9 @@ type aiFeatureStoreEntityTypeIamMemberArgs struct { // Used to find the parent resource to bind the IAM policy to Entitytype string `pulumi:"entitytype"` // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore string `pulumi:"featurestore"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,8 +187,7 @@ type aiFeatureStoreEntityTypeIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Featurestore string `pulumi:"featurestore"` - Member string `pulumi:"member"` + Member string `pulumi:"member"` // The role that should be applied. Only one // `vertex.AiFeatureStoreEntityTypeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -204,9 +200,9 @@ type AiFeatureStoreEntityTypeIamMemberArgs struct { // Used to find the parent resource to bind the IAM policy to Entitytype pulumi.StringInput // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore pulumi.StringInput + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,8 +212,7 @@ type AiFeatureStoreEntityTypeIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - Featurestore pulumi.StringInput - Member pulumi.StringInput + Member pulumi.StringInput // The role that should be applied. Only one // `vertex.AiFeatureStoreEntityTypeIamBinding` can be used per role. Note that custom roles must be of the format // `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -328,22 +323,21 @@ func (o AiFeatureStoreEntityTypeIamMemberOutput) Etag() pulumi.StringOutput { } // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AiFeatureStoreEntityTypeIamMemberOutput) Featurestore() pulumi.StringOutput { return o.ApplyT(func(v *AiFeatureStoreEntityTypeIamMember) pulumi.StringOutput { return v.Featurestore }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AiFeatureStoreEntityTypeIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *AiFeatureStoreEntityTypeIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/vertex/aiFeatureStoreEntityTypeIamPolicy.go b/sdk/go/gcp/vertex/aiFeatureStoreEntityTypeIamPolicy.go index 9e0bc3c112..ca478b95f4 100644 --- a/sdk/go/gcp/vertex/aiFeatureStoreEntityTypeIamPolicy.go +++ b/sdk/go/gcp/vertex/aiFeatureStoreEntityTypeIamPolicy.go @@ -53,18 +53,6 @@ type AiFeatureStoreEntityTypeIamPolicy struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Featurestore pulumi.StringOutput `pulumi:"featurestore"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -115,18 +103,6 @@ type aiFeatureStoreEntityTypeIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Featurestore *string `pulumi:"featurestore"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -139,18 +115,6 @@ type AiFeatureStoreEntityTypeIamPolicyState struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringPtrInput // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Featurestore pulumi.StringPtrInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -165,18 +129,6 @@ type aiFeatureStoreEntityTypeIamPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to Entitytype string `pulumi:"entitytype"` // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Featurestore string `pulumi:"featurestore"` // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -188,18 +140,6 @@ type AiFeatureStoreEntityTypeIamPolicyArgs struct { // Used to find the parent resource to bind the IAM policy to Entitytype pulumi.StringInput // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Featurestore pulumi.StringInput // The policy data generated by // a `organizations.getIAMPolicy` data source. @@ -304,18 +244,6 @@ func (o AiFeatureStoreEntityTypeIamPolicyOutput) Etag() pulumi.StringOutput { } // The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AiFeatureStoreEntityTypeIamPolicyOutput) Featurestore() pulumi.StringOutput { return o.ApplyT(func(v *AiFeatureStoreEntityTypeIamPolicy) pulumi.StringOutput { return v.Featurestore }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/vertex/aiFeatureStoreIamBinding.go b/sdk/go/gcp/vertex/aiFeatureStoreIamBinding.go index f7a2a6a89e..96877c6765 100644 --- a/sdk/go/gcp/vertex/aiFeatureStoreIamBinding.go +++ b/sdk/go/gcp/vertex/aiFeatureStoreIamBinding.go @@ -56,13 +56,9 @@ type AiFeatureStoreIamBinding struct { // (Computed) The etag of the IAM policy. Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - Featurestore pulumi.StringOutput `pulumi:"featurestore"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore pulumi.StringOutput `pulumi:"featurestore"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,6 +68,9 @@ type AiFeatureStoreIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -126,13 +125,9 @@ type aiFeatureStoreIamBindingState struct { // (Computed) The etag of the IAM policy. Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to - Featurestore *string `pulumi:"featurestore"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore *string `pulumi:"featurestore"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -142,6 +137,9 @@ type aiFeatureStoreIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -159,12 +157,8 @@ type AiFeatureStoreIamBindingState struct { Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Featurestore pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -174,6 +168,9 @@ type AiFeatureStoreIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -192,13 +189,9 @@ func (AiFeatureStoreIamBindingState) ElementType() reflect.Type { type aiFeatureStoreIamBindingArgs struct { Condition *AiFeatureStoreIamBindingCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to - Featurestore string `pulumi:"featurestore"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Featurestore string `pulumi:"featurestore"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,6 +201,9 @@ type aiFeatureStoreIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -224,12 +220,8 @@ type AiFeatureStoreIamBindingArgs struct { Condition AiFeatureStoreIamBindingConditionPtrInput // Used to find the parent resource to bind the IAM policy to Featurestore pulumi.StringInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,6 +231,9 @@ type AiFeatureStoreIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -351,24 +346,23 @@ func (o AiFeatureStoreIamBindingOutput) Featurestore() pulumi.StringOutput { return o.ApplyT(func(v *AiFeatureStoreIamBinding) pulumi.StringOutput { return v.Featurestore }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AiFeatureStoreIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *AiFeatureStoreIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AiFeatureStoreIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AiFeatureStoreIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/vertex/aiFeatureStoreIamMember.go b/sdk/go/gcp/vertex/aiFeatureStoreIamMember.go index 3119b84014..cef8955e5c 100644 --- a/sdk/go/gcp/vertex/aiFeatureStoreIamMember.go +++ b/sdk/go/gcp/vertex/aiFeatureStoreIamMember.go @@ -57,12 +57,8 @@ type AiFeatureStoreIamMember struct { Etag pulumi.StringOutput `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to Featurestore pulumi.StringOutput `pulumi:"featurestore"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,6 +68,9 @@ type AiFeatureStoreIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -127,12 +126,8 @@ type aiFeatureStoreIamMemberState struct { Etag *string `pulumi:"etag"` // Used to find the parent resource to bind the IAM policy to Featurestore *string `pulumi:"featurestore"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -142,6 +137,9 @@ type aiFeatureStoreIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -159,12 +157,8 @@ type AiFeatureStoreIamMemberState struct { Etag pulumi.StringPtrInput // Used to find the parent resource to bind the IAM policy to Featurestore pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -174,6 +168,9 @@ type AiFeatureStoreIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -193,12 +190,8 @@ type aiFeatureStoreIamMemberArgs struct { Condition *AiFeatureStoreIamMemberCondition `pulumi:"condition"` // Used to find the parent resource to bind the IAM policy to Featurestore string `pulumi:"featurestore"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,6 +201,9 @@ type aiFeatureStoreIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -224,12 +220,8 @@ type AiFeatureStoreIamMemberArgs struct { Condition AiFeatureStoreIamMemberConditionPtrInput // Used to find the parent resource to bind the IAM policy to Featurestore pulumi.StringInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,6 +231,9 @@ type AiFeatureStoreIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -351,24 +346,23 @@ func (o AiFeatureStoreIamMemberOutput) Featurestore() pulumi.StringOutput { return o.ApplyT(func(v *AiFeatureStoreIamMember) pulumi.StringOutput { return v.Featurestore }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AiFeatureStoreIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *AiFeatureStoreIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AiFeatureStoreIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AiFeatureStoreIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/vertex/aiFeatureStoreIamPolicy.go b/sdk/go/gcp/vertex/aiFeatureStoreIamPolicy.go index 7ee3603d53..016490a1cf 100644 --- a/sdk/go/gcp/vertex/aiFeatureStoreIamPolicy.go +++ b/sdk/go/gcp/vertex/aiFeatureStoreIamPolicy.go @@ -61,18 +61,6 @@ type AiFeatureStoreIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -125,18 +113,6 @@ type aiFeatureStoreIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -154,18 +130,6 @@ type AiFeatureStoreIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -185,18 +149,6 @@ type aiFeatureStoreIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -213,18 +165,6 @@ type AiFeatureStoreIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput // The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, // the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -337,18 +277,6 @@ func (o AiFeatureStoreIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o AiFeatureStoreIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *AiFeatureStoreIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/workstations/workstationConfigIamBinding.go b/sdk/go/gcp/workstations/workstationConfigIamBinding.go index efeaf300bd..955cd20cf8 100644 --- a/sdk/go/gcp/workstations/workstationConfigIamBinding.go +++ b/sdk/go/gcp/workstations/workstationConfigIamBinding.go @@ -57,13 +57,9 @@ type WorkstationConfigIamBinding struct { Etag pulumi.StringOutput `pulumi:"etag"` // The location where the workstation cluster config should reside. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,6 +69,9 @@ type WorkstationConfigIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -129,13 +128,9 @@ type workstationConfigIamBindingState struct { Etag *string `pulumi:"etag"` // The location where the workstation cluster config should reside. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -145,6 +140,9 @@ type workstationConfigIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -161,12 +159,8 @@ type WorkstationConfigIamBindingState struct { // The location where the workstation cluster config should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -176,6 +170,9 @@ type WorkstationConfigIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -193,13 +190,9 @@ type workstationConfigIamBindingArgs struct { Condition *WorkstationConfigIamBindingCondition `pulumi:"condition"` // The location where the workstation cluster config should reside. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -209,6 +202,9 @@ type workstationConfigIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -224,12 +220,8 @@ type WorkstationConfigIamBindingArgs struct { // The location where the workstation cluster config should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,6 +231,9 @@ type WorkstationConfigIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -350,24 +345,23 @@ func (o WorkstationConfigIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *WorkstationConfigIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WorkstationConfigIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *WorkstationConfigIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WorkstationConfigIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WorkstationConfigIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/workstations/workstationConfigIamMember.go b/sdk/go/gcp/workstations/workstationConfigIamMember.go index e81dc99832..ef4fe74912 100644 --- a/sdk/go/gcp/workstations/workstationConfigIamMember.go +++ b/sdk/go/gcp/workstations/workstationConfigIamMember.go @@ -58,12 +58,8 @@ type WorkstationConfigIamMember struct { // The location where the workstation cluster config should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,6 +69,9 @@ type WorkstationConfigIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -130,12 +129,8 @@ type workstationConfigIamMemberState struct { // The location where the workstation cluster config should reside. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -145,6 +140,9 @@ type workstationConfigIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -161,12 +159,8 @@ type WorkstationConfigIamMemberState struct { // The location where the workstation cluster config should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -176,6 +170,9 @@ type WorkstationConfigIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -194,12 +191,8 @@ type workstationConfigIamMemberArgs struct { // The location where the workstation cluster config should reside. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -209,6 +202,9 @@ type workstationConfigIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -224,12 +220,8 @@ type WorkstationConfigIamMemberArgs struct { // The location where the workstation cluster config should reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,6 +231,9 @@ type WorkstationConfigIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format @@ -350,24 +345,23 @@ func (o WorkstationConfigIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *WorkstationConfigIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WorkstationConfigIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *WorkstationConfigIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WorkstationConfigIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WorkstationConfigIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/workstations/workstationConfigIamPolicy.go b/sdk/go/gcp/workstations/workstationConfigIamPolicy.go index d83a94eac7..f2cbb72ef2 100644 --- a/sdk/go/gcp/workstations/workstationConfigIamPolicy.go +++ b/sdk/go/gcp/workstations/workstationConfigIamPolicy.go @@ -62,18 +62,6 @@ type WorkstationConfigIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` WorkstationClusterId pulumi.StringOutput `pulumi:"workstationClusterId"` WorkstationConfigId pulumi.StringOutput `pulumi:"workstationConfigId"` @@ -128,18 +116,6 @@ type workstationConfigIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` WorkstationClusterId *string `pulumi:"workstationClusterId"` WorkstationConfigId *string `pulumi:"workstationConfigId"` @@ -156,18 +132,6 @@ type WorkstationConfigIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput WorkstationClusterId pulumi.StringPtrInput WorkstationConfigId pulumi.StringPtrInput @@ -186,18 +150,6 @@ type workstationConfigIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` WorkstationClusterId string `pulumi:"workstationClusterId"` WorkstationConfigId string `pulumi:"workstationConfigId"` @@ -213,18 +165,6 @@ type WorkstationConfigIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput WorkstationClusterId pulumi.StringInput WorkstationConfigId pulumi.StringInput @@ -336,18 +276,6 @@ func (o WorkstationConfigIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WorkstationConfigIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WorkstationConfigIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/workstations/workstationIamBinding.go b/sdk/go/gcp/workstations/workstationIamBinding.go index 3da06e78e6..ffc876f5a6 100644 --- a/sdk/go/gcp/workstations/workstationIamBinding.go +++ b/sdk/go/gcp/workstations/workstationIamBinding.go @@ -57,13 +57,9 @@ type WorkstationIamBinding struct { Etag pulumi.StringOutput `pulumi:"etag"` // The location where the workstation parent resources reside. // Used to find the parent resource to bind the IAM policy to - Location pulumi.StringOutput `pulumi:"location"` - Members pulumi.StringArrayOutput `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location pulumi.StringOutput `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,6 +69,9 @@ type WorkstationIamBinding struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayOutput `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format @@ -133,13 +132,9 @@ type workstationIamBindingState struct { Etag *string `pulumi:"etag"` // The location where the workstation parent resources reside. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -149,6 +144,9 @@ type workstationIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format @@ -166,12 +164,8 @@ type WorkstationIamBindingState struct { // The location where the workstation parent resources reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -181,6 +175,9 @@ type WorkstationIamBindingState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format @@ -199,13 +196,9 @@ type workstationIamBindingArgs struct { Condition *WorkstationIamBindingCondition `pulumi:"condition"` // The location where the workstation parent resources reside. // Used to find the parent resource to bind the IAM policy to - Location *string `pulumi:"location"` - Members []string `pulumi:"members"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + Location *string `pulumi:"location"` + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -215,6 +208,9 @@ type workstationIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members []string `pulumi:"members"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format @@ -231,12 +227,8 @@ type WorkstationIamBindingArgs struct { // The location where the workstation parent resources reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Members pulumi.StringArrayInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -246,6 +238,9 @@ type WorkstationIamBindingArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Members pulumi.StringArrayInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format @@ -358,24 +353,23 @@ func (o WorkstationIamBindingOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *WorkstationIamBinding) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WorkstationIamBindingOutput) Members() pulumi.StringArrayOutput { return o.ApplyT(func(v *WorkstationIamBinding) pulumi.StringArrayOutput { return v.Members }).(pulumi.StringArrayOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WorkstationIamBindingOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WorkstationIamBinding) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/workstations/workstationIamMember.go b/sdk/go/gcp/workstations/workstationIamMember.go index aa478345bb..7f9b993673 100644 --- a/sdk/go/gcp/workstations/workstationIamMember.go +++ b/sdk/go/gcp/workstations/workstationIamMember.go @@ -58,12 +58,8 @@ type WorkstationIamMember struct { // The location where the workstation parent resources reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringOutput `pulumi:"location"` - Member pulumi.StringOutput `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,6 +69,9 @@ type WorkstationIamMember struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringOutput `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringOutput `pulumi:"project"` // The role that should be applied. Only one // `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format @@ -134,12 +133,8 @@ type workstationIamMemberState struct { // The location where the workstation parent resources reside. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member *string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -149,6 +144,9 @@ type workstationIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member *string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format @@ -166,12 +164,8 @@ type WorkstationIamMemberState struct { // The location where the workstation parent resources reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringPtrInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -181,6 +175,9 @@ type WorkstationIamMemberState struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringPtrInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format @@ -200,12 +197,8 @@ type workstationIamMemberArgs struct { // The location where the workstation parent resources reside. // Used to find the parent resource to bind the IAM policy to Location *string `pulumi:"location"` - Member string `pulumi:"member"` - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -215,6 +208,9 @@ type workstationIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member string `pulumi:"member"` + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project *string `pulumi:"project"` // The role that should be applied. Only one // `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format @@ -231,12 +227,8 @@ type WorkstationIamMemberArgs struct { // The location where the workstation parent resources reside. // Used to find the parent resource to bind the IAM policy to Location pulumi.StringPtrInput - Member pulumi.StringInput - // The ID of the project in which the resource belongs. - // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: + // Identities that will be granted the privilege in `role`. + // Each entry can have one of the following values: // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -246,6 +238,9 @@ type WorkstationIamMemberArgs struct { // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + Member pulumi.StringInput + // The ID of the project in which the resource belongs. + // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. Project pulumi.StringPtrInput // The role that should be applied. Only one // `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format @@ -358,24 +353,23 @@ func (o WorkstationIamMemberOutput) Location() pulumi.StringOutput { return o.ApplyT(func(v *WorkstationIamMember) pulumi.StringOutput { return v.Location }).(pulumi.StringOutput) } +// Identities that will be granted the privilege in `role`. +// Each entry can have one of the following values: +// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. +// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. +// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. +// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. +// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. +// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. +// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" +// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" +// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WorkstationIamMemberOutput) Member() pulumi.StringOutput { return o.ApplyT(func(v *WorkstationIamMember) pulumi.StringOutput { return v.Member }).(pulumi.StringOutput) } // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WorkstationIamMemberOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WorkstationIamMember) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/go/gcp/workstations/workstationIamPolicy.go b/sdk/go/gcp/workstations/workstationIamPolicy.go index fdb6872167..2c8ceda466 100644 --- a/sdk/go/gcp/workstations/workstationIamPolicy.go +++ b/sdk/go/gcp/workstations/workstationIamPolicy.go @@ -62,18 +62,6 @@ type WorkstationIamPolicy struct { PolicyData pulumi.StringOutput `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringOutput `pulumi:"project"` WorkstationClusterId pulumi.StringOutput `pulumi:"workstationClusterId"` WorkstationConfigId pulumi.StringOutput `pulumi:"workstationConfigId"` @@ -132,18 +120,6 @@ type workstationIamPolicyState struct { PolicyData *string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` WorkstationClusterId *string `pulumi:"workstationClusterId"` WorkstationConfigId *string `pulumi:"workstationConfigId"` @@ -161,18 +137,6 @@ type WorkstationIamPolicyState struct { PolicyData pulumi.StringPtrInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput WorkstationClusterId pulumi.StringPtrInput WorkstationConfigId pulumi.StringPtrInput @@ -192,18 +156,6 @@ type workstationIamPolicyArgs struct { PolicyData string `pulumi:"policyData"` // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project *string `pulumi:"project"` WorkstationClusterId string `pulumi:"workstationClusterId"` WorkstationConfigId string `pulumi:"workstationConfigId"` @@ -220,18 +172,6 @@ type WorkstationIamPolicyArgs struct { PolicyData pulumi.StringInput // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - // - // * `member/members` - (Required) Identities that will be granted the privilege in `role`. - // Each entry can have one of the following values: - // * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - // * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - // * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - // * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - // * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - // * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - // * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - // * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - // * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" Project pulumi.StringPtrInput WorkstationClusterId pulumi.StringInput WorkstationConfigId pulumi.StringInput @@ -344,18 +284,6 @@ func (o WorkstationIamPolicyOutput) PolicyData() pulumi.StringOutput { // The ID of the project in which the resource belongs. // If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. -// -// - `member/members` - (Required) Identities that will be granted the privilege in `role`. -// Each entry can have one of the following values: -// - **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. -// - **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. -// - **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. -// - **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. -// - **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. -// - **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. -// - **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" -// - **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" -// - **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" func (o WorkstationIamPolicyOutput) Project() pulumi.StringOutput { return o.ApplyT(func(v *WorkstationIamPolicy) pulumi.StringOutput { return v.Project }).(pulumi.StringOutput) } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamBinding.java index d9c5c9d7c2..dda971096f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamBinding.java @@ -144,6 +144,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_access\_context\_manager\_access\_policy\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/accesscontextmanager.policyAdmin") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AccessPolicyIamPolicy("policy", AccessPolicyIamPolicyArgs.builder() + * .name(access_policy.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_access\_context\_manager\_access\_policy\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AccessPolicyIamBinding("binding", AccessPolicyIamBindingArgs.builder() + * .name(access_policy.name()) + * .role("roles/accesscontextmanager.policyAdmin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_access\_context\_manager\_access\_policy\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AccessPolicyIamMember("member", AccessPolicyIamMemberArgs.builder() + * .name(access_policy.name()) + * .role("roles/accesscontextmanager.policyAdmin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -201,17 +314,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -223,14 +328,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="name", refs={String.class}, tree="[0]") - private Output name; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -242,6 +345,20 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Output name() { return this.name; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamBindingArgs.java index 7652fd25fc..ec7d6860d5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamBindingArgs.java @@ -25,18 +25,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -48,14 +39,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="name") - private @Nullable Output name; + @Import(name="members", required=true) + private Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -67,6 +56,21 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> name() { return Optional.ofNullable(this.name); } @@ -126,24 +130,30 @@ public Builder condition(AccessPolicyIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -157,16 +167,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder name(@Nullable Output name) { - $.name = name; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -180,6 +187,27 @@ public Builder name(@Nullable Output name) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder name(String name) { return name(Output.of(name)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamMember.java index 672434aabc..071b598c82 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamMember.java @@ -143,6 +143,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_access\_context\_manager\_access\_policy\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/accesscontextmanager.policyAdmin") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AccessPolicyIamPolicy("policy", AccessPolicyIamPolicyArgs.builder() + * .name(access_policy.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_access\_context\_manager\_access\_policy\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AccessPolicyIamBinding("binding", AccessPolicyIamBindingArgs.builder() + * .name(access_policy.name()) + * .role("roles/accesscontextmanager.policyAdmin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_access\_context\_manager\_access\_policy\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AccessPolicyIamMember("member", AccessPolicyIamMemberArgs.builder() + * .name(access_policy.name()) + * .role("roles/accesscontextmanager.policyAdmin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -200,17 +313,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -222,14 +327,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="name", refs={String.class}, tree="[0]") - private Output name; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -241,6 +344,20 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Output name() { return this.name; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamMemberArgs.java index 5fd200f023..b30ee991c8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamMemberArgs.java @@ -24,18 +24,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -47,14 +38,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="name") - private @Nullable Output name; + @Import(name="member", required=true) + private Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -66,6 +55,21 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> name() { return Optional.ofNullable(this.name); } @@ -125,20 +129,9 @@ public Builder condition(AccessPolicyIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -152,16 +145,14 @@ public Builder member(String member) { * @return builder * */ - public Builder name(@Nullable Output name) { - $.name = name; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -175,6 +166,27 @@ public Builder name(@Nullable Output name) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder name(String name) { return name(Output.of(name)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamPolicy.java index 4431ca89ba..5829799b19 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamPolicy.java @@ -141,6 +141,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_access\_context\_manager\_access\_policy\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicy; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/accesscontextmanager.policyAdmin") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AccessPolicyIamPolicy("policy", AccessPolicyIamPolicyArgs.builder() + * .name(access_policy.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_access\_context\_manager\_access\_policy\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBinding; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AccessPolicyIamBinding("binding", AccessPolicyIamBindingArgs.builder() + * .name(access_policy.name()) + * .role("roles/accesscontextmanager.policyAdmin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_access\_context\_manager\_access\_policy\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMember; + * import com.pulumi.gcp.accesscontextmanager.AccessPolicyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AccessPolicyIamMember("member", AccessPolicyIamMemberArgs.builder() + * .name(access_policy.name()) + * .role("roles/accesscontextmanager.policyAdmin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -195,18 +308,6 @@ public Output etag() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; @@ -214,18 +315,6 @@ public Output etag() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output name() { return this.name; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamPolicyArgs.java index 9f0644ab46..6a1b5623ef 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/AccessPolicyIamPolicyArgs.java @@ -19,18 +19,6 @@ public final class AccessPolicyIamPolicyArgs extends com.pulumi.resources.Resour /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="name") private @Nullable Output name; @@ -38,18 +26,6 @@ public final class AccessPolicyIamPolicyArgs extends com.pulumi.resources.Resour /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> name() { return Optional.ofNullable(this.name); @@ -100,18 +76,6 @@ public Builder(AccessPolicyIamPolicyArgs defaults) { /** * @param name Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -123,18 +87,6 @@ public Builder name(@Nullable Output name) { /** * @param name Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/AccessPolicyIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/AccessPolicyIamBindingState.java index 13c8706ba9..916053af7a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/AccessPolicyIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/AccessPolicyIamBindingState.java @@ -39,18 +39,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -62,14 +53,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="name") - private @Nullable Output name; + @Import(name="members") + private @Nullable Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -81,6 +70,21 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> name() { return Optional.ofNullable(this.name); } @@ -162,24 +166,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -193,16 +203,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder name(@Nullable Output name) { - $.name = name; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,6 +223,27 @@ public Builder name(@Nullable Output name) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder name(String name) { return name(Output.of(name)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/AccessPolicyIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/AccessPolicyIamMemberState.java index 78c9fa2462..8b9b951560 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/AccessPolicyIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/AccessPolicyIamMemberState.java @@ -38,18 +38,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -61,14 +52,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="name") - private @Nullable Output name; + @Import(name="member") + private @Nullable Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -80,6 +69,21 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> name() { return Optional.ofNullable(this.name); } @@ -161,20 +165,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -188,16 +181,14 @@ public Builder member(String member) { * @return builder * */ - public Builder name(@Nullable Output name) { - $.name = name; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -211,6 +202,27 @@ public Builder name(@Nullable Output name) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder name(String name) { return name(Output.of(name)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/AccessPolicyIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/AccessPolicyIamPolicyState.java index 9b9a85b764..11ec8b69e9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/AccessPolicyIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/accesscontextmanager/inputs/AccessPolicyIamPolicyState.java @@ -33,18 +33,6 @@ public Optional> etag() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="name") private @Nullable Output name; @@ -52,18 +40,6 @@ public Optional> etag() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> name() { return Optional.ofNullable(this.name); @@ -136,18 +112,6 @@ public Builder etag(String etag) { /** * @param name Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -159,18 +123,6 @@ public Builder name(@Nullable Output name) { /** * @param name Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamBinding.java index 80106b04a5..b6e550caae 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_api\_gateway\_api\_config\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.apigateway.ApiConfigIamPolicy; + * import com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ApiConfigIamPolicy("policy", ApiConfigIamPolicyArgs.builder() + * .api(apiCfg.api()) + * .apiConfig(apiCfg.apiConfigId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_api\_config\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.ApiConfigIamBinding; + * import com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ApiConfigIamBinding("binding", ApiConfigIamBindingArgs.builder() + * .api(apiCfg.api()) + * .apiConfig(apiCfg.apiConfigId()) + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_api\_config\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.ApiConfigIamMember; + * import com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ApiConfigIamMember("member", ApiConfigIamMemberArgs.builder() + * .api(apiCfg.api()) + * .apiConfig(apiCfg.apiConfigId()) + * .role("roles/apigateway.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -230,18 +346,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -253,15 +360,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -273,6 +377,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamBindingArgs.java index 56a48b3e5f..957fb755c9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamBindingArgs.java @@ -49,19 +49,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -186,25 +190,30 @@ public Builder condition(ApiConfigIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -218,17 +227,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -242,6 +247,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamMember.java index 0bd82f6d0c..1e22091856 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_api\_gateway\_api\_config\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.apigateway.ApiConfigIamPolicy; + * import com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ApiConfigIamPolicy("policy", ApiConfigIamPolicyArgs.builder() + * .api(apiCfg.api()) + * .apiConfig(apiCfg.apiConfigId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_api\_config\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.ApiConfigIamBinding; + * import com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ApiConfigIamBinding("binding", ApiConfigIamBindingArgs.builder() + * .api(apiCfg.api()) + * .apiConfig(apiCfg.apiConfigId()) + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_api\_config\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.ApiConfigIamMember; + * import com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ApiConfigIamMember("member", ApiConfigIamMemberArgs.builder() + * .api(apiCfg.api()) + * .apiConfig(apiCfg.apiConfigId()) + * .role("roles/apigateway.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -229,18 +345,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -252,15 +359,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -272,6 +376,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamMemberArgs.java index 141e263a5c..362f9d80f6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamMemberArgs.java @@ -48,19 +48,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,15 +62,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,6 +79,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -185,21 +189,9 @@ public Builder condition(ApiConfigIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -213,17 +205,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -237,6 +226,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamPolicy.java index f0451e5f35..2d49c7a487 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_api\_gateway\_api\_config\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.apigateway.ApiConfigIamPolicy; + * import com.pulumi.gcp.apigateway.ApiConfigIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ApiConfigIamPolicy("policy", ApiConfigIamPolicyArgs.builder() + * .api(apiCfg.api()) + * .apiConfig(apiCfg.apiConfigId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_api\_config\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.ApiConfigIamBinding; + * import com.pulumi.gcp.apigateway.ApiConfigIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ApiConfigIamBinding("binding", ApiConfigIamBindingArgs.builder() + * .api(apiCfg.api()) + * .apiConfig(apiCfg.apiConfigId()) + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_api\_config\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.ApiConfigIamMember; + * import com.pulumi.gcp.apigateway.ApiConfigIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ApiConfigIamMember("member", ApiConfigIamMemberArgs.builder() + * .api(apiCfg.api()) + * .apiConfig(apiCfg.apiConfigId()) + * .role("roles/apigateway.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -241,18 +357,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -261,18 +365,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamPolicyArgs.java index dd36f74862..ab3193be05 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiConfigIamPolicyArgs.java @@ -61,18 +61,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -81,18 +69,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -184,18 +160,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -208,18 +172,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamBinding.java index bcebfbba7d..28cf8fa394 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_api\_gateway\_api\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.apigateway.ApiIamPolicy; + * import com.pulumi.gcp.apigateway.ApiIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ApiIamPolicy("policy", ApiIamPolicyArgs.builder() + * .project(api.project()) + * .api(api.apiId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_api\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.ApiIamBinding; + * import com.pulumi.gcp.apigateway.ApiIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ApiIamBinding("binding", ApiIamBindingArgs.builder() + * .project(api.project()) + * .api(api.apiId()) + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_api\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.ApiIamMember; + * import com.pulumi.gcp.apigateway.ApiIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ApiIamMember("member", ApiIamMemberArgs.builder() + * .project(api.project()) + * .api(api.apiId()) + * .role("roles/apigateway.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -212,18 +328,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -235,15 +342,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,6 +359,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamBindingArgs.java index 1427c5c247..da8502e10d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamBindingArgs.java @@ -32,19 +32,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -56,15 +46,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -76,6 +63,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -145,25 +149,30 @@ public Builder condition(ApiIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -177,17 +186,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -201,6 +206,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamMember.java index 4256940d88..8a4f27d425 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_api\_gateway\_api\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.apigateway.ApiIamPolicy; + * import com.pulumi.gcp.apigateway.ApiIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ApiIamPolicy("policy", ApiIamPolicyArgs.builder() + * .project(api.project()) + * .api(api.apiId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_api\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.ApiIamBinding; + * import com.pulumi.gcp.apigateway.ApiIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ApiIamBinding("binding", ApiIamBindingArgs.builder() + * .project(api.project()) + * .api(api.apiId()) + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_api\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.ApiIamMember; + * import com.pulumi.gcp.apigateway.ApiIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ApiIamMember("member", ApiIamMemberArgs.builder() + * .project(api.project()) + * .api(api.apiId()) + * .role("roles/apigateway.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -211,18 +327,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -234,15 +341,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -254,6 +358,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamMemberArgs.java index bb866ee6b8..8fe4acaecf 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamMemberArgs.java @@ -31,19 +31,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -55,15 +45,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -75,6 +62,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -144,21 +148,9 @@ public Builder condition(ApiIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -172,17 +164,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -196,6 +185,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamPolicy.java index 47127cf42b..57b332ae18 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_api\_gateway\_api\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.apigateway.ApiIamPolicy; + * import com.pulumi.gcp.apigateway.ApiIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ApiIamPolicy("policy", ApiIamPolicyArgs.builder() + * .project(api.project()) + * .api(api.apiId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_api\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.ApiIamBinding; + * import com.pulumi.gcp.apigateway.ApiIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ApiIamBinding("binding", ApiIamBindingArgs.builder() + * .project(api.project()) + * .api(api.apiId()) + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_api\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.ApiIamMember; + * import com.pulumi.gcp.apigateway.ApiIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ApiIamMember("member", ApiIamMemberArgs.builder() + * .project(api.project()) + * .api(api.apiId()) + * .role("roles/apigateway.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -223,18 +339,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -243,18 +347,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamPolicyArgs.java index 95bd02a7a9..501ac6e37a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/ApiIamPolicyArgs.java @@ -44,18 +44,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -64,18 +52,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -143,18 +119,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -167,18 +131,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamBinding.java index d8101cd0c0..1e6ea33999 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_api\_gateway\_gateway\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.apigateway.GatewayIamPolicy; + * import com.pulumi.gcp.apigateway.GatewayIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new GatewayIamPolicy("policy", GatewayIamPolicyArgs.builder() + * .project(apiGw.project()) + * .region(apiGw.region()) + * .gateway(apiGw.gatewayId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_gateway\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.GatewayIamBinding; + * import com.pulumi.gcp.apigateway.GatewayIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new GatewayIamBinding("binding", GatewayIamBindingArgs.builder() + * .project(apiGw.project()) + * .region(apiGw.region()) + * .gateway(apiGw.gatewayId()) + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_gateway\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.GatewayIamMember; + * import com.pulumi.gcp.apigateway.GatewayIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new GatewayIamMember("member", GatewayIamMemberArgs.builder() + * .project(apiGw.project()) + * .region(apiGw.region()) + * .gateway(apiGw.gatewayId()) + * .role("roles/apigateway.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -217,18 +336,9 @@ public Output etag() { public Output gateway() { return this.gateway; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -240,15 +350,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -260,6 +367,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamBindingArgs.java index 752a127d32..824f07d2f6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamBindingArgs.java @@ -32,19 +32,9 @@ public Output gateway() { return this.gateway; } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -56,15 +46,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -76,6 +63,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -167,25 +171,30 @@ public Builder gateway(String gateway) { return gateway(Output.of(gateway)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,17 +208,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -223,6 +228,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamMember.java index 9e0ad9e73a..028aea0dfe 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_api\_gateway\_gateway\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.apigateway.GatewayIamPolicy; + * import com.pulumi.gcp.apigateway.GatewayIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new GatewayIamPolicy("policy", GatewayIamPolicyArgs.builder() + * .project(apiGw.project()) + * .region(apiGw.region()) + * .gateway(apiGw.gatewayId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_gateway\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.GatewayIamBinding; + * import com.pulumi.gcp.apigateway.GatewayIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new GatewayIamBinding("binding", GatewayIamBindingArgs.builder() + * .project(apiGw.project()) + * .region(apiGw.region()) + * .gateway(apiGw.gatewayId()) + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_gateway\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.GatewayIamMember; + * import com.pulumi.gcp.apigateway.GatewayIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new GatewayIamMember("member", GatewayIamMemberArgs.builder() + * .project(apiGw.project()) + * .region(apiGw.region()) + * .gateway(apiGw.gatewayId()) + * .role("roles/apigateway.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -216,18 +335,9 @@ public Output etag() { public Output gateway() { return this.gateway; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,15 +349,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -259,6 +366,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamMemberArgs.java index 2aee91ca8e..5be5e077ec 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamMemberArgs.java @@ -31,19 +31,9 @@ public Output gateway() { return this.gateway; } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -55,15 +45,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -75,6 +62,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -166,21 +170,9 @@ public Builder gateway(String gateway) { return gateway(Output.of(gateway)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -194,17 +186,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -218,6 +207,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamPolicy.java index af11854075..0d5cd1ab81 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_api\_gateway\_gateway\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.apigateway.GatewayIamPolicy; + * import com.pulumi.gcp.apigateway.GatewayIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new GatewayIamPolicy("policy", GatewayIamPolicyArgs.builder() + * .project(apiGw.project()) + * .region(apiGw.region()) + * .gateway(apiGw.gatewayId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_gateway\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.GatewayIamBinding; + * import com.pulumi.gcp.apigateway.GatewayIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new GatewayIamBinding("binding", GatewayIamBindingArgs.builder() + * .project(apiGw.project()) + * .region(apiGw.region()) + * .gateway(apiGw.gatewayId()) + * .role("roles/apigateway.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_api\_gateway\_gateway\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigateway.GatewayIamMember; + * import com.pulumi.gcp.apigateway.GatewayIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new GatewayIamMember("member", GatewayIamMemberArgs.builder() + * .project(apiGw.project()) + * .region(apiGw.region()) + * .gateway(apiGw.gatewayId()) + * .role("roles/apigateway.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -228,18 +347,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -248,18 +355,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamPolicyArgs.java index 9f7d7cf8c6..f20abb2fff 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/GatewayIamPolicyArgs.java @@ -44,18 +44,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -64,18 +52,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -165,18 +141,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -189,18 +153,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiConfigIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiConfigIamBindingState.java index 07bca91cac..e609b9ef6c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiConfigIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiConfigIamBindingState.java @@ -63,19 +63,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -87,15 +77,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,6 +94,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -222,25 +226,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -254,17 +263,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -278,6 +283,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiConfigIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiConfigIamMemberState.java index 8f2b021dbd..a093623005 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiConfigIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiConfigIamMemberState.java @@ -62,19 +62,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -86,15 +76,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -106,6 +93,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -221,21 +225,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,17 +241,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -273,6 +262,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiConfigIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiConfigIamPolicyState.java index fe135c1345..e81f6fa0ba 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiConfigIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiConfigIamPolicyState.java @@ -75,18 +75,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -95,18 +83,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -220,18 +196,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -244,18 +208,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiIamBindingState.java index efdf92c19a..407c8c9de4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiIamBindingState.java @@ -46,19 +46,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -70,15 +60,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -90,6 +77,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -181,25 +185,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -213,17 +222,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -237,6 +242,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiIamMemberState.java index 83e83ff629..649f285e07 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiIamMemberState.java @@ -45,19 +45,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -69,15 +59,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -89,6 +76,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -180,21 +184,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,17 +200,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -232,6 +221,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiIamPolicyState.java index b482a6737b..a9e27b92e9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/ApiIamPolicyState.java @@ -58,18 +58,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -78,18 +66,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -179,18 +155,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -203,18 +167,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/GatewayIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/GatewayIamBindingState.java index 558690c67e..dfabec24bd 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/GatewayIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/GatewayIamBindingState.java @@ -46,19 +46,9 @@ public Optional> gateway() { return Optional.ofNullable(this.gateway); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -70,15 +60,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -90,6 +77,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -203,25 +207,30 @@ public Builder gateway(String gateway) { return gateway(Output.of(gateway)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -235,17 +244,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -259,6 +264,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/GatewayIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/GatewayIamMemberState.java index 04196d7835..51ae1b0984 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/GatewayIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/GatewayIamMemberState.java @@ -45,19 +45,9 @@ public Optional> gateway() { return Optional.ofNullable(this.gateway); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -69,15 +59,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -89,6 +76,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -202,21 +206,9 @@ public Builder gateway(String gateway) { return gateway(Output.of(gateway)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -230,17 +222,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -254,6 +243,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/GatewayIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/GatewayIamPolicyState.java index 2b7fa6af4f..3d47c3b733 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/GatewayIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigateway/inputs/GatewayIamPolicyState.java @@ -58,18 +58,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -78,18 +66,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -201,18 +177,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -225,18 +189,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamBinding.java index aeb3629956..42d6dcd528 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_apigee\_environment\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.apigee.EnvironmentIamPolicy; + * import com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new EnvironmentIamPolicy("policy", EnvironmentIamPolicyArgs.builder() + * .orgId(apigeeEnvironment.orgId()) + * .envId(apigeeEnvironment.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_apigee\_environment\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigee.EnvironmentIamBinding; + * import com.pulumi.gcp.apigee.EnvironmentIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new EnvironmentIamBinding("binding", EnvironmentIamBindingArgs.builder() + * .orgId(apigeeEnvironment.orgId()) + * .envId(apigeeEnvironment.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_apigee\_environment\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigee.EnvironmentIamMember; + * import com.pulumi.gcp.apigee.EnvironmentIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new EnvironmentIamMember("member", EnvironmentIamMemberArgs.builder() + * .orgId(apigeeEnvironment.orgId()) + * .envId(apigeeEnvironment.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -193,18 +309,6 @@ public Output> condition() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="envId", refs={String.class}, tree="[0]") private Output envId; @@ -212,18 +316,6 @@ public Output> condition() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output envId() { return this.envId; @@ -242,9 +334,37 @@ public Output envId() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamBindingArgs.java index 0a7714b3c3..3a69610aa6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamBindingArgs.java @@ -28,8 +28,21 @@ public Optional> condition() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + @Import(name="envId", required=true) + private Output envId; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public Output envId() { + return this.envId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -41,14 +54,12 @@ public Optional> condition() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="envId", required=true) - private Output envId; + @Import(name="members", required=true) + private Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -60,13 +71,6 @@ public Optional> condition() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - public Output envId() { - return this.envId; - } - - @Import(name="members", required=true) - private Output> members; - public Output> members() { return this.members; } @@ -137,8 +141,27 @@ public Builder condition(EnvironmentIamBindingConditionArgs condition) { /** * @param envId Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder envId(Output envId) { + $.envId = envId; + return this; + } + + /** + * @param envId Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder envId(String envId) { + return envId(Output.of(envId)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -152,16 +175,14 @@ public Builder condition(EnvironmentIamBindingConditionArgs condition) { * @return builder * */ - public Builder envId(Output envId) { - $.envId = envId; + public Builder members(Output> members) { + $.members = members; return this; } /** - * @param envId Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -175,19 +196,26 @@ public Builder envId(Output envId) { * @return builder * */ - public Builder envId(String envId) { - return envId(Output.of(envId)); - } - - public Builder members(Output> members) { - $.members = members; - return this; - } - public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamMember.java index 51cc379d46..4fb6afa54f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_apigee\_environment\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.apigee.EnvironmentIamPolicy; + * import com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new EnvironmentIamPolicy("policy", EnvironmentIamPolicyArgs.builder() + * .orgId(apigeeEnvironment.orgId()) + * .envId(apigeeEnvironment.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_apigee\_environment\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigee.EnvironmentIamBinding; + * import com.pulumi.gcp.apigee.EnvironmentIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new EnvironmentIamBinding("binding", EnvironmentIamBindingArgs.builder() + * .orgId(apigeeEnvironment.orgId()) + * .envId(apigeeEnvironment.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_apigee\_environment\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigee.EnvironmentIamMember; + * import com.pulumi.gcp.apigee.EnvironmentIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new EnvironmentIamMember("member", EnvironmentIamMemberArgs.builder() + * .orgId(apigeeEnvironment.orgId()) + * .envId(apigeeEnvironment.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -192,18 +308,6 @@ public Output> condition() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="envId", refs={String.class}, tree="[0]") private Output envId; @@ -211,18 +315,6 @@ public Output> condition() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output envId() { return this.envId; @@ -241,9 +333,37 @@ public Output envId() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamMemberArgs.java index f80d30040b..c46da519f8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamMemberArgs.java @@ -27,8 +27,21 @@ public Optional> condition() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + @Import(name="envId", required=true) + private Output envId; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ + public Output envId() { + return this.envId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -40,14 +53,12 @@ public Optional> condition() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="envId", required=true) - private Output envId; + @Import(name="member", required=true) + private Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -59,13 +70,6 @@ public Optional> condition() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - public Output envId() { - return this.envId; - } - - @Import(name="member", required=true) - private Output member; - public Output member() { return this.member; } @@ -136,8 +140,27 @@ public Builder condition(EnvironmentIamMemberConditionArgs condition) { /** * @param envId Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder envId(Output envId) { + $.envId = envId; + return this; + } + + /** + * @param envId Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder envId(String envId) { + return envId(Output.of(envId)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -151,16 +174,14 @@ public Builder condition(EnvironmentIamMemberConditionArgs condition) { * @return builder * */ - public Builder envId(Output envId) { - $.envId = envId; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param envId Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -174,15 +195,6 @@ public Builder envId(Output envId) { * @return builder * */ - public Builder envId(String envId) { - return envId(Output.of(envId)); - } - - public Builder member(Output member) { - $.member = member; - return this; - } - public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamPolicy.java index 493b087e3b..4a3c2279a7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_apigee\_environment\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.apigee.EnvironmentIamPolicy; + * import com.pulumi.gcp.apigee.EnvironmentIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new EnvironmentIamPolicy("policy", EnvironmentIamPolicyArgs.builder() + * .orgId(apigeeEnvironment.orgId()) + * .envId(apigeeEnvironment.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_apigee\_environment\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigee.EnvironmentIamBinding; + * import com.pulumi.gcp.apigee.EnvironmentIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new EnvironmentIamBinding("binding", EnvironmentIamBindingArgs.builder() + * .orgId(apigeeEnvironment.orgId()) + * .envId(apigeeEnvironment.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_apigee\_environment\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.apigee.EnvironmentIamMember; + * import com.pulumi.gcp.apigee.EnvironmentIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new EnvironmentIamMember("member", EnvironmentIamMemberArgs.builder() + * .orgId(apigeeEnvironment.orgId()) + * .envId(apigeeEnvironment.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -184,18 +300,6 @@ public class EnvironmentIamPolicy extends com.pulumi.resources.CustomResource { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="envId", refs={String.class}, tree="[0]") private Output envId; @@ -203,18 +307,6 @@ public class EnvironmentIamPolicy extends com.pulumi.resources.CustomResource { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output envId() { return this.envId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamPolicyArgs.java index 1a30b3b12b..138d86a631 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigee/EnvironmentIamPolicyArgs.java @@ -17,18 +17,6 @@ public final class EnvironmentIamPolicyArgs extends com.pulumi.resources.Resourc /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="envId", required=true) private Output envId; @@ -36,18 +24,6 @@ public final class EnvironmentIamPolicyArgs extends com.pulumi.resources.Resourc /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output envId() { return this.envId; @@ -106,18 +82,6 @@ public Builder(EnvironmentIamPolicyArgs defaults) { /** * @param envId Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -129,18 +93,6 @@ public Builder envId(Output envId) { /** * @param envId Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigee/inputs/EnvironmentIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/apigee/inputs/EnvironmentIamBindingState.java index d1d3474692..f2b2091424 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigee/inputs/EnvironmentIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigee/inputs/EnvironmentIamBindingState.java @@ -27,18 +27,6 @@ public Optional> condition() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="envId") private @Nullable Output envId; @@ -46,18 +34,6 @@ public Optional> condition() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> envId() { return Optional.ofNullable(this.envId); @@ -78,9 +54,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -152,18 +156,6 @@ public Builder condition(EnvironmentIamBindingConditionArgs condition) { /** * @param envId Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -175,18 +167,6 @@ public Builder envId(@Nullable Output envId) { /** * @param envId Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -215,15 +195,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigee/inputs/EnvironmentIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/apigee/inputs/EnvironmentIamMemberState.java index 238781be75..2d1d6e20fe 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigee/inputs/EnvironmentIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigee/inputs/EnvironmentIamMemberState.java @@ -26,18 +26,6 @@ public Optional> condition() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="envId") private @Nullable Output envId; @@ -45,18 +33,6 @@ public Optional> condition() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> envId() { return Optional.ofNullable(this.envId); @@ -77,9 +53,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -151,18 +155,6 @@ public Builder condition(EnvironmentIamMemberConditionArgs condition) { /** * @param envId Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -174,18 +166,6 @@ public Builder envId(@Nullable Output envId) { /** * @param envId Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -214,11 +194,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/apigee/inputs/EnvironmentIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/apigee/inputs/EnvironmentIamPolicyState.java index f42e55e70a..0316f5c453 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/apigee/inputs/EnvironmentIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/apigee/inputs/EnvironmentIamPolicyState.java @@ -18,18 +18,6 @@ public final class EnvironmentIamPolicyState extends com.pulumi.resources.Resour /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="envId") private @Nullable Output envId; @@ -37,18 +25,6 @@ public final class EnvironmentIamPolicyState extends com.pulumi.resources.Resour /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> envId() { return Optional.ofNullable(this.envId); @@ -123,18 +99,6 @@ public Builder(EnvironmentIamPolicyState defaults) { /** * @param envId Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -146,18 +110,6 @@ public Builder envId(@Nullable Output envId) { /** * @param envId Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBinding.java index 14560753f3..32f6fc4136 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_artifact\_registry\_repository\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.artifactregistry.RepositoryIamPolicy; + * import com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/artifactregistry.reader") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new RepositoryIamPolicy("policy", RepositoryIamPolicyArgs.builder() + * .project(my_repo.project()) + * .location(my_repo.location()) + * .repository(my_repo.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_artifact\_registry\_repository\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.artifactregistry.RepositoryIamBinding; + * import com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new RepositoryIamBinding("binding", RepositoryIamBindingArgs.builder() + * .project(my_repo.project()) + * .location(my_repo.location()) + * .repository(my_repo.name()) + * .role("roles/artifactregistry.reader") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_artifact\_registry\_repository\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.artifactregistry.RepositoryIamMember; + * import com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new RepositoryIamMember("member", RepositoryIamMemberArgs.builder() + * .project(my_repo.project()) + * .location(my_repo.location()) + * .repository(my_repo.name()) + * .role("roles/artifactregistry.reader") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -227,18 +346,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -250,15 +360,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -270,6 +377,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBindingArgs.java index 258d166f09..63cb79b384 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamBindingArgs.java @@ -42,19 +42,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -66,15 +56,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -86,6 +73,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -185,25 +189,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -217,17 +226,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -241,6 +246,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMember.java index 5fad193b41..0cebc84be0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_artifact\_registry\_repository\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.artifactregistry.RepositoryIamPolicy; + * import com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/artifactregistry.reader") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new RepositoryIamPolicy("policy", RepositoryIamPolicyArgs.builder() + * .project(my_repo.project()) + * .location(my_repo.location()) + * .repository(my_repo.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_artifact\_registry\_repository\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.artifactregistry.RepositoryIamBinding; + * import com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new RepositoryIamBinding("binding", RepositoryIamBindingArgs.builder() + * .project(my_repo.project()) + * .location(my_repo.location()) + * .repository(my_repo.name()) + * .role("roles/artifactregistry.reader") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_artifact\_registry\_repository\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.artifactregistry.RepositoryIamMember; + * import com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new RepositoryIamMember("member", RepositoryIamMemberArgs.builder() + * .project(my_repo.project()) + * .location(my_repo.location()) + * .repository(my_repo.name()) + * .role("roles/artifactregistry.reader") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -226,18 +345,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,15 +359,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,6 +376,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMemberArgs.java index 07048147e4..683228b743 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamMemberArgs.java @@ -41,19 +41,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -65,15 +55,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -85,6 +72,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -184,21 +188,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -212,17 +204,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -236,6 +225,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicy.java index c19a7c2e61..dbe80decc0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_artifact\_registry\_repository\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.artifactregistry.RepositoryIamPolicy; + * import com.pulumi.gcp.artifactregistry.RepositoryIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/artifactregistry.reader") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new RepositoryIamPolicy("policy", RepositoryIamPolicyArgs.builder() + * .project(my_repo.project()) + * .location(my_repo.location()) + * .repository(my_repo.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_artifact\_registry\_repository\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.artifactregistry.RepositoryIamBinding; + * import com.pulumi.gcp.artifactregistry.RepositoryIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new RepositoryIamBinding("binding", RepositoryIamBindingArgs.builder() + * .project(my_repo.project()) + * .location(my_repo.location()) + * .repository(my_repo.name()) + * .role("roles/artifactregistry.reader") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_artifact\_registry\_repository\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.artifactregistry.RepositoryIamMember; + * import com.pulumi.gcp.artifactregistry.RepositoryIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new RepositoryIamMember("member", RepositoryIamMemberArgs.builder() + * .project(my_repo.project()) + * .location(my_repo.location()) + * .repository(my_repo.name()) + * .role("roles/artifactregistry.reader") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -238,18 +357,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -258,18 +365,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicyArgs.java index 1f03ed79a3..30ac06a5c4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/RepositoryIamPolicyArgs.java @@ -54,18 +54,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -74,18 +62,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -183,18 +159,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -207,18 +171,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamBindingState.java index f4b34658a6..6216f414e3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamBindingState.java @@ -56,19 +56,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -80,15 +70,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -100,6 +87,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -221,25 +225,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -253,17 +262,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -277,6 +282,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamMemberState.java index b969839434..7d4ac2bf37 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamMemberState.java @@ -55,19 +55,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,15 +69,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -99,6 +86,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -220,21 +224,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,17 +240,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -272,6 +261,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamPolicyState.java index d84703df14..0055c9b8fa 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/artifactregistry/inputs/RepositoryIamPolicyState.java @@ -68,18 +68,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -88,18 +76,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -219,18 +195,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -243,18 +207,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamBinding.java index f50cbd7c18..db617394a6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_connection\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquery.ConnectionIamPolicy; + * import com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ConnectionIamPolicy("policy", ConnectionIamPolicyArgs.builder() + * .project(connection.project()) + * .location(connection.location()) + * .connectionId(connection.connectionId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_connection\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.ConnectionIamBinding; + * import com.pulumi.gcp.bigquery.ConnectionIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ConnectionIamBinding("binding", ConnectionIamBindingArgs.builder() + * .project(connection.project()) + * .location(connection.location()) + * .connectionId(connection.connectionId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_connection\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.ConnectionIamMember; + * import com.pulumi.gcp.bigquery.ConnectionIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ConnectionIamMember("member", ConnectionIamMemberArgs.builder() + * .project(connection.project()) + * .location(connection.location()) + * .connectionId(connection.connectionId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -253,18 +372,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -276,15 +386,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -296,6 +403,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamBindingArgs.java index 4390a404b9..7c685e41c4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamBindingArgs.java @@ -69,19 +69,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,15 +83,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -113,6 +100,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -230,25 +234,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -262,17 +271,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -286,6 +291,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamMember.java index aa86154cf2..88673f69dc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_connection\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquery.ConnectionIamPolicy; + * import com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ConnectionIamPolicy("policy", ConnectionIamPolicyArgs.builder() + * .project(connection.project()) + * .location(connection.location()) + * .connectionId(connection.connectionId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_connection\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.ConnectionIamBinding; + * import com.pulumi.gcp.bigquery.ConnectionIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ConnectionIamBinding("binding", ConnectionIamBindingArgs.builder() + * .project(connection.project()) + * .location(connection.location()) + * .connectionId(connection.connectionId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_connection\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.ConnectionIamMember; + * import com.pulumi.gcp.bigquery.ConnectionIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ConnectionIamMember("member", ConnectionIamMemberArgs.builder() + * .project(connection.project()) + * .location(connection.location()) + * .connectionId(connection.connectionId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -252,18 +371,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -275,15 +385,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -295,6 +402,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamMemberArgs.java index caaf020c28..97735ea660 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamMemberArgs.java @@ -68,19 +68,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,15 +82,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -112,6 +99,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -229,21 +233,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -257,17 +249,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -281,6 +270,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamPolicy.java index 842f559d37..15810177b5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_connection\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquery.ConnectionIamPolicy; + * import com.pulumi.gcp.bigquery.ConnectionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ConnectionIamPolicy("policy", ConnectionIamPolicyArgs.builder() + * .project(connection.project()) + * .location(connection.location()) + * .connectionId(connection.connectionId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_connection\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.ConnectionIamBinding; + * import com.pulumi.gcp.bigquery.ConnectionIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ConnectionIamBinding("binding", ConnectionIamBindingArgs.builder() + * .project(connection.project()) + * .location(connection.location()) + * .connectionId(connection.connectionId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_connection\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.ConnectionIamMember; + * import com.pulumi.gcp.bigquery.ConnectionIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ConnectionIamMember("member", ConnectionIamMemberArgs.builder() + * .project(connection.project()) + * .location(connection.location()) + * .connectionId(connection.connectionId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -264,18 +383,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -284,18 +391,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamPolicyArgs.java index 5f5b458ece..86ac737a2c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/ConnectionIamPolicyArgs.java @@ -81,18 +81,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -101,18 +89,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -228,18 +204,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -252,18 +216,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamBinding.java index 205e723d18..e6a819a43d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamBinding.java @@ -166,6 +166,137 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_dataset\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquery.Dataset; + * import com.pulumi.gcp.bigquery.DatasetArgs; + * import com.pulumi.gcp.bigquery.DatasetIamPolicy; + * import com.pulumi.gcp.bigquery.DatasetIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var datasetDataset = new Dataset("datasetDataset", DatasetArgs.builder() + * .datasetId("example_dataset") + * .build()); + * + * var dataset = new DatasetIamPolicy("dataset", DatasetIamPolicyArgs.builder() + * .datasetId(datasetDataset.datasetId()) + * .policyData(owner.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_dataset\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.Dataset; + * import com.pulumi.gcp.bigquery.DatasetArgs; + * import com.pulumi.gcp.bigquery.DatasetIamBinding; + * import com.pulumi.gcp.bigquery.DatasetIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dataset = new Dataset("dataset", DatasetArgs.builder() + * .datasetId("example_dataset") + * .build()); + * + * var reader = new DatasetIamBinding("reader", DatasetIamBindingArgs.builder() + * .datasetId(dataset.datasetId()) + * .role("roles/bigquery.dataViewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_dataset\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.Dataset; + * import com.pulumi.gcp.bigquery.DatasetArgs; + * import com.pulumi.gcp.bigquery.DatasetIamMember; + * import com.pulumi.gcp.bigquery.DatasetIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dataset = new Dataset("dataset", DatasetArgs.builder() + * .datasetId("example_dataset") + * .build()); + * + * var editor = new DatasetIamMember("editor", DatasetIamMemberArgs.builder() + * .datasetId(dataset.datasetId()) + * .role("roles/bigquery.dataEditor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -204,16 +335,6 @@ public Output> condition() { /** * The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ @Export(name="datasetId", refs={String.class}, tree="[0]") private Output datasetId; @@ -221,16 +342,6 @@ public Output> condition() { /** * @return The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ public Output datasetId() { return this.datasetId; @@ -249,9 +360,33 @@ public Output datasetId() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamBindingArgs.java index 19ed950407..3060322fa7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamBindingArgs.java @@ -28,8 +28,21 @@ public Optional> condition() { /** * The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + @Import(name="datasetId", required=true) + private Output datasetId; + + /** + * @return The dataset ID. + * + */ + public Output datasetId() { + return this.datasetId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -39,14 +52,12 @@ public Optional> condition() { * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * */ - @Import(name="datasetId", required=true) - private Output datasetId; + @Import(name="members", required=true) + private Output> members; /** - * @return The dataset ID. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -56,13 +67,6 @@ public Optional> condition() { * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * */ - public Output datasetId() { - return this.datasetId; - } - - @Import(name="members", required=true) - private Output> members; - public Output> members() { return this.members; } @@ -143,16 +147,6 @@ public Builder condition(DatasetIamBindingConditionArgs condition) { /** * @param datasetId The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * @return builder * */ @@ -164,8 +158,16 @@ public Builder datasetId(Output datasetId) { /** * @param datasetId The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder datasetId(String datasetId) { + return datasetId(Output.of(datasetId)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -177,19 +179,43 @@ public Builder datasetId(Output datasetId) { * @return builder * */ - public Builder datasetId(String datasetId) { - return datasetId(Output.of(datasetId)); - } - public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamMember.java index 9074f01c9a..c11cb96d08 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamMember.java @@ -165,6 +165,137 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_dataset\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquery.Dataset; + * import com.pulumi.gcp.bigquery.DatasetArgs; + * import com.pulumi.gcp.bigquery.DatasetIamPolicy; + * import com.pulumi.gcp.bigquery.DatasetIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var datasetDataset = new Dataset("datasetDataset", DatasetArgs.builder() + * .datasetId("example_dataset") + * .build()); + * + * var dataset = new DatasetIamPolicy("dataset", DatasetIamPolicyArgs.builder() + * .datasetId(datasetDataset.datasetId()) + * .policyData(owner.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_dataset\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.Dataset; + * import com.pulumi.gcp.bigquery.DatasetArgs; + * import com.pulumi.gcp.bigquery.DatasetIamBinding; + * import com.pulumi.gcp.bigquery.DatasetIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dataset = new Dataset("dataset", DatasetArgs.builder() + * .datasetId("example_dataset") + * .build()); + * + * var reader = new DatasetIamBinding("reader", DatasetIamBindingArgs.builder() + * .datasetId(dataset.datasetId()) + * .role("roles/bigquery.dataViewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_dataset\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.Dataset; + * import com.pulumi.gcp.bigquery.DatasetArgs; + * import com.pulumi.gcp.bigquery.DatasetIamMember; + * import com.pulumi.gcp.bigquery.DatasetIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dataset = new Dataset("dataset", DatasetArgs.builder() + * .datasetId("example_dataset") + * .build()); + * + * var editor = new DatasetIamMember("editor", DatasetIamMemberArgs.builder() + * .datasetId(dataset.datasetId()) + * .role("roles/bigquery.dataEditor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -203,16 +334,6 @@ public Output> condition() { /** * The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ @Export(name="datasetId", refs={String.class}, tree="[0]") private Output datasetId; @@ -220,16 +341,6 @@ public Output> condition() { /** * @return The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ public Output datasetId() { return this.datasetId; @@ -248,9 +359,33 @@ public Output datasetId() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamMemberArgs.java index 1cad3e6ecf..c39791b56e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamMemberArgs.java @@ -27,8 +27,21 @@ public Optional> condition() { /** * The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + @Import(name="datasetId", required=true) + private Output datasetId; + + /** + * @return The dataset ID. + * + */ + public Output datasetId() { + return this.datasetId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -38,14 +51,12 @@ public Optional> condition() { * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * */ - @Import(name="datasetId", required=true) - private Output datasetId; + @Import(name="member", required=true) + private Output member; /** - * @return The dataset ID. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -55,13 +66,6 @@ public Optional> condition() { * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * */ - public Output datasetId() { - return this.datasetId; - } - - @Import(name="member", required=true) - private Output member; - public Output member() { return this.member; } @@ -142,16 +146,6 @@ public Builder condition(DatasetIamMemberConditionArgs condition) { /** * @param datasetId The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * @return builder * */ @@ -163,8 +157,16 @@ public Builder datasetId(Output datasetId) { /** * @param datasetId The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder datasetId(String datasetId) { + return datasetId(Output.of(datasetId)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. @@ -176,15 +178,25 @@ public Builder datasetId(Output datasetId) { * @return builder * */ - public Builder datasetId(String datasetId) { - return datasetId(Output.of(datasetId)); - } - public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamPolicy.java index b4129f88f6..314803d0e1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamPolicy.java @@ -163,6 +163,137 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_dataset\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquery.Dataset; + * import com.pulumi.gcp.bigquery.DatasetArgs; + * import com.pulumi.gcp.bigquery.DatasetIamPolicy; + * import com.pulumi.gcp.bigquery.DatasetIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var owner = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var datasetDataset = new Dataset("datasetDataset", DatasetArgs.builder() + * .datasetId("example_dataset") + * .build()); + * + * var dataset = new DatasetIamPolicy("dataset", DatasetIamPolicyArgs.builder() + * .datasetId(datasetDataset.datasetId()) + * .policyData(owner.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_dataset\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.Dataset; + * import com.pulumi.gcp.bigquery.DatasetArgs; + * import com.pulumi.gcp.bigquery.DatasetIamBinding; + * import com.pulumi.gcp.bigquery.DatasetIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dataset = new Dataset("dataset", DatasetArgs.builder() + * .datasetId("example_dataset") + * .build()); + * + * var reader = new DatasetIamBinding("reader", DatasetIamBindingArgs.builder() + * .datasetId(dataset.datasetId()) + * .role("roles/bigquery.dataViewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_dataset\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.Dataset; + * import com.pulumi.gcp.bigquery.DatasetArgs; + * import com.pulumi.gcp.bigquery.DatasetIamMember; + * import com.pulumi.gcp.bigquery.DatasetIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dataset = new Dataset("dataset", DatasetArgs.builder() + * .datasetId("example_dataset") + * .build()); + * + * var editor = new DatasetIamMember("editor", DatasetIamMemberArgs.builder() + * .datasetId(dataset.datasetId()) + * .role("roles/bigquery.dataEditor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -195,16 +326,6 @@ public class DatasetIamPolicy extends com.pulumi.resources.CustomResource { /** * The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ @Export(name="datasetId", refs={String.class}, tree="[0]") private Output datasetId; @@ -212,16 +333,6 @@ public class DatasetIamPolicy extends com.pulumi.resources.CustomResource { /** * @return The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ public Output datasetId() { return this.datasetId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamPolicyArgs.java index f2f6c6befd..c17f20055b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/DatasetIamPolicyArgs.java @@ -19,16 +19,6 @@ public final class DatasetIamPolicyArgs extends com.pulumi.resources.ResourceArg /** * The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ @Import(name="datasetId", required=true) private Output datasetId; @@ -36,16 +26,6 @@ public final class DatasetIamPolicyArgs extends com.pulumi.resources.ResourceArg /** * @return The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ public Output datasetId() { return this.datasetId; @@ -114,16 +94,6 @@ public Builder(DatasetIamPolicyArgs defaults) { /** * @param datasetId The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * @return builder * */ @@ -135,16 +105,6 @@ public Builder datasetId(Output datasetId) { /** * @param datasetId The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamBinding.java index 806a9f98a8..570f021cf2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamBinding.java @@ -286,6 +286,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_table\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquery.IamPolicy; + * import com.pulumi.gcp.bigquery.IamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new IamPolicy("policy", IamPolicyArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquery.IamPolicy; + * import com.pulumi.gcp.bigquery.IamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new IamPolicy("policy", IamPolicyArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_bigquery\_table\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.IamBinding; + * import com.pulumi.gcp.bigquery.IamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new IamBinding("binding", IamBindingArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.IamBinding; + * import com.pulumi.gcp.bigquery.IamBindingArgs; + * import com.pulumi.gcp.bigquery.inputs.IamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new IamBinding("binding", IamBindingArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .condition(IamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_bigquery\_table\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.IamMember; + * import com.pulumi.gcp.bigquery.IamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new IamMember("member", IamMemberArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .role("roles/bigquery.dataOwner") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.IamMember; + * import com.pulumi.gcp.bigquery.IamMemberArgs; + * import com.pulumi.gcp.bigquery.inputs.IamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new IamMember("member", IamMemberArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .role("roles/bigquery.dataOwner") + * .member("user:jane@example.com") + * .condition(IamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -363,18 +616,9 @@ public Output datasetId() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -386,15 +630,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -406,6 +647,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamBindingArgs.java index c3f69a8aec..25babc141e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamBindingArgs.java @@ -42,19 +42,9 @@ public Output datasetId() { return this.datasetId; } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -66,15 +56,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -86,6 +73,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -177,25 +181,30 @@ public Builder datasetId(String datasetId) { return datasetId(Output.of(datasetId)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -209,17 +218,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -233,6 +238,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamMember.java index 4df9cb2f00..12f5a74d5a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamMember.java @@ -285,6 +285,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_table\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquery.IamPolicy; + * import com.pulumi.gcp.bigquery.IamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new IamPolicy("policy", IamPolicyArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquery.IamPolicy; + * import com.pulumi.gcp.bigquery.IamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new IamPolicy("policy", IamPolicyArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_bigquery\_table\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.IamBinding; + * import com.pulumi.gcp.bigquery.IamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new IamBinding("binding", IamBindingArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.IamBinding; + * import com.pulumi.gcp.bigquery.IamBindingArgs; + * import com.pulumi.gcp.bigquery.inputs.IamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new IamBinding("binding", IamBindingArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .condition(IamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_bigquery\_table\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.IamMember; + * import com.pulumi.gcp.bigquery.IamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new IamMember("member", IamMemberArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .role("roles/bigquery.dataOwner") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.IamMember; + * import com.pulumi.gcp.bigquery.IamMemberArgs; + * import com.pulumi.gcp.bigquery.inputs.IamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new IamMember("member", IamMemberArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .role("roles/bigquery.dataOwner") + * .member("user:jane@example.com") + * .condition(IamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -362,18 +615,9 @@ public Output datasetId() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -385,15 +629,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -405,6 +646,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamMemberArgs.java index be5d66ff04..17d5f4c953 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamMemberArgs.java @@ -41,19 +41,9 @@ public Output datasetId() { return this.datasetId; } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -65,15 +55,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -85,6 +72,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -176,21 +180,9 @@ public Builder datasetId(String datasetId) { return datasetId(Output.of(datasetId)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -204,17 +196,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,6 +217,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamPolicy.java index 93b9d649ca..908ed4bba3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamPolicy.java @@ -283,6 +283,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_table\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquery.IamPolicy; + * import com.pulumi.gcp.bigquery.IamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new IamPolicy("policy", IamPolicyArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquery.IamPolicy; + * import com.pulumi.gcp.bigquery.IamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new IamPolicy("policy", IamPolicyArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_bigquery\_table\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.IamBinding; + * import com.pulumi.gcp.bigquery.IamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new IamBinding("binding", IamBindingArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.IamBinding; + * import com.pulumi.gcp.bigquery.IamBindingArgs; + * import com.pulumi.gcp.bigquery.inputs.IamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new IamBinding("binding", IamBindingArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .role("roles/bigquery.dataOwner") + * .members("user:jane@example.com") + * .condition(IamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_bigquery\_table\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.IamMember; + * import com.pulumi.gcp.bigquery.IamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new IamMember("member", IamMemberArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .role("roles/bigquery.dataOwner") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquery.IamMember; + * import com.pulumi.gcp.bigquery.IamMemberArgs; + * import com.pulumi.gcp.bigquery.inputs.IamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new IamMember("member", IamMemberArgs.builder() + * .project(test.project()) + * .datasetId(test.datasetId()) + * .tableId(test.tableId()) + * .role("roles/bigquery.dataOwner") + * .member("user:jane@example.com") + * .condition(IamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -364,18 +617,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -384,18 +625,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamPolicyArgs.java index e0b4706a7e..b16738dd2e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/IamPolicyArgs.java @@ -44,18 +44,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -64,18 +52,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -151,18 +127,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -175,18 +139,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/ConnectionIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/ConnectionIamBindingState.java index cbb4dcf354..fd0cb88279 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/ConnectionIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/ConnectionIamBindingState.java @@ -83,19 +83,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,15 +97,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -127,6 +114,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -266,25 +270,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -298,17 +307,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -322,6 +327,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/ConnectionIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/ConnectionIamMemberState.java index 0f8252c0dd..fae433da3e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/ConnectionIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/ConnectionIamMemberState.java @@ -82,19 +82,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -106,15 +96,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -126,6 +113,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -265,21 +269,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -293,17 +285,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -317,6 +306,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/ConnectionIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/ConnectionIamPolicyState.java index 95817e78f3..c276c19a77 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/ConnectionIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/ConnectionIamPolicyState.java @@ -95,18 +95,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -115,18 +103,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -264,18 +240,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -288,18 +252,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/DatasetIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/DatasetIamBindingState.java index de8fafd174..3b57468eb6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/DatasetIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/DatasetIamBindingState.java @@ -27,16 +27,6 @@ public Optional> condition() { /** * The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ @Import(name="datasetId") private @Nullable Output datasetId; @@ -44,16 +34,6 @@ public Optional> condition() { /** * @return The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ public Optional> datasetId() { return Optional.ofNullable(this.datasetId); @@ -74,9 +54,33 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -158,16 +162,6 @@ public Builder condition(DatasetIamBindingConditionArgs condition) { /** * @param datasetId The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * @return builder * */ @@ -179,16 +173,6 @@ public Builder datasetId(@Nullable Output datasetId) { /** * @param datasetId The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * @return builder * */ @@ -217,15 +201,57 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/DatasetIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/DatasetIamMemberState.java index 0118793ee5..562e81ebb1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/DatasetIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/DatasetIamMemberState.java @@ -26,16 +26,6 @@ public Optional> condition() { /** * The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ @Import(name="datasetId") private @Nullable Output datasetId; @@ -43,16 +33,6 @@ public Optional> condition() { /** * @return The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ public Optional> datasetId() { return Optional.ofNullable(this.datasetId); @@ -73,9 +53,33 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -157,16 +161,6 @@ public Builder condition(DatasetIamMemberConditionArgs condition) { /** * @param datasetId The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * @return builder * */ @@ -178,16 +172,6 @@ public Builder datasetId(@Nullable Output datasetId) { /** * @param datasetId The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * @return builder * */ @@ -216,11 +200,39 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/DatasetIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/DatasetIamPolicyState.java index c3eefb9206..e599640c36 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/DatasetIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/DatasetIamPolicyState.java @@ -18,16 +18,6 @@ public final class DatasetIamPolicyState extends com.pulumi.resources.ResourceAr /** * The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ @Import(name="datasetId") private @Nullable Output datasetId; @@ -35,16 +25,6 @@ public final class DatasetIamPolicyState extends com.pulumi.resources.ResourceAr /** * @return The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * */ public Optional> datasetId() { return Optional.ofNullable(this.datasetId); @@ -129,16 +109,6 @@ public Builder(DatasetIamPolicyState defaults) { /** * @param datasetId The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * @return builder * */ @@ -150,16 +120,6 @@ public Builder datasetId(@Nullable Output datasetId) { /** * @param datasetId The dataset ID. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/IamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/IamBindingState.java index 611781f594..c48556c3a9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/IamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/IamBindingState.java @@ -56,19 +56,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -80,15 +70,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -100,6 +87,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -213,25 +217,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -245,17 +254,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,6 +274,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/IamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/IamMemberState.java index 9f9b31afa0..f7b98f4448 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/IamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/IamMemberState.java @@ -55,19 +55,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,15 +69,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -99,6 +86,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -212,21 +216,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -240,17 +232,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,6 +253,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/IamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/IamPolicyState.java index b714dcc7f1..2eef05ae1c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/IamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquery/inputs/IamPolicyState.java @@ -58,18 +58,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -78,18 +66,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -187,18 +163,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -211,18 +175,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamBinding.java index 8315a9203a..ccec517228 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DataExchangeIamPolicy("policy", DataExchangeIamPolicyArgs.builder() + * .project(dataExchange.project()) + * .location(dataExchange.location()) + * .dataExchangeId(dataExchange.dataExchangeId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DataExchangeIamBinding("binding", DataExchangeIamBindingArgs.builder() + * .project(dataExchange.project()) + * .location(dataExchange.location()) + * .dataExchangeId(dataExchange.dataExchangeId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DataExchangeIamMember("member", DataExchangeIamMemberArgs.builder() + * .project(dataExchange.project()) + * .location(dataExchange.location()) + * .dataExchangeId(dataExchange.dataExchangeId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -241,18 +360,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -264,15 +374,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -284,6 +391,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamBindingArgs.java index 2b43fff17a..faa5d5011b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamBindingArgs.java @@ -57,19 +57,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -81,15 +71,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -101,6 +88,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -206,25 +210,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -238,17 +247,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -262,6 +267,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamMember.java index a45d736d8f..d57cc594cb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DataExchangeIamPolicy("policy", DataExchangeIamPolicyArgs.builder() + * .project(dataExchange.project()) + * .location(dataExchange.location()) + * .dataExchangeId(dataExchange.dataExchangeId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DataExchangeIamBinding("binding", DataExchangeIamBindingArgs.builder() + * .project(dataExchange.project()) + * .location(dataExchange.location()) + * .dataExchangeId(dataExchange.dataExchangeId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DataExchangeIamMember("member", DataExchangeIamMemberArgs.builder() + * .project(dataExchange.project()) + * .location(dataExchange.location()) + * .dataExchangeId(dataExchange.dataExchangeId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -240,18 +359,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -263,15 +373,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -283,6 +390,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamMemberArgs.java index 5b052de268..4975b171ce 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamMemberArgs.java @@ -56,19 +56,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -80,15 +70,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -100,6 +87,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -205,21 +209,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -233,17 +225,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -257,6 +246,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamPolicy.java index 99a5f7e0b3..cb8d8028ae 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicy; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DataExchangeIamPolicy("policy", DataExchangeIamPolicyArgs.builder() + * .project(dataExchange.project()) + * .location(dataExchange.location()) + * .dataExchangeId(dataExchange.dataExchangeId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBinding; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DataExchangeIamBinding("binding", DataExchangeIamBindingArgs.builder() + * .project(dataExchange.project()) + * .location(dataExchange.location()) + * .dataExchangeId(dataExchange.dataExchangeId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMember; + * import com.pulumi.gcp.bigqueryanalyticshub.DataExchangeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DataExchangeIamMember("member", DataExchangeIamMemberArgs.builder() + * .project(dataExchange.project()) + * .location(dataExchange.location()) + * .dataExchangeId(dataExchange.dataExchangeId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -252,18 +371,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -272,18 +379,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamPolicyArgs.java index 978f8ca5a0..32190e0c74 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/DataExchangeIamPolicyArgs.java @@ -69,18 +69,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -89,18 +77,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -204,18 +180,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -228,18 +192,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamBinding.java index d75797be10..ae59de2e82 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamBinding.java @@ -153,6 +153,128 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ListingIamPolicy("policy", ListingIamPolicyArgs.builder() + * .project(listing.project()) + * .location(listing.location()) + * .dataExchangeId(listing.dataExchangeId()) + * .listingId(listing.listingId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ListingIamBinding("binding", ListingIamBindingArgs.builder() + * .project(listing.project()) + * .location(listing.location()) + * .dataExchangeId(listing.dataExchangeId()) + * .listingId(listing.listingId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ListingIamMember("member", ListingIamMemberArgs.builder() + * .project(listing.project()) + * .location(listing.location()) + * .dataExchangeId(listing.dataExchangeId()) + * .listingId(listing.listingId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -258,18 +380,9 @@ public Output listingId() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -281,15 +394,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -301,6 +411,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamBindingArgs.java index b1667efb49..76e4562d21 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamBindingArgs.java @@ -72,19 +72,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -96,15 +86,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -116,6 +103,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -243,25 +247,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -275,17 +284,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -299,6 +304,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamMember.java index b283516720..82fafad2fa 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamMember.java @@ -152,6 +152,128 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ListingIamPolicy("policy", ListingIamPolicyArgs.builder() + * .project(listing.project()) + * .location(listing.location()) + * .dataExchangeId(listing.dataExchangeId()) + * .listingId(listing.listingId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ListingIamBinding("binding", ListingIamBindingArgs.builder() + * .project(listing.project()) + * .location(listing.location()) + * .dataExchangeId(listing.dataExchangeId()) + * .listingId(listing.listingId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ListingIamMember("member", ListingIamMemberArgs.builder() + * .project(listing.project()) + * .location(listing.location()) + * .dataExchangeId(listing.dataExchangeId()) + * .listingId(listing.listingId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -257,18 +379,9 @@ public Output listingId() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -280,15 +393,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -300,6 +410,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamMemberArgs.java index cde6cddef8..7a5cc1f20f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamMemberArgs.java @@ -71,19 +71,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -95,15 +85,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -115,6 +102,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -242,21 +246,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -270,17 +262,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +283,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamPolicy.java index 7dda62316f..8fcb78f206 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamPolicy.java @@ -150,6 +150,128 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicy; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ListingIamPolicy("policy", ListingIamPolicyArgs.builder() + * .project(listing.project()) + * .location(listing.location()) + * .dataExchangeId(listing.dataExchangeId()) + * .listingId(listing.listingId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamBinding; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ListingIamBinding("binding", ListingIamBindingArgs.builder() + * .project(listing.project()) + * .location(listing.location()) + * .dataExchangeId(listing.dataExchangeId()) + * .listingId(listing.listingId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamMember; + * import com.pulumi.gcp.bigqueryanalyticshub.ListingIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ListingIamMember("member", ListingIamMemberArgs.builder() + * .project(listing.project()) + * .location(listing.location()) + * .dataExchangeId(listing.dataExchangeId()) + * .listingId(listing.listingId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -269,18 +391,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -289,18 +399,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamPolicyArgs.java index 6af847a419..3a0c59e4e8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/ListingIamPolicyArgs.java @@ -84,18 +84,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -104,18 +92,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -241,18 +217,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -265,18 +229,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/DataExchangeIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/DataExchangeIamBindingState.java index e389e2ca4a..8263f2efe1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/DataExchangeIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/DataExchangeIamBindingState.java @@ -71,19 +71,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -95,15 +85,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -115,6 +102,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -242,25 +246,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -274,17 +283,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -298,6 +303,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/DataExchangeIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/DataExchangeIamMemberState.java index eae3591957..aba2a0b085 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/DataExchangeIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/DataExchangeIamMemberState.java @@ -70,19 +70,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -94,15 +84,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -114,6 +101,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -241,21 +245,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,17 +261,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -293,6 +282,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/DataExchangeIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/DataExchangeIamPolicyState.java index 928dd1ab8f..4d5a769e82 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/DataExchangeIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/DataExchangeIamPolicyState.java @@ -83,18 +83,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -103,18 +91,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -240,18 +216,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -264,18 +228,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/ListingIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/ListingIamBindingState.java index c272a67cad..c0a3f1940a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/ListingIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/ListingIamBindingState.java @@ -86,19 +86,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -110,15 +100,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -130,6 +117,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -279,25 +283,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -311,17 +320,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -335,6 +340,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/ListingIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/ListingIamMemberState.java index 82c9d4bd2c..df89b8893f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/ListingIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/ListingIamMemberState.java @@ -85,19 +85,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -109,15 +99,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -129,6 +116,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -278,21 +282,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -306,17 +298,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -330,6 +319,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/ListingIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/ListingIamPolicyState.java index b732b34a06..d16a152bee 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/ListingIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigqueryanalyticshub/inputs/ListingIamPolicyState.java @@ -98,18 +98,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -118,18 +106,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -277,18 +253,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -301,18 +265,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamBinding.java index c5859d2e51..c81925e5e3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DataPolicyIamPolicy("policy", DataPolicyIamPolicyArgs.builder() + * .project(dataPolicy.project()) + * .location(dataPolicy.location()) + * .dataPolicyId(dataPolicy.dataPolicyId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DataPolicyIamBinding("binding", DataPolicyIamBindingArgs.builder() + * .project(dataPolicy.project()) + * .location(dataPolicy.location()) + * .dataPolicyId(dataPolicy.dataPolicyId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DataPolicyIamMember("member", DataPolicyIamMemberArgs.builder() + * .project(dataPolicy.project()) + * .location(dataPolicy.location()) + * .dataPolicyId(dataPolicy.dataPolicyId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -233,18 +352,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,15 +366,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -276,6 +383,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamBindingArgs.java index b0f6ab4f9b..46950b8bb9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamBindingArgs.java @@ -49,19 +49,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -186,25 +190,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -218,17 +227,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -242,6 +247,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamMember.java index 290c65eb18..9b91c44dd2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DataPolicyIamPolicy("policy", DataPolicyIamPolicyArgs.builder() + * .project(dataPolicy.project()) + * .location(dataPolicy.location()) + * .dataPolicyId(dataPolicy.dataPolicyId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DataPolicyIamBinding("binding", DataPolicyIamBindingArgs.builder() + * .project(dataPolicy.project()) + * .location(dataPolicy.location()) + * .dataPolicyId(dataPolicy.dataPolicyId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DataPolicyIamMember("member", DataPolicyIamMemberArgs.builder() + * .project(dataPolicy.project()) + * .location(dataPolicy.location()) + * .dataPolicyId(dataPolicy.dataPolicyId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -232,18 +351,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,15 +365,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -275,6 +382,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamMemberArgs.java index 2066ceff66..b3ffcde5fa 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamMemberArgs.java @@ -48,19 +48,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,15 +62,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,6 +79,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -185,21 +189,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -213,17 +205,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -237,6 +226,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamPolicy.java index a543b82fed..c139f7e37b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicy; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DataPolicyIamPolicy("policy", DataPolicyIamPolicyArgs.builder() + * .project(dataPolicy.project()) + * .location(dataPolicy.location()) + * .dataPolicyId(dataPolicy.dataPolicyId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBinding; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DataPolicyIamBinding("binding", DataPolicyIamBindingArgs.builder() + * .project(dataPolicy.project()) + * .location(dataPolicy.location()) + * .dataPolicyId(dataPolicy.dataPolicyId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMember; + * import com.pulumi.gcp.bigquerydatapolicy.DataPolicyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DataPolicyIamMember("member", DataPolicyIamMemberArgs.builder() + * .project(dataPolicy.project()) + * .location(dataPolicy.location()) + * .dataPolicyId(dataPolicy.dataPolicyId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -244,18 +363,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -264,18 +371,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamPolicyArgs.java index 2e3e97baf1..374ff43311 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/DataPolicyIamPolicyArgs.java @@ -61,18 +61,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -81,18 +69,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -184,18 +160,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -208,18 +172,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/inputs/DataPolicyIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/inputs/DataPolicyIamBindingState.java index 2dc530e5d0..94b539ef76 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/inputs/DataPolicyIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/inputs/DataPolicyIamBindingState.java @@ -63,19 +63,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -87,15 +77,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,6 +94,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -222,25 +226,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -254,17 +263,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -278,6 +283,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/inputs/DataPolicyIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/inputs/DataPolicyIamMemberState.java index 5126a2e8a1..6d173266a9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/inputs/DataPolicyIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/inputs/DataPolicyIamMemberState.java @@ -62,19 +62,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -86,15 +76,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -106,6 +93,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -221,21 +225,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,17 +241,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -273,6 +262,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/inputs/DataPolicyIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/inputs/DataPolicyIamPolicyState.java index 77a4206516..cc4f3a07ed 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/inputs/DataPolicyIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigquerydatapolicy/inputs/DataPolicyIamPolicyState.java @@ -75,18 +75,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -95,18 +83,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -220,18 +196,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -244,18 +208,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamBinding.java index cd9d193f48..9ae152b8d5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamBinding.java @@ -141,6 +141,120 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigtable\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigtable.InstanceIamPolicy; + * import com.pulumi.gcp.bigtable.InstanceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigtable.user") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new InstanceIamPolicy("editor", InstanceIamPolicyArgs.builder() + * .project("your-project") + * .instance("your-bigtable-instance") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigtable\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigtable.InstanceIamBinding; + * import com.pulumi.gcp.bigtable.InstanceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new InstanceIamBinding("editor", InstanceIamBindingArgs.builder() + * .instance("your-bigtable-instance") + * .role("roles/bigtable.user") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigtable\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigtable.InstanceIamMember; + * import com.pulumi.gcp.bigtable.InstanceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new InstanceIamMember("editor", InstanceIamMemberArgs.builder() + * .instance("your-bigtable-instance") + * .role("roles/bigtable.user") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -195,15 +309,6 @@ public Output etag() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="instance", refs={String.class}, tree="[0]") private Output instance; @@ -213,8 +318,13 @@ public Output etag() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output instance() { + return this.instance; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -223,12 +333,20 @@ public Output etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output instance() { - return this.instance; - } @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamBindingArgs.java index 0443cc1513..f39ddff865 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamBindingArgs.java @@ -30,15 +30,6 @@ public Optional> condition() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance", required=true) private Output instance; @@ -48,8 +39,14 @@ public Optional> condition() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output instance() { + return this.instance; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -58,13 +55,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output instance() { - return this.instance; - } - @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -151,15 +155,6 @@ public Builder condition(InstanceIamBindingConditionArgs condition) { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -173,8 +168,16 @@ public Builder instance(Output instance) { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder instance(String instance) { + return instance(Output.of(instance)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -185,19 +188,41 @@ public Builder instance(Output instance) { * @return builder * */ - public Builder instance(String instance) { - return instance(Output.of(instance)); - } - public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamMember.java index 6f7d2a4086..d215908888 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamMember.java @@ -140,6 +140,120 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigtable\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigtable.InstanceIamPolicy; + * import com.pulumi.gcp.bigtable.InstanceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigtable.user") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new InstanceIamPolicy("editor", InstanceIamPolicyArgs.builder() + * .project("your-project") + * .instance("your-bigtable-instance") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigtable\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigtable.InstanceIamBinding; + * import com.pulumi.gcp.bigtable.InstanceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new InstanceIamBinding("editor", InstanceIamBindingArgs.builder() + * .instance("your-bigtable-instance") + * .role("roles/bigtable.user") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigtable\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigtable.InstanceIamMember; + * import com.pulumi.gcp.bigtable.InstanceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new InstanceIamMember("editor", InstanceIamMemberArgs.builder() + * .instance("your-bigtable-instance") + * .role("roles/bigtable.user") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -194,15 +308,6 @@ public Output etag() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="instance", refs={String.class}, tree="[0]") private Output instance; @@ -212,8 +317,13 @@ public Output etag() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output instance() { + return this.instance; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -222,12 +332,20 @@ public Output etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output instance() { - return this.instance; - } @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamMemberArgs.java index 7107ff72e0..c66ca0dc74 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamMemberArgs.java @@ -29,15 +29,6 @@ public Optional> condition() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance", required=true) private Output instance; @@ -47,8 +38,14 @@ public Optional> condition() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output instance() { + return this.instance; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -57,13 +54,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output instance() { - return this.instance; - } - @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -150,15 +154,6 @@ public Builder condition(InstanceIamMemberConditionArgs condition) { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -172,8 +167,16 @@ public Builder instance(Output instance) { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder instance(String instance) { + return instance(Output.of(instance)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -184,15 +187,24 @@ public Builder instance(Output instance) { * @return builder * */ - public Builder instance(String instance) { - return instance(Output.of(instance)); - } - public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamPolicy.java index a6fe1c969e..de748468d4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamPolicy.java @@ -138,6 +138,120 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigtable\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigtable.InstanceIamPolicy; + * import com.pulumi.gcp.bigtable.InstanceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigtable.user") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new InstanceIamPolicy("editor", InstanceIamPolicyArgs.builder() + * .project("your-project") + * .instance("your-bigtable-instance") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigtable\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigtable.InstanceIamBinding; + * import com.pulumi.gcp.bigtable.InstanceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new InstanceIamBinding("editor", InstanceIamBindingArgs.builder() + * .instance("your-bigtable-instance") + * .role("roles/bigtable.user") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigtable\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigtable.InstanceIamMember; + * import com.pulumi.gcp.bigtable.InstanceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new InstanceIamMember("editor", InstanceIamMemberArgs.builder() + * .instance("your-bigtable-instance") + * .role("roles/bigtable.user") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -186,15 +300,6 @@ public Output etag() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="instance", refs={String.class}, tree="[0]") private Output instance; @@ -204,15 +309,6 @@ public Output etag() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output instance() { return this.instance; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamPolicyArgs.java index ac2d0cd03f..dd3d9a4a90 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/InstanceIamPolicyArgs.java @@ -21,15 +21,6 @@ public final class InstanceIamPolicyArgs extends com.pulumi.resources.ResourceAr * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance", required=true) private Output instance; @@ -39,15 +30,6 @@ public final class InstanceIamPolicyArgs extends com.pulumi.resources.ResourceAr * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output instance() { return this.instance; @@ -120,15 +102,6 @@ public Builder(InstanceIamPolicyArgs defaults) { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -142,15 +115,6 @@ public Builder instance(Output instance) { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamBinding.java index fbb95eabd4..cc668b9ea8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamBinding.java @@ -144,6 +144,123 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigtable\_table\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigtable.TableIamPolicy; + * import com.pulumi.gcp.bigtable.TableIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigtable.user") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new TableIamPolicy("editor", TableIamPolicyArgs.builder() + * .project("your-project") + * .instance("your-bigtable-instance") + * .table("your-bigtable-table") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigtable\_table\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigtable.TableIamBinding; + * import com.pulumi.gcp.bigtable.TableIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new TableIamBinding("editor", TableIamBindingArgs.builder() + * .table("your-bigtable-table") + * .instance("your-bigtable-instance") + * .role("roles/bigtable.user") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigtable\_table\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigtable.TableIamMember; + * import com.pulumi.gcp.bigtable.TableIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new TableIamMember("editor", TableIamMemberArgs.builder() + * .table("your-bigtable-table") + * .instance("your-bigtable-instance") + * .role("roles/bigtable.user") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -207,9 +324,31 @@ public Output etag() { public Output instance() { return this.instance; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -256,15 +395,6 @@ public Output role() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="table", refs={String.class}, tree="[0]") private Output table; @@ -274,15 +404,6 @@ public Output role() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output table() { return this.table; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamBindingArgs.java index e878c9d70c..05f95e3ea7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamBindingArgs.java @@ -40,9 +40,31 @@ public Output instance() { return this.instance; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -92,15 +114,6 @@ public Output role() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="table", required=true) private Output table; @@ -110,15 +123,6 @@ public Output role() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output table() { return this.table; @@ -183,15 +187,54 @@ public Builder instance(String instance) { return instance(Output.of(instance)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -253,15 +296,6 @@ public Builder role(String role) { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -275,15 +309,6 @@ public Builder table(Output table) { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamMember.java index 757a65005c..280f9dd130 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamMember.java @@ -143,6 +143,123 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigtable\_table\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigtable.TableIamPolicy; + * import com.pulumi.gcp.bigtable.TableIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigtable.user") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new TableIamPolicy("editor", TableIamPolicyArgs.builder() + * .project("your-project") + * .instance("your-bigtable-instance") + * .table("your-bigtable-table") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigtable\_table\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigtable.TableIamBinding; + * import com.pulumi.gcp.bigtable.TableIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new TableIamBinding("editor", TableIamBindingArgs.builder() + * .table("your-bigtable-table") + * .instance("your-bigtable-instance") + * .role("roles/bigtable.user") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigtable\_table\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigtable.TableIamMember; + * import com.pulumi.gcp.bigtable.TableIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new TableIamMember("editor", TableIamMemberArgs.builder() + * .table("your-bigtable-table") + * .instance("your-bigtable-instance") + * .role("roles/bigtable.user") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -206,9 +323,31 @@ public Output etag() { public Output instance() { return this.instance; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -255,15 +394,6 @@ public Output role() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="table", refs={String.class}, tree="[0]") private Output table; @@ -273,15 +403,6 @@ public Output role() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output table() { return this.table; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamMemberArgs.java index bb18e8fe73..3b07e52101 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamMemberArgs.java @@ -39,9 +39,31 @@ public Output instance() { return this.instance; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -91,15 +113,6 @@ public Output role() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="table", required=true) private Output table; @@ -109,15 +122,6 @@ public Output role() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output table() { return this.table; @@ -182,11 +186,37 @@ public Builder instance(String instance) { return instance(Output.of(instance)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -248,15 +278,6 @@ public Builder role(String role) { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -270,15 +291,6 @@ public Builder table(Output table) { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamPolicy.java index 2fe7d4ff57..9840b64530 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamPolicy.java @@ -141,6 +141,123 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_bigtable\_table\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.bigtable.TableIamPolicy; + * import com.pulumi.gcp.bigtable.TableIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/bigtable.user") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new TableIamPolicy("editor", TableIamPolicyArgs.builder() + * .project("your-project") + * .instance("your-bigtable-instance") + * .table("your-bigtable-table") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigtable\_table\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigtable.TableIamBinding; + * import com.pulumi.gcp.bigtable.TableIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new TableIamBinding("editor", TableIamBindingArgs.builder() + * .table("your-bigtable-table") + * .instance("your-bigtable-instance") + * .role("roles/bigtable.user") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_bigtable\_table\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.bigtable.TableIamMember; + * import com.pulumi.gcp.bigtable.TableIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new TableIamMember("editor", TableIamMemberArgs.builder() + * .table("your-bigtable-table") + * .instance("your-bigtable-instance") + * .role("roles/bigtable.user") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -237,15 +354,6 @@ public Output project() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="table", refs={String.class}, tree="[0]") private Output table; @@ -255,15 +363,6 @@ public Output project() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output table() { return this.table; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamPolicyArgs.java index d3529b8c18..e129e010ce 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/TableIamPolicyArgs.java @@ -72,15 +72,6 @@ public Optional> project() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="table", required=true) private Output table; @@ -90,15 +81,6 @@ public Optional> project() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output table() { return this.table; @@ -205,15 +187,6 @@ public Builder project(String project) { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -227,15 +200,6 @@ public Builder table(Output table) { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/InstanceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/InstanceIamBindingState.java index 1b8ac29851..4fc9b0d48c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/InstanceIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/InstanceIamBindingState.java @@ -44,15 +44,6 @@ public Optional> etag() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance") private @Nullable Output instance; @@ -62,8 +53,14 @@ public Optional> etag() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Optional> instance() { + return Optional.ofNullable(this.instance); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,13 +69,20 @@ public Optional> etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Optional> instance() { - return Optional.ofNullable(this.instance); - } - @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -187,15 +191,6 @@ public Builder etag(String etag) { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -209,8 +204,16 @@ public Builder instance(@Nullable Output instance) { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder instance(String instance) { + return instance(Output.of(instance)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -221,19 +224,41 @@ public Builder instance(@Nullable Output instance) { * @return builder * */ - public Builder instance(String instance) { - return instance(Output.of(instance)); - } - public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/InstanceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/InstanceIamMemberState.java index 6d9db8ed78..9219d6b5a0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/InstanceIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/InstanceIamMemberState.java @@ -43,15 +43,6 @@ public Optional> etag() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance") private @Nullable Output instance; @@ -61,8 +52,14 @@ public Optional> etag() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Optional> instance() { + return Optional.ofNullable(this.instance); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -71,13 +68,20 @@ public Optional> etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Optional> instance() { - return Optional.ofNullable(this.instance); - } - @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -186,15 +190,6 @@ public Builder etag(String etag) { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -208,8 +203,16 @@ public Builder instance(@Nullable Output instance) { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder instance(String instance) { + return instance(Output.of(instance)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -220,15 +223,24 @@ public Builder instance(@Nullable Output instance) { * @return builder * */ - public Builder instance(String instance) { - return instance(Output.of(instance)); - } - public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/InstanceIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/InstanceIamPolicyState.java index e9a98789de..5551bf7fc7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/InstanceIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/InstanceIamPolicyState.java @@ -35,15 +35,6 @@ public Optional> etag() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance") private @Nullable Output instance; @@ -53,15 +44,6 @@ public Optional> etag() { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> instance() { return Optional.ofNullable(this.instance); @@ -156,15 +138,6 @@ public Builder etag(String etag) { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -178,15 +151,6 @@ public Builder instance(@Nullable Output instance) { * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/TableIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/TableIamBindingState.java index 9f6ee08e39..b09b15d038 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/TableIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/TableIamBindingState.java @@ -54,9 +54,31 @@ public Optional> instance() { return Optional.ofNullable(this.instance); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -106,15 +128,6 @@ public Optional> role() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="table") private @Nullable Output table; @@ -124,15 +137,6 @@ public Optional> role() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> table() { return Optional.ofNullable(this.table); @@ -219,15 +223,54 @@ public Builder instance(String instance) { return instance(Output.of(instance)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -289,15 +332,6 @@ public Builder role(String role) { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -311,15 +345,6 @@ public Builder table(@Nullable Output table) { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/TableIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/TableIamMemberState.java index cb484c48f8..68cf41ae0e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/TableIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/TableIamMemberState.java @@ -53,9 +53,31 @@ public Optional> instance() { return Optional.ofNullable(this.instance); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -105,15 +127,6 @@ public Optional> role() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="table") private @Nullable Output table; @@ -123,15 +136,6 @@ public Optional> role() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> table() { return Optional.ofNullable(this.table); @@ -218,11 +222,37 @@ public Builder instance(String instance) { return instance(Output.of(instance)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -284,15 +314,6 @@ public Builder role(String role) { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -306,15 +327,6 @@ public Builder table(@Nullable Output table) { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/TableIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/TableIamPolicyState.java index 3a03e113fc..31078893e4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/TableIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/bigtable/inputs/TableIamPolicyState.java @@ -86,15 +86,6 @@ public Optional> project() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="table") private @Nullable Output table; @@ -104,15 +95,6 @@ public Optional> project() { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> table() { return Optional.ofNullable(this.table); @@ -241,15 +223,6 @@ public Builder project(String project) { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -263,15 +236,6 @@ public Builder table(@Nullable Output table) { * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamBinding.java index 7716a4d531..fa2ba7e546 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamBinding.java @@ -140,6 +140,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_billing\_account\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.billing.AccountIamPolicy; + * import com.pulumi.gcp.billing.AccountIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/billing.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new AccountIamPolicy("editor", AccountIamPolicyArgs.builder() + * .billingAccountId("00AA00-000AAA-00AA0A") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_billing\_account\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.billing.AccountIamBinding; + * import com.pulumi.gcp.billing.AccountIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new AccountIamBinding("editor", AccountIamBindingArgs.builder() + * .billingAccountId("00AA00-000AAA-00AA0A") + * .role("roles/billing.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_billing\_account\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.billing.AccountIamMember; + * import com.pulumi.gcp.billing.AccountIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new AccountIamMember("editor", AccountIamMemberArgs.builder() + * .billingAccountId("00AA00-000AAA-00AA0A") + * .role("roles/billing.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -174,13 +287,6 @@ public class AccountIamBinding extends com.pulumi.resources.CustomResource { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="billingAccountId", refs={String.class}, tree="[0]") private Output billingAccountId; @@ -190,13 +296,6 @@ public class AccountIamBinding extends com.pulumi.resources.CustomResource { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output billingAccountId() { return this.billingAccountId; @@ -221,9 +320,27 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamBindingArgs.java index e60186f745..a3b773c608 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamBindingArgs.java @@ -23,13 +23,6 @@ public final class AccountIamBindingArgs extends com.pulumi.resources.ResourceAr * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="billingAccountId", required=true) private Output billingAccountId; @@ -39,13 +32,6 @@ public final class AccountIamBindingArgs extends com.pulumi.resources.ResourceAr * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output billingAccountId() { return this.billingAccountId; @@ -58,9 +44,27 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -120,13 +124,6 @@ public Builder(AccountIamBindingArgs defaults) { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -140,13 +137,6 @@ public Builder billingAccountId(Output billingAccountId) { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -163,15 +153,48 @@ public Builder condition(AccountIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamMember.java index 2a48531f01..dae08f075d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamMember.java @@ -139,6 +139,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_billing\_account\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.billing.AccountIamPolicy; + * import com.pulumi.gcp.billing.AccountIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/billing.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new AccountIamPolicy("editor", AccountIamPolicyArgs.builder() + * .billingAccountId("00AA00-000AAA-00AA0A") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_billing\_account\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.billing.AccountIamBinding; + * import com.pulumi.gcp.billing.AccountIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new AccountIamBinding("editor", AccountIamBindingArgs.builder() + * .billingAccountId("00AA00-000AAA-00AA0A") + * .role("roles/billing.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_billing\_account\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.billing.AccountIamMember; + * import com.pulumi.gcp.billing.AccountIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new AccountIamMember("editor", AccountIamMemberArgs.builder() + * .billingAccountId("00AA00-000AAA-00AA0A") + * .role("roles/billing.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -173,13 +286,6 @@ public class AccountIamMember extends com.pulumi.resources.CustomResource { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="billingAccountId", refs={String.class}, tree="[0]") private Output billingAccountId; @@ -189,13 +295,6 @@ public class AccountIamMember extends com.pulumi.resources.CustomResource { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output billingAccountId() { return this.billingAccountId; @@ -220,9 +319,27 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamMemberArgs.java index 4b61ff4c1d..87eea88d3e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamMemberArgs.java @@ -22,13 +22,6 @@ public final class AccountIamMemberArgs extends com.pulumi.resources.ResourceArg * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="billingAccountId", required=true) private Output billingAccountId; @@ -38,13 +31,6 @@ public final class AccountIamMemberArgs extends com.pulumi.resources.ResourceArg * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output billingAccountId() { return this.billingAccountId; @@ -57,9 +43,27 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -119,13 +123,6 @@ public Builder(AccountIamMemberArgs defaults) { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -139,13 +136,6 @@ public Builder billingAccountId(Output billingAccountId) { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -162,11 +152,33 @@ public Builder condition(AccountIamMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamPolicy.java index 501db0a683..8893fbb314 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamPolicy.java @@ -137,6 +137,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_billing\_account\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.billing.AccountIamPolicy; + * import com.pulumi.gcp.billing.AccountIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/billing.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new AccountIamPolicy("editor", AccountIamPolicyArgs.builder() + * .billingAccountId("00AA00-000AAA-00AA0A") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_billing\_account\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.billing.AccountIamBinding; + * import com.pulumi.gcp.billing.AccountIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new AccountIamBinding("editor", AccountIamBindingArgs.builder() + * .billingAccountId("00AA00-000AAA-00AA0A") + * .role("roles/billing.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_billing\_account\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.billing.AccountIamMember; + * import com.pulumi.gcp.billing.AccountIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new AccountIamMember("editor", AccountIamMemberArgs.builder() + * .billingAccountId("00AA00-000AAA-00AA0A") + * .role("roles/billing.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -171,13 +284,6 @@ public class AccountIamPolicy extends com.pulumi.resources.CustomResource { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="billingAccountId", refs={String.class}, tree="[0]") private Output billingAccountId; @@ -187,13 +293,6 @@ public class AccountIamPolicy extends com.pulumi.resources.CustomResource { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output billingAccountId() { return this.billingAccountId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamPolicyArgs.java index 1801270357..cb8f69a551 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/billing/AccountIamPolicyArgs.java @@ -19,13 +19,6 @@ public final class AccountIamPolicyArgs extends com.pulumi.resources.ResourceArg * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="billingAccountId", required=true) private Output billingAccountId; @@ -35,13 +28,6 @@ public final class AccountIamPolicyArgs extends com.pulumi.resources.ResourceArg * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output billingAccountId() { return this.billingAccountId; @@ -96,13 +82,6 @@ public Builder(AccountIamPolicyArgs defaults) { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -116,13 +95,6 @@ public Builder billingAccountId(Output billingAccountId) { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/billing/inputs/AccountIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/billing/inputs/AccountIamBindingState.java index 7c78deb84d..1f6056ab6d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/billing/inputs/AccountIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/billing/inputs/AccountIamBindingState.java @@ -22,13 +22,6 @@ public final class AccountIamBindingState extends com.pulumi.resources.ResourceA * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="billingAccountId") private @Nullable Output billingAccountId; @@ -38,13 +31,6 @@ public final class AccountIamBindingState extends com.pulumi.resources.ResourceA * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> billingAccountId() { return Optional.ofNullable(this.billingAccountId); @@ -72,9 +58,27 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -135,13 +139,6 @@ public Builder(AccountIamBindingState defaults) { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -155,13 +152,6 @@ public Builder billingAccountId(@Nullable Output billingAccountId) { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -199,15 +189,48 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/billing/inputs/AccountIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/billing/inputs/AccountIamMemberState.java index 41af4ffa13..8b75bf7a02 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/billing/inputs/AccountIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/billing/inputs/AccountIamMemberState.java @@ -21,13 +21,6 @@ public final class AccountIamMemberState extends com.pulumi.resources.ResourceAr * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="billingAccountId") private @Nullable Output billingAccountId; @@ -37,13 +30,6 @@ public final class AccountIamMemberState extends com.pulumi.resources.ResourceAr * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> billingAccountId() { return Optional.ofNullable(this.billingAccountId); @@ -71,9 +57,27 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -134,13 +138,6 @@ public Builder(AccountIamMemberState defaults) { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -154,13 +151,6 @@ public Builder billingAccountId(@Nullable Output billingAccountId) { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -198,11 +188,33 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/billing/inputs/AccountIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/billing/inputs/AccountIamPolicyState.java index 7a8484fab2..84f8c114c9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/billing/inputs/AccountIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/billing/inputs/AccountIamPolicyState.java @@ -20,13 +20,6 @@ public final class AccountIamPolicyState extends com.pulumi.resources.ResourceAr * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="billingAccountId") private @Nullable Output billingAccountId; @@ -36,13 +29,6 @@ public final class AccountIamPolicyState extends com.pulumi.resources.ResourceAr * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> billingAccountId() { return Optional.ofNullable(this.billingAccountId); @@ -113,13 +99,6 @@ public Builder(AccountIamPolicyState defaults) { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -133,13 +112,6 @@ public Builder billingAccountId(@Nullable Output billingAccountId) { * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamBinding.java index 9c3531c6e8..a6258d1f05 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_binary\_authorization\_attestor\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.binaryauthorization.AttestorIamPolicy; + * import com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AttestorIamPolicy("policy", AttestorIamPolicyArgs.builder() + * .project(attestor.project()) + * .attestor(attestor.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_binary\_authorization\_attestor\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.binaryauthorization.AttestorIamBinding; + * import com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AttestorIamBinding("binding", AttestorIamBindingArgs.builder() + * .project(attestor.project()) + * .attestor(attestor.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_binary\_authorization\_attestor\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.binaryauthorization.AttestorIamMember; + * import com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AttestorIamMember("member", AttestorIamMemberArgs.builder() + * .project(attestor.project()) + * .attestor(attestor.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -220,18 +336,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -243,15 +350,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -263,6 +367,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamBindingArgs.java index 9d352c0101..3e91db67f3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamBindingArgs.java @@ -40,19 +40,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -64,15 +54,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -84,6 +71,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -165,25 +169,30 @@ public Builder condition(AttestorIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,17 +206,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -221,6 +226,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamMember.java index 4c68fe398c..e8055db92a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_binary\_authorization\_attestor\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.binaryauthorization.AttestorIamPolicy; + * import com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AttestorIamPolicy("policy", AttestorIamPolicyArgs.builder() + * .project(attestor.project()) + * .attestor(attestor.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_binary\_authorization\_attestor\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.binaryauthorization.AttestorIamBinding; + * import com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AttestorIamBinding("binding", AttestorIamBindingArgs.builder() + * .project(attestor.project()) + * .attestor(attestor.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_binary\_authorization\_attestor\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.binaryauthorization.AttestorIamMember; + * import com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AttestorIamMember("member", AttestorIamMemberArgs.builder() + * .project(attestor.project()) + * .attestor(attestor.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -219,18 +335,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -242,15 +349,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -262,6 +366,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamMemberArgs.java index 4cc8146a3c..ee68ed089e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamMemberArgs.java @@ -39,19 +39,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -164,21 +168,9 @@ public Builder condition(AttestorIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,17 +184,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,6 +205,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamPolicy.java index 9172967e65..0e6419f616 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_binary\_authorization\_attestor\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.binaryauthorization.AttestorIamPolicy; + * import com.pulumi.gcp.binaryauthorization.AttestorIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AttestorIamPolicy("policy", AttestorIamPolicyArgs.builder() + * .project(attestor.project()) + * .attestor(attestor.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_binary\_authorization\_attestor\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.binaryauthorization.AttestorIamBinding; + * import com.pulumi.gcp.binaryauthorization.AttestorIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AttestorIamBinding("binding", AttestorIamBindingArgs.builder() + * .project(attestor.project()) + * .attestor(attestor.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_binary\_authorization\_attestor\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.binaryauthorization.AttestorIamMember; + * import com.pulumi.gcp.binaryauthorization.AttestorIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AttestorIamMember("member", AttestorIamMemberArgs.builder() + * .project(attestor.project()) + * .attestor(attestor.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -231,18 +347,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -251,18 +355,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamPolicyArgs.java index 30fcd6b9fc..860b5a14f4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/AttestorIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -163,18 +139,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -187,18 +151,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/inputs/AttestorIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/inputs/AttestorIamBindingState.java index 9487abf301..b756b7c2ec 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/inputs/AttestorIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/inputs/AttestorIamBindingState.java @@ -54,19 +54,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,15 +68,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -98,6 +85,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -201,25 +205,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -233,17 +242,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -257,6 +262,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/inputs/AttestorIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/inputs/AttestorIamMemberState.java index f70cccf794..2c8b3ae8f4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/inputs/AttestorIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/inputs/AttestorIamMemberState.java @@ -53,19 +53,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -77,15 +67,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -97,6 +84,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -200,21 +204,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,17 +220,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -252,6 +241,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/inputs/AttestorIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/inputs/AttestorIamPolicyState.java index 7e60c2a7b2..aaab48ea9d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/inputs/AttestorIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/binaryauthorization/inputs/AttestorIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -199,18 +175,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -223,18 +187,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamBinding.java index 9534f434c5..c9ee55acd3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamBinding.java @@ -274,6 +274,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_privateca\_ca\_pool\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.certificateauthority.CaPoolIamPolicy; + * import com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/privateca.certificateManager") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new CaPoolIamPolicy("policy", CaPoolIamPolicyArgs.builder() + * .caPool(default_.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.certificateauthority.CaPoolIamPolicy; + * import com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/privateca.certificateManager") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new CaPoolIamPolicy("policy", CaPoolIamPolicyArgs.builder() + * .caPool(default_.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_privateca\_ca\_pool\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CaPoolIamBinding; + * import com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new CaPoolIamBinding("binding", CaPoolIamBindingArgs.builder() + * .caPool(default_.id()) + * .role("roles/privateca.certificateManager") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CaPoolIamBinding; + * import com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs; + * import com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new CaPoolIamBinding("binding", CaPoolIamBindingArgs.builder() + * .caPool(default_.id()) + * .role("roles/privateca.certificateManager") + * .members("user:jane@example.com") + * .condition(CaPoolIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_privateca\_ca\_pool\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CaPoolIamMember; + * import com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new CaPoolIamMember("member", CaPoolIamMemberArgs.builder() + * .caPool(default_.id()) + * .role("roles/privateca.certificateManager") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CaPoolIamMember; + * import com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs; + * import com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new CaPoolIamMember("member", CaPoolIamMemberArgs.builder() + * .caPool(default_.id()) + * .role("roles/privateca.certificateManager") + * .member("user:jane@example.com") + * .condition(CaPoolIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -375,18 +616,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -398,15 +630,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -418,6 +647,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamBindingArgs.java index a12a35644f..281a4968cd 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamBindingArgs.java @@ -69,19 +69,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,15 +83,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -113,6 +100,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -234,25 +238,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -266,17 +275,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -290,6 +295,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamMember.java index 1ca7bf2be0..d0180aff8c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamMember.java @@ -273,6 +273,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_privateca\_ca\_pool\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.certificateauthority.CaPoolIamPolicy; + * import com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/privateca.certificateManager") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new CaPoolIamPolicy("policy", CaPoolIamPolicyArgs.builder() + * .caPool(default_.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.certificateauthority.CaPoolIamPolicy; + * import com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/privateca.certificateManager") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new CaPoolIamPolicy("policy", CaPoolIamPolicyArgs.builder() + * .caPool(default_.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_privateca\_ca\_pool\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CaPoolIamBinding; + * import com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new CaPoolIamBinding("binding", CaPoolIamBindingArgs.builder() + * .caPool(default_.id()) + * .role("roles/privateca.certificateManager") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CaPoolIamBinding; + * import com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs; + * import com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new CaPoolIamBinding("binding", CaPoolIamBindingArgs.builder() + * .caPool(default_.id()) + * .role("roles/privateca.certificateManager") + * .members("user:jane@example.com") + * .condition(CaPoolIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_privateca\_ca\_pool\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CaPoolIamMember; + * import com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new CaPoolIamMember("member", CaPoolIamMemberArgs.builder() + * .caPool(default_.id()) + * .role("roles/privateca.certificateManager") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CaPoolIamMember; + * import com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs; + * import com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new CaPoolIamMember("member", CaPoolIamMemberArgs.builder() + * .caPool(default_.id()) + * .role("roles/privateca.certificateManager") + * .member("user:jane@example.com") + * .condition(CaPoolIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -374,18 +615,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -397,15 +629,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -417,6 +646,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamMemberArgs.java index 81992b848a..b2d9b7f55e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamMemberArgs.java @@ -68,19 +68,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,15 +82,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -112,6 +99,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -233,21 +237,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -261,17 +253,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -285,6 +274,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamPolicy.java index 754dcfbca7..5292f0a1ce 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamPolicy.java @@ -271,6 +271,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_privateca\_ca\_pool\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.certificateauthority.CaPoolIamPolicy; + * import com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/privateca.certificateManager") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new CaPoolIamPolicy("policy", CaPoolIamPolicyArgs.builder() + * .caPool(default_.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.certificateauthority.CaPoolIamPolicy; + * import com.pulumi.gcp.certificateauthority.CaPoolIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/privateca.certificateManager") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new CaPoolIamPolicy("policy", CaPoolIamPolicyArgs.builder() + * .caPool(default_.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_privateca\_ca\_pool\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CaPoolIamBinding; + * import com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new CaPoolIamBinding("binding", CaPoolIamBindingArgs.builder() + * .caPool(default_.id()) + * .role("roles/privateca.certificateManager") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CaPoolIamBinding; + * import com.pulumi.gcp.certificateauthority.CaPoolIamBindingArgs; + * import com.pulumi.gcp.certificateauthority.inputs.CaPoolIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new CaPoolIamBinding("binding", CaPoolIamBindingArgs.builder() + * .caPool(default_.id()) + * .role("roles/privateca.certificateManager") + * .members("user:jane@example.com") + * .condition(CaPoolIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_privateca\_ca\_pool\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CaPoolIamMember; + * import com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new CaPoolIamMember("member", CaPoolIamMemberArgs.builder() + * .caPool(default_.id()) + * .role("roles/privateca.certificateManager") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CaPoolIamMember; + * import com.pulumi.gcp.certificateauthority.CaPoolIamMemberArgs; + * import com.pulumi.gcp.certificateauthority.inputs.CaPoolIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new CaPoolIamMember("member", CaPoolIamMemberArgs.builder() + * .caPool(default_.id()) + * .role("roles/privateca.certificateManager") + * .member("user:jane@example.com") + * .condition(CaPoolIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -376,18 +617,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -396,18 +625,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamPolicyArgs.java index c31ae2adf2..d2ac5195c4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CaPoolIamPolicyArgs.java @@ -71,18 +71,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -91,18 +79,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -208,18 +184,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -232,18 +196,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamBinding.java index c3c23cf499..fed336ed88 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamBinding.java @@ -274,6 +274,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_privateca\_certificate\_template\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/privateca.templateUser") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new CertificateTemplateIamPolicy("policy", CertificateTemplateIamPolicyArgs.builder() + * .certificateTemplate(default_.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/privateca.templateUser") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new CertificateTemplateIamPolicy("policy", CertificateTemplateIamPolicyArgs.builder() + * .certificateTemplate(default_.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_privateca\_certificate\_template\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new CertificateTemplateIamBinding("binding", CertificateTemplateIamBindingArgs.builder() + * .certificateTemplate(default_.id()) + * .role("roles/privateca.templateUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs; + * import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new CertificateTemplateIamBinding("binding", CertificateTemplateIamBindingArgs.builder() + * .certificateTemplate(default_.id()) + * .role("roles/privateca.templateUser") + * .members("user:jane@example.com") + * .condition(CertificateTemplateIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_privateca\_certificate\_template\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new CertificateTemplateIamMember("member", CertificateTemplateIamMemberArgs.builder() + * .certificateTemplate(default_.id()) + * .role("roles/privateca.templateUser") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs; + * import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new CertificateTemplateIamMember("member", CertificateTemplateIamMemberArgs.builder() + * .certificateTemplate(default_.id()) + * .role("roles/privateca.templateUser") + * .member("user:jane@example.com") + * .condition(CertificateTemplateIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -363,18 +604,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -386,15 +618,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -406,6 +635,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamBindingArgs.java index 574a1440dd..0ef1786fd0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamBindingArgs.java @@ -57,19 +57,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -81,15 +71,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -101,6 +88,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -206,25 +210,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -238,17 +247,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -262,6 +267,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamMember.java index 6745b53474..ec02132f43 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamMember.java @@ -273,6 +273,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_privateca\_certificate\_template\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/privateca.templateUser") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new CertificateTemplateIamPolicy("policy", CertificateTemplateIamPolicyArgs.builder() + * .certificateTemplate(default_.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/privateca.templateUser") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new CertificateTemplateIamPolicy("policy", CertificateTemplateIamPolicyArgs.builder() + * .certificateTemplate(default_.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_privateca\_certificate\_template\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new CertificateTemplateIamBinding("binding", CertificateTemplateIamBindingArgs.builder() + * .certificateTemplate(default_.id()) + * .role("roles/privateca.templateUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs; + * import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new CertificateTemplateIamBinding("binding", CertificateTemplateIamBindingArgs.builder() + * .certificateTemplate(default_.id()) + * .role("roles/privateca.templateUser") + * .members("user:jane@example.com") + * .condition(CertificateTemplateIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_privateca\_certificate\_template\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new CertificateTemplateIamMember("member", CertificateTemplateIamMemberArgs.builder() + * .certificateTemplate(default_.id()) + * .role("roles/privateca.templateUser") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs; + * import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new CertificateTemplateIamMember("member", CertificateTemplateIamMemberArgs.builder() + * .certificateTemplate(default_.id()) + * .role("roles/privateca.templateUser") + * .member("user:jane@example.com") + * .condition(CertificateTemplateIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -362,18 +603,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -385,15 +617,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -405,6 +634,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamMemberArgs.java index e15c0a207d..c60a96d85a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamMemberArgs.java @@ -56,19 +56,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -80,15 +70,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -100,6 +87,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -205,21 +209,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -233,17 +225,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -257,6 +246,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamPolicy.java index b471e49723..2827b1618c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamPolicy.java @@ -271,6 +271,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_privateca\_certificate\_template\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/privateca.templateUser") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new CertificateTemplateIamPolicy("policy", CertificateTemplateIamPolicyArgs.builder() + * .certificateTemplate(default_.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicy; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/privateca.templateUser") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new CertificateTemplateIamPolicy("policy", CertificateTemplateIamPolicyArgs.builder() + * .certificateTemplate(default_.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_privateca\_certificate\_template\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new CertificateTemplateIamBinding("binding", CertificateTemplateIamBindingArgs.builder() + * .certificateTemplate(default_.id()) + * .role("roles/privateca.templateUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamBinding; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamBindingArgs; + * import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new CertificateTemplateIamBinding("binding", CertificateTemplateIamBindingArgs.builder() + * .certificateTemplate(default_.id()) + * .role("roles/privateca.templateUser") + * .members("user:jane@example.com") + * .condition(CertificateTemplateIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_privateca\_certificate\_template\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new CertificateTemplateIamMember("member", CertificateTemplateIamMemberArgs.builder() + * .certificateTemplate(default_.id()) + * .role("roles/privateca.templateUser") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamMember; + * import com.pulumi.gcp.certificateauthority.CertificateTemplateIamMemberArgs; + * import com.pulumi.gcp.certificateauthority.inputs.CertificateTemplateIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new CertificateTemplateIamMember("member", CertificateTemplateIamMemberArgs.builder() + * .certificateTemplate(default_.id()) + * .role("roles/privateca.templateUser") + * .member("user:jane@example.com") + * .condition(CertificateTemplateIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -364,18 +605,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -384,18 +613,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamPolicyArgs.java index 018cd57f3c..1e6aa883ec 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/CertificateTemplateIamPolicyArgs.java @@ -59,18 +59,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -79,18 +67,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -180,18 +156,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -204,18 +168,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CaPoolIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CaPoolIamBindingState.java index 77ec1b0eff..74fe9557c5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CaPoolIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CaPoolIamBindingState.java @@ -83,19 +83,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,15 +97,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -127,6 +114,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -270,25 +274,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -302,17 +311,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -326,6 +331,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CaPoolIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CaPoolIamMemberState.java index 57444aaecd..946b02752d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CaPoolIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CaPoolIamMemberState.java @@ -82,19 +82,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -106,15 +96,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -126,6 +113,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -269,21 +273,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,17 +289,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -321,6 +310,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CaPoolIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CaPoolIamPolicyState.java index a35e65d533..a418b9847d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CaPoolIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CaPoolIamPolicyState.java @@ -85,18 +85,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -105,18 +93,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -244,18 +220,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -268,18 +232,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CertificateTemplateIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CertificateTemplateIamBindingState.java index 62567c80fa..3955d923af 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CertificateTemplateIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CertificateTemplateIamBindingState.java @@ -71,19 +71,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -95,15 +85,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -115,6 +102,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -242,25 +246,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -274,17 +283,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -298,6 +303,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CertificateTemplateIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CertificateTemplateIamMemberState.java index 537c5f559a..ae673742e7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CertificateTemplateIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CertificateTemplateIamMemberState.java @@ -70,19 +70,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -94,15 +84,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -114,6 +101,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -241,21 +245,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,17 +261,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -293,6 +282,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CertificateTemplateIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CertificateTemplateIamPolicyState.java index 249c4763c4..a78df4e754 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CertificateTemplateIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/certificateauthority/inputs/CertificateTemplateIamPolicyState.java @@ -73,18 +73,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -93,18 +81,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -216,18 +192,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -240,18 +204,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMBinding.java index eeb0a8e6c5..c835383903 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloudbuildv2\_connection\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/cloudbuild.connectionViewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ConnectionIAMPolicy("policy", ConnectionIAMPolicyArgs.builder() + * .project(my_connection.project()) + * .location(my_connection.location()) + * .name(my_connection.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudbuildv2\_connection\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ConnectionIAMBinding("binding", ConnectionIAMBindingArgs.builder() + * .project(my_connection.project()) + * .location(my_connection.location()) + * .name(my_connection.name()) + * .role("roles/cloudbuild.connectionViewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudbuildv2\_connection\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ConnectionIAMMember("member", ConnectionIAMMemberArgs.builder() + * .project(my_connection.project()) + * .location(my_connection.location()) + * .name(my_connection.name()) + * .role("roles/cloudbuild.connectionViewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -225,9 +344,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -249,18 +396,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -269,18 +404,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMBindingArgs.java index 8582b401f7..eca60abe70 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMBindingArgs.java @@ -40,9 +40,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -66,18 +94,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +102,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -181,15 +185,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -219,18 +271,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -243,18 +283,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMMember.java index 1f5991758b..64dd54d912 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloudbuildv2\_connection\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/cloudbuild.connectionViewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ConnectionIAMPolicy("policy", ConnectionIAMPolicyArgs.builder() + * .project(my_connection.project()) + * .location(my_connection.location()) + * .name(my_connection.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudbuildv2\_connection\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ConnectionIAMBinding("binding", ConnectionIAMBindingArgs.builder() + * .project(my_connection.project()) + * .location(my_connection.location()) + * .name(my_connection.name()) + * .role("roles/cloudbuild.connectionViewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudbuildv2\_connection\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ConnectionIAMMember("member", ConnectionIAMMemberArgs.builder() + * .project(my_connection.project()) + * .location(my_connection.location()) + * .name(my_connection.name()) + * .role("roles/cloudbuild.connectionViewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -224,9 +343,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -248,18 +395,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -268,18 +403,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMMemberArgs.java index 9bfc8d7f78..a80cf631e9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMMemberArgs.java @@ -39,9 +39,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -65,18 +93,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -85,18 +101,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -180,11 +184,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -214,18 +250,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -238,18 +262,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMPolicy.java index c2ad14f617..d820385ffc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloudbuildv2\_connection\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicy; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/cloudbuild.connectionViewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ConnectionIAMPolicy("policy", ConnectionIAMPolicyArgs.builder() + * .project(my_connection.project()) + * .location(my_connection.location()) + * .name(my_connection.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudbuildv2\_connection\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMBinding; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ConnectionIAMBinding("binding", ConnectionIAMBindingArgs.builder() + * .project(my_connection.project()) + * .location(my_connection.location()) + * .name(my_connection.name()) + * .role("roles/cloudbuild.connectionViewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudbuildv2\_connection\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMMember; + * import com.pulumi.gcp.cloudbuildv2.ConnectionIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ConnectionIAMMember("member", ConnectionIAMMemberArgs.builder() + * .project(my_connection.project()) + * .location(my_connection.location()) + * .name(my_connection.name()) + * .role("roles/cloudbuild.connectionViewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -250,18 +369,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -270,18 +377,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMPolicyArgs.java index 1e6b52eaf2..a07308c231 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/ConnectionIAMPolicyArgs.java @@ -67,18 +67,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -87,18 +75,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -200,18 +176,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -224,18 +188,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/inputs/ConnectionIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/inputs/ConnectionIAMBindingState.java index 0f4f4b661c..817848cdfd 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/inputs/ConnectionIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/inputs/ConnectionIAMBindingState.java @@ -54,9 +54,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -80,18 +108,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -100,18 +116,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -217,15 +221,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -255,18 +307,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -279,18 +319,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/inputs/ConnectionIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/inputs/ConnectionIAMMemberState.java index 223c86bee0..f4c38a61c5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/inputs/ConnectionIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/inputs/ConnectionIAMMemberState.java @@ -53,9 +53,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -79,18 +107,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -99,18 +115,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -216,11 +220,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -250,18 +286,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -274,18 +298,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/inputs/ConnectionIAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/inputs/ConnectionIAMPolicyState.java index d7b5154c2d..9eabcac22e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/inputs/ConnectionIAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudbuildv2/inputs/ConnectionIAMPolicyState.java @@ -81,18 +81,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -101,18 +89,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -236,18 +212,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -260,18 +224,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamBinding.java index c0607e00aa..0d8f0f7459 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloudfunctions\_function\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudfunctions.FunctionIamPolicy; + * import com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new FunctionIamPolicy("policy", FunctionIamPolicyArgs.builder() + * .project(function.project()) + * .region(function.region()) + * .cloudFunction(function.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudfunctions\_function\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudfunctions.FunctionIamBinding; + * import com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new FunctionIamBinding("binding", FunctionIamBindingArgs.builder() + * .project(function.project()) + * .region(function.region()) + * .cloudFunction(function.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudfunctions\_function\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudfunctions.FunctionIamMember; + * import com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new FunctionIamMember("member", FunctionIamMemberArgs.builder() + * .project(function.project()) + * .region(function.region()) + * .cloudFunction(function.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -225,18 +344,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,15 +358,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -268,6 +375,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamBindingArgs.java index 396e6c41c5..a3a3896d93 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamBindingArgs.java @@ -40,19 +40,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -64,15 +54,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -84,6 +71,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -185,25 +189,30 @@ public Builder condition(FunctionIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -217,17 +226,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -241,6 +246,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamMember.java index c289394b2e..7b875c7150 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloudfunctions\_function\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudfunctions.FunctionIamPolicy; + * import com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new FunctionIamPolicy("policy", FunctionIamPolicyArgs.builder() + * .project(function.project()) + * .region(function.region()) + * .cloudFunction(function.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudfunctions\_function\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudfunctions.FunctionIamBinding; + * import com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new FunctionIamBinding("binding", FunctionIamBindingArgs.builder() + * .project(function.project()) + * .region(function.region()) + * .cloudFunction(function.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudfunctions\_function\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudfunctions.FunctionIamMember; + * import com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new FunctionIamMember("member", FunctionIamMemberArgs.builder() + * .project(function.project()) + * .region(function.region()) + * .cloudFunction(function.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -224,18 +343,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -247,15 +357,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +374,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamMemberArgs.java index 9cc0cdcaf6..886bbe159f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamMemberArgs.java @@ -39,19 +39,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -184,21 +188,9 @@ public Builder condition(FunctionIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -212,17 +204,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -236,6 +225,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamPolicy.java index fd8cc982ef..d8761a70dc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloudfunctions\_function\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudfunctions.FunctionIamPolicy; + * import com.pulumi.gcp.cloudfunctions.FunctionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new FunctionIamPolicy("policy", FunctionIamPolicyArgs.builder() + * .project(function.project()) + * .region(function.region()) + * .cloudFunction(function.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudfunctions\_function\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudfunctions.FunctionIamBinding; + * import com.pulumi.gcp.cloudfunctions.FunctionIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new FunctionIamBinding("binding", FunctionIamBindingArgs.builder() + * .project(function.project()) + * .region(function.region()) + * .cloudFunction(function.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudfunctions\_function\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudfunctions.FunctionIamMember; + * import com.pulumi.gcp.cloudfunctions.FunctionIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new FunctionIamMember("member", FunctionIamMemberArgs.builder() + * .project(function.project()) + * .region(function.region()) + * .cloudFunction(function.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -236,18 +355,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -256,18 +363,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamPolicyArgs.java index df88376564..eb49f16341 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/FunctionIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -183,18 +159,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -207,18 +171,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/inputs/FunctionIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/inputs/FunctionIamBindingState.java index b77d29097e..ebec18dc84 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/inputs/FunctionIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/inputs/FunctionIamBindingState.java @@ -54,19 +54,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,15 +68,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -98,6 +85,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -221,25 +225,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -253,17 +262,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -277,6 +282,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/inputs/FunctionIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/inputs/FunctionIamMemberState.java index cd2987ac14..5f1511a40c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/inputs/FunctionIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/inputs/FunctionIamMemberState.java @@ -53,19 +53,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -77,15 +67,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -97,6 +84,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -220,21 +224,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,17 +240,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -272,6 +261,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/inputs/FunctionIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/inputs/FunctionIamPolicyState.java index e31f3f64c2..f2b9cdb09a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/inputs/FunctionIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctions/inputs/FunctionIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -219,18 +195,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -243,18 +207,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamBinding.java index bf48748761..6332ee498b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloudfunctions2\_function\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new FunctionIamPolicy("policy", FunctionIamPolicyArgs.builder() + * .project(function.project()) + * .location(function.location()) + * .cloudFunction(function.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudfunctions2\_function\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new FunctionIamBinding("binding", FunctionIamBindingArgs.builder() + * .project(function.project()) + * .location(function.location()) + * .cloudFunction(function.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudfunctions2\_function\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new FunctionIamMember("member", FunctionIamMemberArgs.builder() + * .project(function.project()) + * .location(function.location()) + * .cloudFunction(function.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -239,18 +358,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -262,15 +372,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -282,6 +389,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamBindingArgs.java index f7e877b495..bbc157ca3c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamBindingArgs.java @@ -55,19 +55,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,15 +69,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -99,6 +86,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -202,25 +206,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -234,17 +243,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,6 +263,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamMember.java index 879dc7d238..45b04d9120 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloudfunctions2\_function\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new FunctionIamPolicy("policy", FunctionIamPolicyArgs.builder() + * .project(function.project()) + * .location(function.location()) + * .cloudFunction(function.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudfunctions2\_function\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new FunctionIamBinding("binding", FunctionIamBindingArgs.builder() + * .project(function.project()) + * .location(function.location()) + * .cloudFunction(function.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudfunctions2\_function\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new FunctionIamMember("member", FunctionIamMemberArgs.builder() + * .project(function.project()) + * .location(function.location()) + * .cloudFunction(function.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -238,18 +357,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -261,15 +371,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -281,6 +388,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamMemberArgs.java index 6c666ad86f..6429112259 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamMemberArgs.java @@ -54,19 +54,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,15 +68,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -98,6 +85,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -201,21 +205,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -229,17 +221,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -253,6 +242,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamPolicy.java index b4e589a49e..2441b04f9f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloudfunctions2\_function\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicy; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new FunctionIamPolicy("policy", FunctionIamPolicyArgs.builder() + * .project(function.project()) + * .location(function.location()) + * .cloudFunction(function.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudfunctions2\_function\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamBinding; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new FunctionIamBinding("binding", FunctionIamBindingArgs.builder() + * .project(function.project()) + * .location(function.location()) + * .cloudFunction(function.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloudfunctions2\_function\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamMember; + * import com.pulumi.gcp.cloudfunctionsv2.FunctionIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new FunctionIamMember("member", FunctionIamMemberArgs.builder() + * .project(function.project()) + * .location(function.location()) + * .cloudFunction(function.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -250,18 +369,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -270,18 +377,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamPolicyArgs.java index aff0a8fa03..5764c40fac 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/FunctionIamPolicyArgs.java @@ -67,18 +67,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -87,18 +75,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -200,18 +176,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -224,18 +188,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/inputs/FunctionIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/inputs/FunctionIamBindingState.java index 0b59d02a7e..219d22ed6f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/inputs/FunctionIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/inputs/FunctionIamBindingState.java @@ -69,19 +69,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,15 +83,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -113,6 +100,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -238,25 +242,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -270,17 +279,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +299,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/inputs/FunctionIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/inputs/FunctionIamMemberState.java index 6a5ad80fe8..66e6db81de 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/inputs/FunctionIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/inputs/FunctionIamMemberState.java @@ -68,19 +68,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,15 +82,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -112,6 +99,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -237,21 +241,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -265,17 +257,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -289,6 +278,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/inputs/FunctionIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/inputs/FunctionIamPolicyState.java index 9f587ed6a9..930713f53e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/inputs/FunctionIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudfunctionsv2/inputs/FunctionIamPolicyState.java @@ -81,18 +81,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -101,18 +89,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -236,18 +212,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -260,18 +224,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamBinding.java index c5eb7c3cb6..08b84c8823 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloud\_run\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudrun.IamPolicy; + * import com.pulumi.gcp.cloudrun.IamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new IamPolicy("policy", IamPolicyArgs.builder() + * .location(default_.location()) + * .project(default_.project()) + * .service(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrun.IamBinding; + * import com.pulumi.gcp.cloudrun.IamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new IamBinding("binding", IamBindingArgs.builder() + * .location(default_.location()) + * .project(default_.project()) + * .service(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrun.IamMember; + * import com.pulumi.gcp.cloudrun.IamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new IamMember("member", IamMemberArgs.builder() + * .location(default_.location()) + * .project(default_.project()) + * .service(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -225,18 +344,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,15 +358,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -268,6 +375,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamBindingArgs.java index 36f74c53e7..3428e8fb6b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamBindingArgs.java @@ -40,19 +40,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -64,15 +54,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -84,6 +71,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -181,25 +185,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -213,17 +222,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -237,6 +242,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamMember.java index be63e9750e..ff19a60984 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloud\_run\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudrun.IamPolicy; + * import com.pulumi.gcp.cloudrun.IamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new IamPolicy("policy", IamPolicyArgs.builder() + * .location(default_.location()) + * .project(default_.project()) + * .service(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrun.IamBinding; + * import com.pulumi.gcp.cloudrun.IamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new IamBinding("binding", IamBindingArgs.builder() + * .location(default_.location()) + * .project(default_.project()) + * .service(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrun.IamMember; + * import com.pulumi.gcp.cloudrun.IamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new IamMember("member", IamMemberArgs.builder() + * .location(default_.location()) + * .project(default_.project()) + * .service(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -224,18 +343,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -247,15 +357,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +374,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamMemberArgs.java index f41099ed9c..c11bcedb1f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamMemberArgs.java @@ -39,19 +39,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -180,21 +184,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,17 +200,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -232,6 +221,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamPolicy.java index 6cadaf0562..79060c2ef5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloud\_run\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudrun.IamPolicy; + * import com.pulumi.gcp.cloudrun.IamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new IamPolicy("policy", IamPolicyArgs.builder() + * .location(default_.location()) + * .project(default_.project()) + * .service(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrun.IamBinding; + * import com.pulumi.gcp.cloudrun.IamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new IamBinding("binding", IamBindingArgs.builder() + * .location(default_.location()) + * .project(default_.project()) + * .service(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrun.IamMember; + * import com.pulumi.gcp.cloudrun.IamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new IamMember("member", IamMemberArgs.builder() + * .location(default_.location()) + * .project(default_.project()) + * .service(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -236,18 +355,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -256,18 +363,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamPolicyArgs.java index e0e42e2635..335f472901 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/IamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -179,18 +155,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -203,18 +167,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/inputs/IamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/inputs/IamBindingState.java index 007338453d..9e3c0bb90e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/inputs/IamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/inputs/IamBindingState.java @@ -54,19 +54,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,15 +68,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -98,6 +85,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -217,25 +221,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,17 +258,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -273,6 +278,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/inputs/IamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/inputs/IamMemberState.java index 45bcbd80e7..b0396247cc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/inputs/IamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/inputs/IamMemberState.java @@ -53,19 +53,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -77,15 +67,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -97,6 +84,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -216,21 +220,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,17 +236,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -268,6 +257,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/inputs/IamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/inputs/IamPolicyState.java index 504a4a9ac2..51b15d50ca 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/inputs/IamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrun/inputs/IamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -215,18 +191,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -239,18 +203,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamBinding.java index 7e1b84bb7b..43b3f8515d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloud\_run\_v2\_job\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudrunv2.JobIamPolicy; + * import com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new JobIamPolicy("policy", JobIamPolicyArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_v2\_job\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrunv2.JobIamBinding; + * import com.pulumi.gcp.cloudrunv2.JobIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new JobIamBinding("binding", JobIamBindingArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_v2\_job\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrunv2.JobIamMember; + * import com.pulumi.gcp.cloudrunv2.JobIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new JobIamMember("member", JobIamMemberArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -225,9 +344,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -249,18 +396,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -269,18 +404,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamBindingArgs.java index 4c8a0a21aa..13556d5d22 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamBindingArgs.java @@ -40,9 +40,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -66,18 +94,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +102,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -181,15 +185,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -219,18 +271,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -243,18 +283,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamMember.java index d0301d4b5c..66cedb7fdb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloud\_run\_v2\_job\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudrunv2.JobIamPolicy; + * import com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new JobIamPolicy("policy", JobIamPolicyArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_v2\_job\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrunv2.JobIamBinding; + * import com.pulumi.gcp.cloudrunv2.JobIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new JobIamBinding("binding", JobIamBindingArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_v2\_job\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrunv2.JobIamMember; + * import com.pulumi.gcp.cloudrunv2.JobIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new JobIamMember("member", JobIamMemberArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -224,9 +343,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -248,18 +395,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -268,18 +403,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamMemberArgs.java index 8e8536eb61..87333ae488 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamMemberArgs.java @@ -39,9 +39,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -65,18 +93,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -85,18 +101,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -180,11 +184,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -214,18 +250,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -238,18 +262,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamPolicy.java index 2db2c420b4..2c43e7172d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloud\_run\_v2\_job\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudrunv2.JobIamPolicy; + * import com.pulumi.gcp.cloudrunv2.JobIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new JobIamPolicy("policy", JobIamPolicyArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_v2\_job\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrunv2.JobIamBinding; + * import com.pulumi.gcp.cloudrunv2.JobIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new JobIamBinding("binding", JobIamBindingArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_v2\_job\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrunv2.JobIamMember; + * import com.pulumi.gcp.cloudrunv2.JobIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new JobIamMember("member", JobIamMemberArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -250,18 +369,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -270,18 +377,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamPolicyArgs.java index a6dc125bae..d22a11646c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/JobIamPolicyArgs.java @@ -67,18 +67,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -87,18 +75,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -200,18 +176,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -224,18 +188,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamBinding.java index 8a974f8738..d36282a8b7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloud\_run\_v2\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudrunv2.ServiceIamPolicy; + * import com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ServiceIamPolicy("policy", ServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_v2\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrunv2.ServiceIamBinding; + * import com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ServiceIamBinding("binding", ServiceIamBindingArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_v2\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrunv2.ServiceIamMember; + * import com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ServiceIamMember("member", ServiceIamMemberArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -225,9 +344,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -249,18 +396,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -269,18 +404,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamBindingArgs.java index 24b2764c38..c82adb57e5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamBindingArgs.java @@ -40,9 +40,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -66,18 +94,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +102,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -181,15 +185,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -219,18 +271,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -243,18 +283,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamMember.java index bdd9ca7b5e..4c3b318169 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloud\_run\_v2\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudrunv2.ServiceIamPolicy; + * import com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ServiceIamPolicy("policy", ServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_v2\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrunv2.ServiceIamBinding; + * import com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ServiceIamBinding("binding", ServiceIamBindingArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_v2\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrunv2.ServiceIamMember; + * import com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ServiceIamMember("member", ServiceIamMemberArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -224,9 +343,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -248,18 +395,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -268,18 +403,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamMemberArgs.java index bf7993db23..4a330507b1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamMemberArgs.java @@ -39,9 +39,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -65,18 +93,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -85,18 +101,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -180,11 +184,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -214,18 +250,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -238,18 +262,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamPolicy.java index 8667949043..c79201d3c4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloud\_run\_v2\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudrunv2.ServiceIamPolicy; + * import com.pulumi.gcp.cloudrunv2.ServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ServiceIamPolicy("policy", ServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_v2\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrunv2.ServiceIamBinding; + * import com.pulumi.gcp.cloudrunv2.ServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ServiceIamBinding("binding", ServiceIamBindingArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_run\_v2\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudrunv2.ServiceIamMember; + * import com.pulumi.gcp.cloudrunv2.ServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ServiceIamMember("member", ServiceIamMemberArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -250,18 +369,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -270,18 +377,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamPolicyArgs.java index dbb92bcec1..c30e715e2e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/ServiceIamPolicyArgs.java @@ -67,18 +67,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -87,18 +75,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -200,18 +176,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -224,18 +188,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobIamBindingState.java index 85ac63edd4..de21dc5f35 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobIamBindingState.java @@ -54,9 +54,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -80,18 +108,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -100,18 +116,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -217,15 +221,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -255,18 +307,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -279,18 +319,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobIamMemberState.java index 51d5eb000a..9293ae049c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobIamMemberState.java @@ -53,9 +53,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -79,18 +107,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -99,18 +115,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -216,11 +220,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -250,18 +286,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -274,18 +298,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobIamPolicyState.java index eb0cde9c8a..2d18b9c13f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/JobIamPolicyState.java @@ -81,18 +81,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -101,18 +89,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -236,18 +212,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -260,18 +224,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceIamBindingState.java index d7543af6c7..294f1e526e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceIamBindingState.java @@ -54,9 +54,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -80,18 +108,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -100,18 +116,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -217,15 +221,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -255,18 +307,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -279,18 +319,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceIamMemberState.java index 58d16b4651..6094b39998 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceIamMemberState.java @@ -53,9 +53,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -79,18 +107,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -99,18 +115,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -216,11 +220,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -250,18 +286,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -274,18 +298,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceIamPolicyState.java index 5ac634ec72..85a37fa42e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudrunv2/inputs/ServiceIamPolicyState.java @@ -81,18 +81,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -101,18 +89,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -236,18 +212,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -260,18 +224,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamBinding.java index 2881e43fa0..a830191809 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloud\_tasks\_queue\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudtasks.QueueIamPolicy; + * import com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new QueueIamPolicy("policy", QueueIamPolicyArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_tasks\_queue\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudtasks.QueueIamBinding; + * import com.pulumi.gcp.cloudtasks.QueueIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new QueueIamBinding("binding", QueueIamBindingArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_tasks\_queue\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudtasks.QueueIamMember; + * import com.pulumi.gcp.cloudtasks.QueueIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new QueueIamMember("member", QueueIamMemberArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -225,9 +344,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -249,18 +396,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -269,18 +404,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamBindingArgs.java index ee1e10cb4e..df50a87f74 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamBindingArgs.java @@ -40,9 +40,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -66,18 +94,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +102,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -181,15 +185,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -219,18 +271,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -243,18 +283,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamMember.java index 619a97f5fd..29c671121b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloud\_tasks\_queue\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudtasks.QueueIamPolicy; + * import com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new QueueIamPolicy("policy", QueueIamPolicyArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_tasks\_queue\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudtasks.QueueIamBinding; + * import com.pulumi.gcp.cloudtasks.QueueIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new QueueIamBinding("binding", QueueIamBindingArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_tasks\_queue\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudtasks.QueueIamMember; + * import com.pulumi.gcp.cloudtasks.QueueIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new QueueIamMember("member", QueueIamMemberArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -224,9 +343,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -248,18 +395,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -268,18 +403,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamMemberArgs.java index 4c5048dd0e..31a4ff8c43 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamMemberArgs.java @@ -39,9 +39,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -65,18 +93,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -85,18 +101,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -180,11 +184,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -214,18 +250,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -238,18 +262,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamPolicy.java index 27f7f0a1f5..7ed76b47eb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_cloud\_tasks\_queue\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.cloudtasks.QueueIamPolicy; + * import com.pulumi.gcp.cloudtasks.QueueIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new QueueIamPolicy("policy", QueueIamPolicyArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_tasks\_queue\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudtasks.QueueIamBinding; + * import com.pulumi.gcp.cloudtasks.QueueIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new QueueIamBinding("binding", QueueIamBindingArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_cloud\_tasks\_queue\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.cloudtasks.QueueIamMember; + * import com.pulumi.gcp.cloudtasks.QueueIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new QueueIamMember("member", QueueIamMemberArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -250,18 +369,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -270,18 +377,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamPolicyArgs.java index 58528b9cc7..47348ddce7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/QueueIamPolicyArgs.java @@ -67,18 +67,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -87,18 +75,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -200,18 +176,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -224,18 +188,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/inputs/QueueIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/inputs/QueueIamBindingState.java index 8804070085..22579632f8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/inputs/QueueIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/inputs/QueueIamBindingState.java @@ -54,9 +54,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -80,18 +108,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -100,18 +116,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -217,15 +221,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -255,18 +307,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -279,18 +319,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/inputs/QueueIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/inputs/QueueIamMemberState.java index 9c16e0b101..00be5d2e80 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/inputs/QueueIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/inputs/QueueIamMemberState.java @@ -53,9 +53,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -79,18 +107,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -99,18 +115,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -216,11 +220,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -250,18 +286,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -274,18 +298,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/inputs/QueueIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/inputs/QueueIamPolicyState.java index f6ffa3f554..3fab125732 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/inputs/QueueIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/cloudtasks/inputs/QueueIamPolicyState.java @@ -81,18 +81,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -101,18 +89,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -236,18 +212,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -260,18 +224,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamBinding.java index 40bff85fef..0a3bfa18e9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamBinding.java @@ -76,9 +76,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -100,18 +128,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -120,18 +136,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamBindingArgs.java index 89765483df..b7a0664a81 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamBindingArgs.java @@ -25,9 +25,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -51,18 +79,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +87,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -144,15 +148,63 @@ public Builder condition(BackendBucketIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -182,18 +234,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -206,18 +246,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamMember.java index 7574b0a40d..c947d07379 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamMember.java @@ -75,9 +75,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -99,18 +127,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -119,18 +135,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamMemberArgs.java index e5b6e79be2..d497d7c7d1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamMemberArgs.java @@ -24,9 +24,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -50,18 +78,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -70,18 +86,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -143,11 +147,43 @@ public Builder condition(BackendBucketIamMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -177,18 +213,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -201,18 +225,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamPolicy.java index 96f6537b4d..554b77d59b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamPolicy.java @@ -101,18 +101,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -121,18 +109,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamPolicyArgs.java index c50e975c9f..c18902d558 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendBucketIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -163,18 +139,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -187,18 +151,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamBinding.java index 49f1d5feb6..00bd7fe393 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamBinding.java @@ -86,9 +86,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -110,18 +138,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -130,18 +146,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamBindingArgs.java index 6b7f845a2a..f6aee53d95 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamBindingArgs.java @@ -35,9 +35,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -61,18 +89,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -81,18 +97,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -168,15 +172,63 @@ public Builder condition(BackendServiceIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -206,18 +258,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -230,18 +270,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamMember.java index 7506dd45a7..a7446be715 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamMember.java @@ -85,9 +85,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -109,18 +137,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -129,18 +145,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamMemberArgs.java index d691204e49..8431bbf502 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamMemberArgs.java @@ -34,9 +34,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -60,18 +88,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -80,18 +96,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -167,11 +171,43 @@ public Builder condition(BackendServiceIamMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -201,18 +237,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -225,18 +249,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamPolicy.java index 3c482ffbfa..b46e855b50 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamPolicy.java @@ -101,18 +101,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -121,18 +109,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamPolicyArgs.java index 17001a8e60..bebaa95c35 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/BackendServiceIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -163,18 +139,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -187,18 +151,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamBinding.java index ff6bab7237..251e7f5927 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_disk\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.DiskIamPolicy; + * import com.pulumi.gcp.compute.DiskIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DiskIamPolicy("policy", DiskIamPolicyArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_disk\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.DiskIamBinding; + * import com.pulumi.gcp.compute.DiskIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DiskIamBinding("binding", DiskIamBindingArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_disk\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.DiskIamMember; + * import com.pulumi.gcp.compute.DiskIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DiskIamMember("member", DiskIamMemberArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -211,9 +330,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -235,18 +382,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -255,18 +390,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamBindingArgs.java index 9bf8956b54..0acba524cd 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamBindingArgs.java @@ -25,9 +25,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -51,18 +79,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +87,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -164,15 +168,63 @@ public Builder condition(DiskIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -202,18 +254,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -226,18 +266,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamMember.java index add7a85e85..fcb3eba2f2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_disk\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.DiskIamPolicy; + * import com.pulumi.gcp.compute.DiskIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DiskIamPolicy("policy", DiskIamPolicyArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_disk\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.DiskIamBinding; + * import com.pulumi.gcp.compute.DiskIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DiskIamBinding("binding", DiskIamBindingArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_disk\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.DiskIamMember; + * import com.pulumi.gcp.compute.DiskIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DiskIamMember("member", DiskIamMemberArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -210,9 +329,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -234,18 +381,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -254,18 +389,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamMemberArgs.java index 7c9dc88dfe..3f30115c67 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamMemberArgs.java @@ -24,9 +24,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -50,18 +78,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -70,18 +86,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -163,11 +167,43 @@ public Builder condition(DiskIamMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -197,18 +233,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -221,18 +245,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamPolicy.java index 969f6b95a0..951771eacb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_disk\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.DiskIamPolicy; + * import com.pulumi.gcp.compute.DiskIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DiskIamPolicy("policy", DiskIamPolicyArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_disk\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.DiskIamBinding; + * import com.pulumi.gcp.compute.DiskIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DiskIamBinding("binding", DiskIamBindingArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_disk\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.DiskIamMember; + * import com.pulumi.gcp.compute.DiskIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DiskIamMember("member", DiskIamMemberArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -236,18 +355,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -256,18 +363,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamPolicyArgs.java index ae9a306b84..8525786c2c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/DiskIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -183,18 +159,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -207,18 +171,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamBinding.java index a93071ade6..ccbf0aa2a2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamBinding.java @@ -280,6 +280,253 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_image\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.ImageIamPolicy; + * import com.pulumi.gcp.compute.ImageIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.imageUser") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ImageIamPolicy("policy", ImageIamPolicyArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.ImageIamPolicy; + * import com.pulumi.gcp.compute.ImageIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.imageUser") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new ImageIamPolicy("policy", ImageIamPolicyArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_image\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ImageIamBinding; + * import com.pulumi.gcp.compute.ImageIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ImageIamBinding("binding", ImageIamBindingArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .role("roles/compute.imageUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ImageIamBinding; + * import com.pulumi.gcp.compute.ImageIamBindingArgs; + * import com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ImageIamBinding("binding", ImageIamBindingArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .role("roles/compute.imageUser") + * .members("user:jane@example.com") + * .condition(ImageIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_image\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ImageIamMember; + * import com.pulumi.gcp.compute.ImageIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ImageIamMember("member", ImageIamMemberArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .role("roles/compute.imageUser") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ImageIamMember; + * import com.pulumi.gcp.compute.ImageIamMemberArgs; + * import com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ImageIamMember("member", ImageIamMemberArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .role("roles/compute.imageUser") + * .member("user:jane@example.com") + * .condition(ImageIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -363,18 +610,9 @@ public Output etag() { public Output image() { return this.image; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -386,15 +624,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -406,6 +641,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamBindingArgs.java index 0ce3b71144..4b0cbe4701 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamBindingArgs.java @@ -50,19 +50,9 @@ public Output image() { return this.image; } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,15 +64,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -94,6 +81,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -189,25 +193,30 @@ public Builder image(String image) { return image(Output.of(image)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -221,17 +230,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -245,6 +250,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamMember.java index 5b2b96458b..dcce711ce9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamMember.java @@ -279,6 +279,253 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_image\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.ImageIamPolicy; + * import com.pulumi.gcp.compute.ImageIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.imageUser") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ImageIamPolicy("policy", ImageIamPolicyArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.ImageIamPolicy; + * import com.pulumi.gcp.compute.ImageIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.imageUser") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new ImageIamPolicy("policy", ImageIamPolicyArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_image\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ImageIamBinding; + * import com.pulumi.gcp.compute.ImageIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ImageIamBinding("binding", ImageIamBindingArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .role("roles/compute.imageUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ImageIamBinding; + * import com.pulumi.gcp.compute.ImageIamBindingArgs; + * import com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ImageIamBinding("binding", ImageIamBindingArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .role("roles/compute.imageUser") + * .members("user:jane@example.com") + * .condition(ImageIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_image\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ImageIamMember; + * import com.pulumi.gcp.compute.ImageIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ImageIamMember("member", ImageIamMemberArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .role("roles/compute.imageUser") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ImageIamMember; + * import com.pulumi.gcp.compute.ImageIamMemberArgs; + * import com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ImageIamMember("member", ImageIamMemberArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .role("roles/compute.imageUser") + * .member("user:jane@example.com") + * .condition(ImageIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -362,18 +609,9 @@ public Output etag() { public Output image() { return this.image; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -385,15 +623,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -405,6 +640,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamMemberArgs.java index 56b0a2ba95..e60f66f776 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamMemberArgs.java @@ -49,19 +49,9 @@ public Output image() { return this.image; } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -188,21 +192,9 @@ public Builder image(String image) { return image(Output.of(image)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,17 +208,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -240,6 +229,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamPolicy.java index 23a2fdcef3..b48401bc9e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamPolicy.java @@ -277,6 +277,253 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_image\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.ImageIamPolicy; + * import com.pulumi.gcp.compute.ImageIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.imageUser") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ImageIamPolicy("policy", ImageIamPolicyArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.ImageIamPolicy; + * import com.pulumi.gcp.compute.ImageIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.imageUser") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new ImageIamPolicy("policy", ImageIamPolicyArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_image\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ImageIamBinding; + * import com.pulumi.gcp.compute.ImageIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ImageIamBinding("binding", ImageIamBindingArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .role("roles/compute.imageUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ImageIamBinding; + * import com.pulumi.gcp.compute.ImageIamBindingArgs; + * import com.pulumi.gcp.compute.inputs.ImageIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ImageIamBinding("binding", ImageIamBindingArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .role("roles/compute.imageUser") + * .members("user:jane@example.com") + * .condition(ImageIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_image\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ImageIamMember; + * import com.pulumi.gcp.compute.ImageIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ImageIamMember("member", ImageIamMemberArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .role("roles/compute.imageUser") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ImageIamMember; + * import com.pulumi.gcp.compute.ImageIamMemberArgs; + * import com.pulumi.gcp.compute.inputs.ImageIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ImageIamMember("member", ImageIamMemberArgs.builder() + * .project(example.project()) + * .image(example.name()) + * .role("roles/compute.imageUser") + * .member("user:jane@example.com") + * .condition(ImageIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -364,18 +611,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -384,18 +619,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamPolicyArgs.java index d80a1526a2..06008a9809 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/ImageIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -163,18 +139,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -187,18 +151,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMBinding.java index 058acca57b..cf56df2ab4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMBinding.java @@ -286,6 +286,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.InstanceIAMPolicy; + * import com.pulumi.gcp.compute.InstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.osLogin") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new InstanceIAMPolicy("policy", InstanceIAMPolicyArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.InstanceIAMPolicy; + * import com.pulumi.gcp.compute.InstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.osLogin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new InstanceIAMPolicy("policy", InstanceIAMPolicyArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.InstanceIAMBinding; + * import com.pulumi.gcp.compute.InstanceIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new InstanceIAMBinding("binding", InstanceIAMBindingArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .role("roles/compute.osLogin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.InstanceIAMBinding; + * import com.pulumi.gcp.compute.InstanceIAMBindingArgs; + * import com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new InstanceIAMBinding("binding", InstanceIAMBindingArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .role("roles/compute.osLogin") + * .members("user:jane@example.com") + * .condition(InstanceIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.InstanceIAMMember; + * import com.pulumi.gcp.compute.InstanceIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new InstanceIAMMember("member", InstanceIAMMemberArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .role("roles/compute.osLogin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.InstanceIAMMember; + * import com.pulumi.gcp.compute.InstanceIAMMemberArgs; + * import com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new InstanceIAMMember("member", InstanceIAMMemberArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .role("roles/compute.osLogin") + * .member("user:jane@example.com") + * .condition(InstanceIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -371,18 +624,9 @@ public Output etag() { public Output instanceName() { return this.instanceName; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -394,15 +638,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -414,6 +655,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMBindingArgs.java index 2286228659..eb802f0026 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMBindingArgs.java @@ -50,19 +50,9 @@ public Output instanceName() { return this.instanceName; } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,15 +64,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -94,6 +81,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -209,25 +213,30 @@ public Builder instanceName(String instanceName) { return instanceName(Output.of(instanceName)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -241,17 +250,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -265,6 +270,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMMember.java index c68664260f..aebc3b8a52 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMMember.java @@ -285,6 +285,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.InstanceIAMPolicy; + * import com.pulumi.gcp.compute.InstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.osLogin") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new InstanceIAMPolicy("policy", InstanceIAMPolicyArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.InstanceIAMPolicy; + * import com.pulumi.gcp.compute.InstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.osLogin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new InstanceIAMPolicy("policy", InstanceIAMPolicyArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.InstanceIAMBinding; + * import com.pulumi.gcp.compute.InstanceIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new InstanceIAMBinding("binding", InstanceIAMBindingArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .role("roles/compute.osLogin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.InstanceIAMBinding; + * import com.pulumi.gcp.compute.InstanceIAMBindingArgs; + * import com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new InstanceIAMBinding("binding", InstanceIAMBindingArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .role("roles/compute.osLogin") + * .members("user:jane@example.com") + * .condition(InstanceIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.InstanceIAMMember; + * import com.pulumi.gcp.compute.InstanceIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new InstanceIAMMember("member", InstanceIAMMemberArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .role("roles/compute.osLogin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.InstanceIAMMember; + * import com.pulumi.gcp.compute.InstanceIAMMemberArgs; + * import com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new InstanceIAMMember("member", InstanceIAMMemberArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .role("roles/compute.osLogin") + * .member("user:jane@example.com") + * .condition(InstanceIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -370,18 +623,9 @@ public Output etag() { public Output instanceName() { return this.instanceName; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -393,15 +637,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -413,6 +654,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMMemberArgs.java index 78dabf7b76..a211999f94 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMMemberArgs.java @@ -49,19 +49,9 @@ public Output instanceName() { return this.instanceName; } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -208,21 +212,9 @@ public Builder instanceName(String instanceName) { return instanceName(Output.of(instanceName)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -236,17 +228,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -260,6 +249,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMPolicy.java index 37954d6d3e..e69a4a0bcb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMPolicy.java @@ -283,6 +283,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.InstanceIAMPolicy; + * import com.pulumi.gcp.compute.InstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.osLogin") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new InstanceIAMPolicy("policy", InstanceIAMPolicyArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.InstanceIAMPolicy; + * import com.pulumi.gcp.compute.InstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.osLogin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new InstanceIAMPolicy("policy", InstanceIAMPolicyArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.InstanceIAMBinding; + * import com.pulumi.gcp.compute.InstanceIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new InstanceIAMBinding("binding", InstanceIAMBindingArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .role("roles/compute.osLogin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.InstanceIAMBinding; + * import com.pulumi.gcp.compute.InstanceIAMBindingArgs; + * import com.pulumi.gcp.compute.inputs.InstanceIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new InstanceIAMBinding("binding", InstanceIAMBindingArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .role("roles/compute.osLogin") + * .members("user:jane@example.com") + * .condition(InstanceIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.InstanceIAMMember; + * import com.pulumi.gcp.compute.InstanceIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new InstanceIAMMember("member", InstanceIAMMemberArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .role("roles/compute.osLogin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.InstanceIAMMember; + * import com.pulumi.gcp.compute.InstanceIAMMemberArgs; + * import com.pulumi.gcp.compute.inputs.InstanceIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new InstanceIAMMember("member", InstanceIAMMemberArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .instanceName(default_.name()) + * .role("roles/compute.osLogin") + * .member("user:jane@example.com") + * .condition(InstanceIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -372,18 +625,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -392,18 +633,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMPolicyArgs.java index 805f730f94..1cc3867057 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/InstanceIAMPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -183,18 +159,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -207,18 +171,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamBinding.java index c403a6f0fc..75087186f0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamBinding.java @@ -279,6 +279,253 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_machine\_image\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.MachineImageIamPolicy; + * import com.pulumi.gcp.compute.MachineImageIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new MachineImageIamPolicy("policy", MachineImageIamPolicyArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.MachineImageIamPolicy; + * import com.pulumi.gcp.compute.MachineImageIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new MachineImageIamPolicy("policy", MachineImageIamPolicyArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_machine\_image\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.MachineImageIamBinding; + * import com.pulumi.gcp.compute.MachineImageIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new MachineImageIamBinding("binding", MachineImageIamBindingArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.MachineImageIamBinding; + * import com.pulumi.gcp.compute.MachineImageIamBindingArgs; + * import com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new MachineImageIamBinding("binding", MachineImageIamBindingArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(MachineImageIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_machine\_image\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.MachineImageIamMember; + * import com.pulumi.gcp.compute.MachineImageIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new MachineImageIamMember("member", MachineImageIamMemberArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .role("roles/compute.admin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.MachineImageIamMember; + * import com.pulumi.gcp.compute.MachineImageIamMemberArgs; + * import com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new MachineImageIamMember("member", MachineImageIamMemberArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .role("roles/compute.admin") + * .member("user:jane@example.com") + * .condition(MachineImageIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -362,18 +609,9 @@ public Output etag() { public Output machineImage() { return this.machineImage; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -385,15 +623,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -405,6 +640,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamBindingArgs.java index 18f3e5d81b..dd9b85bf1c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamBindingArgs.java @@ -50,19 +50,9 @@ public Output machineImage() { return this.machineImage; } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,15 +64,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -94,6 +81,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -189,25 +193,30 @@ public Builder machineImage(String machineImage) { return machineImage(Output.of(machineImage)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -221,17 +230,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -245,6 +250,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamMember.java index 71b9870eb1..0e66ccf69a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamMember.java @@ -278,6 +278,253 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_machine\_image\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.MachineImageIamPolicy; + * import com.pulumi.gcp.compute.MachineImageIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new MachineImageIamPolicy("policy", MachineImageIamPolicyArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.MachineImageIamPolicy; + * import com.pulumi.gcp.compute.MachineImageIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new MachineImageIamPolicy("policy", MachineImageIamPolicyArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_machine\_image\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.MachineImageIamBinding; + * import com.pulumi.gcp.compute.MachineImageIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new MachineImageIamBinding("binding", MachineImageIamBindingArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.MachineImageIamBinding; + * import com.pulumi.gcp.compute.MachineImageIamBindingArgs; + * import com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new MachineImageIamBinding("binding", MachineImageIamBindingArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(MachineImageIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_machine\_image\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.MachineImageIamMember; + * import com.pulumi.gcp.compute.MachineImageIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new MachineImageIamMember("member", MachineImageIamMemberArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .role("roles/compute.admin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.MachineImageIamMember; + * import com.pulumi.gcp.compute.MachineImageIamMemberArgs; + * import com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new MachineImageIamMember("member", MachineImageIamMemberArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .role("roles/compute.admin") + * .member("user:jane@example.com") + * .condition(MachineImageIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -361,18 +608,9 @@ public Output etag() { public Output machineImage() { return this.machineImage; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -384,15 +622,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -404,6 +639,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamMemberArgs.java index 2e2085ddc5..03eabec503 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamMemberArgs.java @@ -49,19 +49,9 @@ public Output machineImage() { return this.machineImage; } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -188,21 +192,9 @@ public Builder machineImage(String machineImage) { return machineImage(Output.of(machineImage)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,17 +208,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -240,6 +229,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamPolicy.java index 1f02cd99e9..87b8af23b0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamPolicy.java @@ -276,6 +276,253 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_machine\_image\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.MachineImageIamPolicy; + * import com.pulumi.gcp.compute.MachineImageIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new MachineImageIamPolicy("policy", MachineImageIamPolicyArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.MachineImageIamPolicy; + * import com.pulumi.gcp.compute.MachineImageIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new MachineImageIamPolicy("policy", MachineImageIamPolicyArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_machine\_image\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.MachineImageIamBinding; + * import com.pulumi.gcp.compute.MachineImageIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new MachineImageIamBinding("binding", MachineImageIamBindingArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.MachineImageIamBinding; + * import com.pulumi.gcp.compute.MachineImageIamBindingArgs; + * import com.pulumi.gcp.compute.inputs.MachineImageIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new MachineImageIamBinding("binding", MachineImageIamBindingArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(MachineImageIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_machine\_image\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.MachineImageIamMember; + * import com.pulumi.gcp.compute.MachineImageIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new MachineImageIamMember("member", MachineImageIamMemberArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .role("roles/compute.admin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.MachineImageIamMember; + * import com.pulumi.gcp.compute.MachineImageIamMemberArgs; + * import com.pulumi.gcp.compute.inputs.MachineImageIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new MachineImageIamMember("member", MachineImageIamMemberArgs.builder() + * .project(image.project()) + * .machineImage(image.name()) + * .role("roles/compute.admin") + * .member("user:jane@example.com") + * .condition(MachineImageIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -363,18 +610,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -383,18 +618,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamPolicyArgs.java index df13cee468..855cc34fe2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/MachineImageIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -163,18 +139,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -187,18 +151,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamBinding.java index a231d909e4..330cdd275f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamBinding.java @@ -88,9 +88,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -112,18 +140,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -132,18 +148,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamBindingArgs.java index 747cd35fa0..af553b28e2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamBindingArgs.java @@ -35,9 +35,37 @@ public Optional> condition() return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -61,18 +89,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -81,18 +97,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -192,15 +196,63 @@ public Builder condition(RegionBackendServiceIamBindingConditionArgs condition) return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -230,18 +282,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -254,18 +294,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamMember.java index c8bb2f4a9e..70f9560f25 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamMember.java @@ -87,9 +87,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -111,18 +139,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -131,18 +147,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamMemberArgs.java index 028d3d44c6..5037904de7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamMemberArgs.java @@ -34,9 +34,37 @@ public Optional> condition() return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -60,18 +88,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -80,18 +96,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -191,11 +195,43 @@ public Builder condition(RegionBackendServiceIamMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -225,18 +261,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -249,18 +273,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamPolicy.java index 140063eab8..146de40b1b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamPolicy.java @@ -103,18 +103,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -123,18 +111,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamPolicyArgs.java index 43948c237f..77c4b3cc1b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionBackendServiceIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -187,18 +163,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -211,18 +175,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamBinding.java index 03c8163fdd..201ea5ae01 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_disk\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.DiskIamPolicy; + * import com.pulumi.gcp.compute.DiskIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DiskIamPolicy("policy", DiskIamPolicyArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_disk\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.DiskIamBinding; + * import com.pulumi.gcp.compute.DiskIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DiskIamBinding("binding", DiskIamBindingArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_disk\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.DiskIamMember; + * import com.pulumi.gcp.compute.DiskIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DiskIamMember("member", DiskIamMemberArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -211,9 +330,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -235,18 +382,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -255,18 +390,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamBindingArgs.java index 83292e92da..48c43c3746 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamBindingArgs.java @@ -25,9 +25,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -51,18 +79,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +87,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -152,15 +156,63 @@ public Builder condition(RegionDiskIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -190,18 +242,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -214,18 +254,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamMember.java index 931cbcd0cc..a5536d4758 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_disk\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.DiskIamPolicy; + * import com.pulumi.gcp.compute.DiskIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DiskIamPolicy("policy", DiskIamPolicyArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_disk\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.DiskIamBinding; + * import com.pulumi.gcp.compute.DiskIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DiskIamBinding("binding", DiskIamBindingArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_disk\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.DiskIamMember; + * import com.pulumi.gcp.compute.DiskIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DiskIamMember("member", DiskIamMemberArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -210,9 +329,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -234,18 +381,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -254,18 +389,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamMemberArgs.java index 9700f74394..def77da422 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamMemberArgs.java @@ -24,9 +24,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -50,18 +78,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -70,18 +86,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -151,11 +155,43 @@ public Builder condition(RegionDiskIamMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -185,18 +221,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -209,18 +233,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamPolicy.java index 56eaaa33e9..7c67522687 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_disk\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.DiskIamPolicy; + * import com.pulumi.gcp.compute.DiskIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DiskIamPolicy("policy", DiskIamPolicyArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_disk\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.DiskIamBinding; + * import com.pulumi.gcp.compute.DiskIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DiskIamBinding("binding", DiskIamBindingArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_disk\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.DiskIamMember; + * import com.pulumi.gcp.compute.DiskIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DiskIamMember("member", DiskIamMemberArgs.builder() + * .project(default_.project()) + * .zone(default_.zone()) + * .name(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -236,18 +355,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -256,18 +363,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamPolicyArgs.java index da2d74d8a4..7f06529f5e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/RegionDiskIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -171,18 +147,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -195,18 +159,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamBinding.java index 09467f5d98..64cf829aab 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_snapshot\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.SnapshotIamPolicy; + * import com.pulumi.gcp.compute.SnapshotIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new SnapshotIamPolicy("policy", SnapshotIamPolicyArgs.builder() + * .project(snapshot.project()) + * .name(snapshot.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_snapshot\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SnapshotIamBinding; + * import com.pulumi.gcp.compute.SnapshotIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SnapshotIamBinding("binding", SnapshotIamBindingArgs.builder() + * .project(snapshot.project()) + * .name(snapshot.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_snapshot\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SnapshotIamMember; + * import com.pulumi.gcp.compute.SnapshotIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SnapshotIamMember("member", SnapshotIamMemberArgs.builder() + * .project(snapshot.project()) + * .name(snapshot.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -206,9 +322,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -230,18 +374,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -250,18 +382,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamBindingArgs.java index 03303da854..5a8b22f912 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamBindingArgs.java @@ -25,9 +25,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -51,18 +79,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +87,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -144,15 +148,63 @@ public Builder condition(SnapshotIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -182,18 +234,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -206,18 +246,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamMember.java index 3d473ba870..fc68e1348f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_snapshot\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.SnapshotIamPolicy; + * import com.pulumi.gcp.compute.SnapshotIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new SnapshotIamPolicy("policy", SnapshotIamPolicyArgs.builder() + * .project(snapshot.project()) + * .name(snapshot.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_snapshot\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SnapshotIamBinding; + * import com.pulumi.gcp.compute.SnapshotIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SnapshotIamBinding("binding", SnapshotIamBindingArgs.builder() + * .project(snapshot.project()) + * .name(snapshot.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_snapshot\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SnapshotIamMember; + * import com.pulumi.gcp.compute.SnapshotIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SnapshotIamMember("member", SnapshotIamMemberArgs.builder() + * .project(snapshot.project()) + * .name(snapshot.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -205,9 +321,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -229,18 +373,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -249,18 +381,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamMemberArgs.java index 1f2ff95719..0bee020f55 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamMemberArgs.java @@ -24,9 +24,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -50,18 +78,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -70,18 +86,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -143,11 +147,43 @@ public Builder condition(SnapshotIamMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -177,18 +213,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -201,18 +225,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamPolicy.java index dcf128d58d..eaf117b862 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_snapshot\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.SnapshotIamPolicy; + * import com.pulumi.gcp.compute.SnapshotIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new SnapshotIamPolicy("policy", SnapshotIamPolicyArgs.builder() + * .project(snapshot.project()) + * .name(snapshot.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_snapshot\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SnapshotIamBinding; + * import com.pulumi.gcp.compute.SnapshotIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SnapshotIamBinding("binding", SnapshotIamBindingArgs.builder() + * .project(snapshot.project()) + * .name(snapshot.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_compute\_snapshot\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SnapshotIamMember; + * import com.pulumi.gcp.compute.SnapshotIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SnapshotIamMember("member", SnapshotIamMemberArgs.builder() + * .project(snapshot.project()) + * .name(snapshot.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -231,18 +347,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -251,18 +355,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamPolicyArgs.java index 1f2554c4ae..88ec5f473b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/SnapshotIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -163,18 +139,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -187,18 +151,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMBinding.java index 5fca92f9ce..e3f38c6a21 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMBinding.java @@ -286,6 +286,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_subnetwork\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.SubnetworkIAMPolicy; + * import com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new SubnetworkIAMPolicy("policy", SubnetworkIAMPolicyArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.SubnetworkIAMPolicy; + * import com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new SubnetworkIAMPolicy("policy", SubnetworkIAMPolicyArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_subnetwork\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SubnetworkIAMBinding; + * import com.pulumi.gcp.compute.SubnetworkIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SubnetworkIAMBinding("binding", SubnetworkIAMBindingArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SubnetworkIAMBinding; + * import com.pulumi.gcp.compute.SubnetworkIAMBindingArgs; + * import com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SubnetworkIAMBinding("binding", SubnetworkIAMBindingArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .condition(SubnetworkIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_subnetwork\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SubnetworkIAMMember; + * import com.pulumi.gcp.compute.SubnetworkIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SubnetworkIAMMember("member", SubnetworkIAMMemberArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .role("roles/compute.networkUser") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SubnetworkIAMMember; + * import com.pulumi.gcp.compute.SubnetworkIAMMemberArgs; + * import com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SubnetworkIAMMember("member", SubnetworkIAMMemberArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .role("roles/compute.networkUser") + * .member("user:jane@example.com") + * .condition(SubnetworkIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -357,18 +610,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -380,15 +624,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -400,6 +641,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMBindingArgs.java index 3b87f48e7c..32db679c0e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMBindingArgs.java @@ -35,19 +35,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -59,15 +49,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,6 +66,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -190,25 +194,30 @@ public Builder condition(SubnetworkIAMBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -222,17 +231,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -246,6 +251,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMMember.java index cda891ad7e..4c00623a24 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMMember.java @@ -285,6 +285,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_subnetwork\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.SubnetworkIAMPolicy; + * import com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new SubnetworkIAMPolicy("policy", SubnetworkIAMPolicyArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.SubnetworkIAMPolicy; + * import com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new SubnetworkIAMPolicy("policy", SubnetworkIAMPolicyArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_subnetwork\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SubnetworkIAMBinding; + * import com.pulumi.gcp.compute.SubnetworkIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SubnetworkIAMBinding("binding", SubnetworkIAMBindingArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SubnetworkIAMBinding; + * import com.pulumi.gcp.compute.SubnetworkIAMBindingArgs; + * import com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SubnetworkIAMBinding("binding", SubnetworkIAMBindingArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .condition(SubnetworkIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_subnetwork\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SubnetworkIAMMember; + * import com.pulumi.gcp.compute.SubnetworkIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SubnetworkIAMMember("member", SubnetworkIAMMemberArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .role("roles/compute.networkUser") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SubnetworkIAMMember; + * import com.pulumi.gcp.compute.SubnetworkIAMMemberArgs; + * import com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SubnetworkIAMMember("member", SubnetworkIAMMemberArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .role("roles/compute.networkUser") + * .member("user:jane@example.com") + * .condition(SubnetworkIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -356,18 +609,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -379,15 +623,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -399,6 +640,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMMemberArgs.java index 76febd3376..3f234dbec8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMMemberArgs.java @@ -34,19 +34,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -58,15 +48,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,6 +65,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -189,21 +193,9 @@ public Builder condition(SubnetworkIAMMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -217,17 +209,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -241,6 +230,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMPolicy.java index 81e8a30173..2173bae6f2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMPolicy.java @@ -283,6 +283,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_compute\_subnetwork\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.SubnetworkIAMPolicy; + * import com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new SubnetworkIAMPolicy("policy", SubnetworkIAMPolicyArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.compute.SubnetworkIAMPolicy; + * import com.pulumi.gcp.compute.SubnetworkIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new SubnetworkIAMPolicy("policy", SubnetworkIAMPolicyArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_subnetwork\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SubnetworkIAMBinding; + * import com.pulumi.gcp.compute.SubnetworkIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SubnetworkIAMBinding("binding", SubnetworkIAMBindingArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SubnetworkIAMBinding; + * import com.pulumi.gcp.compute.SubnetworkIAMBindingArgs; + * import com.pulumi.gcp.compute.inputs.SubnetworkIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SubnetworkIAMBinding("binding", SubnetworkIAMBindingArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .condition(SubnetworkIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_compute\_subnetwork\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SubnetworkIAMMember; + * import com.pulumi.gcp.compute.SubnetworkIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SubnetworkIAMMember("member", SubnetworkIAMMemberArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .role("roles/compute.networkUser") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.SubnetworkIAMMember; + * import com.pulumi.gcp.compute.SubnetworkIAMMemberArgs; + * import com.pulumi.gcp.compute.inputs.SubnetworkIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SubnetworkIAMMember("member", SubnetworkIAMMemberArgs.builder() + * .project(network_with_private_secondary_ip_ranges.project()) + * .region(network_with_private_secondary_ip_ranges.region()) + * .subnetwork(network_with_private_secondary_ip_ranges.name()) + * .role("roles/compute.networkUser") + * .member("user:jane@example.com") + * .condition(SubnetworkIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -358,18 +611,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -378,18 +619,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMPolicyArgs.java index db71da6784..3984c57a15 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/SubnetworkIAMPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -164,18 +140,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -188,18 +152,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendBucketIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendBucketIamBindingState.java index 21cc58da32..a85464db6f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendBucketIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendBucketIamBindingState.java @@ -39,9 +39,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -65,18 +93,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -85,18 +101,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -180,15 +184,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -218,18 +270,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -242,18 +282,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendBucketIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendBucketIamMemberState.java index 963f6af55f..fdd1136969 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendBucketIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendBucketIamMemberState.java @@ -38,9 +38,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -64,18 +92,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -84,18 +100,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -179,11 +183,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -213,18 +249,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -237,18 +261,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendBucketIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendBucketIamPolicyState.java index af33e449a2..a7f0c62cfa 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendBucketIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendBucketIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -199,18 +175,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -223,18 +187,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendServiceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendServiceIamBindingState.java index 9e9364c8ac..8c3e6b5c37 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendServiceIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendServiceIamBindingState.java @@ -49,9 +49,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -75,18 +103,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -95,18 +111,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -204,15 +208,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -242,18 +294,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -266,18 +306,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendServiceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendServiceIamMemberState.java index ac6433dbc2..e26183e6d5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendServiceIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendServiceIamMemberState.java @@ -48,9 +48,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -74,18 +102,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -94,18 +110,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -203,11 +207,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -237,18 +273,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -261,18 +285,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendServiceIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendServiceIamPolicyState.java index 7aa607cf5c..d569c6f211 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendServiceIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/BackendServiceIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -199,18 +175,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -223,18 +187,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/DiskIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/DiskIamBindingState.java index f78769e3ee..64a52589b9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/DiskIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/DiskIamBindingState.java @@ -39,9 +39,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -65,18 +93,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -85,18 +101,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -200,15 +204,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -238,18 +290,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -262,18 +302,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/DiskIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/DiskIamMemberState.java index b9740e2d74..28aebc6be8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/DiskIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/DiskIamMemberState.java @@ -38,9 +38,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -64,18 +92,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -84,18 +100,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -199,11 +203,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -233,18 +269,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -257,18 +281,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/DiskIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/DiskIamPolicyState.java index d1701aa1b0..2996ca0613 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/DiskIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/DiskIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -219,18 +195,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -243,18 +207,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ImageIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ImageIamBindingState.java index 0d105181b6..a0a3b36f53 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ImageIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ImageIamBindingState.java @@ -64,19 +64,9 @@ public Optional> image() { return Optional.ofNullable(this.image); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -88,15 +78,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -108,6 +95,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -225,25 +229,30 @@ public Builder image(String image) { return image(Output.of(image)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -257,17 +266,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -281,6 +286,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ImageIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ImageIamMemberState.java index b210913c46..590f976399 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ImageIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ImageIamMemberState.java @@ -63,19 +63,9 @@ public Optional> image() { return Optional.ofNullable(this.image); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -87,15 +77,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,6 +94,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -224,21 +228,9 @@ public Builder image(String image) { return image(Output.of(image)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -252,17 +244,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -276,6 +265,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ImageIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ImageIamPolicyState.java index fc2cf5b696..d990cda680 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ImageIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/ImageIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -199,18 +175,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -223,18 +187,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/InstanceIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/InstanceIAMBindingState.java index 15b899e856..fc63a7db15 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/InstanceIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/InstanceIAMBindingState.java @@ -64,19 +64,9 @@ public Optional> instanceName() { return Optional.ofNullable(this.instanceName); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -88,15 +78,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -108,6 +95,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -245,25 +249,30 @@ public Builder instanceName(String instanceName) { return instanceName(Output.of(instanceName)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -277,17 +286,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -301,6 +306,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/InstanceIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/InstanceIAMMemberState.java index 3aba0abeeb..a0f70c5464 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/InstanceIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/InstanceIAMMemberState.java @@ -63,19 +63,9 @@ public Optional> instanceName() { return Optional.ofNullable(this.instanceName); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -87,15 +77,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,6 +94,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -244,21 +248,9 @@ public Builder instanceName(String instanceName) { return instanceName(Output.of(instanceName)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -272,17 +264,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -296,6 +285,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/InstanceIAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/InstanceIAMPolicyState.java index ccffe74f5f..664ce0026e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/InstanceIAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/InstanceIAMPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -219,18 +195,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -243,18 +207,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/MachineImageIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/MachineImageIamBindingState.java index 760093bc24..5161d4fdca 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/MachineImageIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/MachineImageIamBindingState.java @@ -64,19 +64,9 @@ public Optional> machineImage() { return Optional.ofNullable(this.machineImage); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -88,15 +78,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -108,6 +95,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -225,25 +229,30 @@ public Builder machineImage(String machineImage) { return machineImage(Output.of(machineImage)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -257,17 +266,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -281,6 +286,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/MachineImageIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/MachineImageIamMemberState.java index 0a0e2719ba..1f154934c9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/MachineImageIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/MachineImageIamMemberState.java @@ -63,19 +63,9 @@ public Optional> machineImage() { return Optional.ofNullable(this.machineImage); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -87,15 +77,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,6 +94,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -224,21 +228,9 @@ public Builder machineImage(String machineImage) { return machineImage(Output.of(machineImage)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -252,17 +244,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -276,6 +265,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/MachineImageIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/MachineImageIamPolicyState.java index 069682c91a..36dd1ce7cc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/MachineImageIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/MachineImageIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -199,18 +175,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -223,18 +187,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionBackendServiceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionBackendServiceIamBindingState.java index c395b54daf..bc1e26cb49 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionBackendServiceIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionBackendServiceIamBindingState.java @@ -49,9 +49,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -75,18 +103,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -95,18 +111,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -228,15 +232,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -266,18 +318,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -290,18 +330,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionBackendServiceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionBackendServiceIamMemberState.java index b18b173241..916dca7eaf 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionBackendServiceIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionBackendServiceIamMemberState.java @@ -48,9 +48,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -74,18 +102,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -94,18 +110,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -227,11 +231,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -261,18 +297,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -285,18 +309,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionBackendServiceIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionBackendServiceIamPolicyState.java index 9206348dfb..2831c3a2e4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionBackendServiceIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionBackendServiceIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -223,18 +199,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -247,18 +211,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionDiskIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionDiskIamBindingState.java index de4a017e7f..235180906f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionDiskIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionDiskIamBindingState.java @@ -39,9 +39,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -65,18 +93,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -85,18 +101,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -188,15 +192,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -226,18 +278,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -250,18 +290,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionDiskIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionDiskIamMemberState.java index 1b41ac2a44..02e2536cf3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionDiskIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionDiskIamMemberState.java @@ -38,9 +38,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -64,18 +92,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -84,18 +100,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -187,11 +191,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -221,18 +257,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -245,18 +269,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionDiskIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionDiskIamPolicyState.java index a63a99d355..747e44e045 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionDiskIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/RegionDiskIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -207,18 +183,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -231,18 +195,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SnapshotIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SnapshotIamBindingState.java index 6407d4da29..083ff1426b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SnapshotIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SnapshotIamBindingState.java @@ -39,9 +39,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -65,18 +93,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -85,18 +101,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -180,15 +184,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -218,18 +270,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -242,18 +282,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SnapshotIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SnapshotIamMemberState.java index 2611302fff..e7e7dd8e25 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SnapshotIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SnapshotIamMemberState.java @@ -38,9 +38,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -64,18 +92,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -84,18 +100,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -179,11 +183,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -213,18 +249,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -237,18 +261,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SnapshotIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SnapshotIamPolicyState.java index b3c72e5a00..0414cfded8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SnapshotIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SnapshotIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -199,18 +175,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -223,18 +187,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SubnetworkIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SubnetworkIAMBindingState.java index 40f8e372cb..3143f46d88 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SubnetworkIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SubnetworkIAMBindingState.java @@ -49,19 +49,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -226,25 +230,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,17 +267,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -282,6 +287,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SubnetworkIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SubnetworkIAMMemberState.java index 76bb0991ac..d363c871a5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SubnetworkIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SubnetworkIAMMemberState.java @@ -48,19 +48,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,15 +62,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,6 +79,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -225,21 +229,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -253,17 +245,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -277,6 +266,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SubnetworkIAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SubnetworkIAMPolicyState.java index a288fbd58d..a42a37ca24 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SubnetworkIAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/compute/inputs/SubnetworkIAMPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -200,18 +176,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -224,18 +188,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamBinding.java index 368cd7c27b..08abada9b5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_container\_analysis\_note\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.containeranalysis.NoteIamPolicy; + * import com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/containeranalysis.notes.occurrences.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new NoteIamPolicy("policy", NoteIamPolicyArgs.builder() + * .project(note.project()) + * .note(note.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_container\_analysis\_note\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.containeranalysis.NoteIamBinding; + * import com.pulumi.gcp.containeranalysis.NoteIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new NoteIamBinding("binding", NoteIamBindingArgs.builder() + * .project(note.project()) + * .note(note.name()) + * .role("roles/containeranalysis.notes.occurrences.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_container\_analysis\_note\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.containeranalysis.NoteIamMember; + * import com.pulumi.gcp.containeranalysis.NoteIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new NoteIamMember("member", NoteIamMemberArgs.builder() + * .project(note.project()) + * .note(note.name()) + * .role("roles/containeranalysis.notes.occurrences.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -206,9 +322,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -230,18 +374,6 @@ public Output note() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -250,18 +382,6 @@ public Output note() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamBindingArgs.java index 45e5de7a65..3d29380c5e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamBindingArgs.java @@ -25,9 +25,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -51,18 +79,6 @@ public Output note() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +87,6 @@ public Output note() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -144,15 +148,63 @@ public Builder condition(NoteIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -182,18 +234,6 @@ public Builder note(String note) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -206,18 +246,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamMember.java index b034c871e6..342a2406f0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_container\_analysis\_note\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.containeranalysis.NoteIamPolicy; + * import com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/containeranalysis.notes.occurrences.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new NoteIamPolicy("policy", NoteIamPolicyArgs.builder() + * .project(note.project()) + * .note(note.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_container\_analysis\_note\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.containeranalysis.NoteIamBinding; + * import com.pulumi.gcp.containeranalysis.NoteIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new NoteIamBinding("binding", NoteIamBindingArgs.builder() + * .project(note.project()) + * .note(note.name()) + * .role("roles/containeranalysis.notes.occurrences.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_container\_analysis\_note\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.containeranalysis.NoteIamMember; + * import com.pulumi.gcp.containeranalysis.NoteIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new NoteIamMember("member", NoteIamMemberArgs.builder() + * .project(note.project()) + * .note(note.name()) + * .role("roles/containeranalysis.notes.occurrences.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -205,9 +321,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -229,18 +373,6 @@ public Output note() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -249,18 +381,6 @@ public Output note() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamMemberArgs.java index 6a8f1e4938..38ed32807b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamMemberArgs.java @@ -24,9 +24,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -50,18 +78,6 @@ public Output note() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -70,18 +86,6 @@ public Output note() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -143,11 +147,43 @@ public Builder condition(NoteIamMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -177,18 +213,6 @@ public Builder note(String note) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -201,18 +225,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamPolicy.java index 013afa14c9..5fa3c4b0e2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_container\_analysis\_note\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.containeranalysis.NoteIamPolicy; + * import com.pulumi.gcp.containeranalysis.NoteIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/containeranalysis.notes.occurrences.viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new NoteIamPolicy("policy", NoteIamPolicyArgs.builder() + * .project(note.project()) + * .note(note.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_container\_analysis\_note\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.containeranalysis.NoteIamBinding; + * import com.pulumi.gcp.containeranalysis.NoteIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new NoteIamBinding("binding", NoteIamBindingArgs.builder() + * .project(note.project()) + * .note(note.name()) + * .role("roles/containeranalysis.notes.occurrences.viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_container\_analysis\_note\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.containeranalysis.NoteIamMember; + * import com.pulumi.gcp.containeranalysis.NoteIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new NoteIamMember("member", NoteIamMemberArgs.builder() + * .project(note.project()) + * .note(note.name()) + * .role("roles/containeranalysis.notes.occurrences.viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -231,18 +347,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -251,18 +355,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamPolicyArgs.java index cb838092f2..1b685acf1f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/NoteIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -163,18 +139,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -187,18 +151,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/inputs/NoteIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/inputs/NoteIamBindingState.java index aa54481a91..18b945c6e2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/inputs/NoteIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/inputs/NoteIamBindingState.java @@ -39,9 +39,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -65,18 +93,6 @@ public Optional> note() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -85,18 +101,6 @@ public Optional> note() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -180,15 +184,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -218,18 +270,6 @@ public Builder note(String note) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -242,18 +282,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/inputs/NoteIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/inputs/NoteIamMemberState.java index 235af2326c..98b9127ffa 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/inputs/NoteIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/inputs/NoteIamMemberState.java @@ -38,9 +38,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -64,18 +92,6 @@ public Optional> note() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -84,18 +100,6 @@ public Optional> note() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -179,11 +183,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -213,18 +249,6 @@ public Builder note(String note) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -237,18 +261,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/inputs/NoteIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/inputs/NoteIamPolicyState.java index fa0605f7d5..441c25d0e7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/inputs/NoteIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/containeranalysis/inputs/NoteIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -199,18 +175,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -223,18 +187,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamBinding.java index f79d3d6cb8..3591012527 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamBinding.java @@ -144,6 +144,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_data\_catalog\_entry\_group\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.datacatalog.EntryGroupIamPolicy; + * import com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new EntryGroupIamPolicy("policy", EntryGroupIamPolicyArgs.builder() + * .entryGroup(basicEntryGroup.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_entry\_group\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.EntryGroupIamBinding; + * import com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new EntryGroupIamBinding("binding", EntryGroupIamBindingArgs.builder() + * .entryGroup(basicEntryGroup.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_entry\_group\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.EntryGroupIamMember; + * import com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new EntryGroupIamMember("member", EntryGroupIamMemberArgs.builder() + * .entryGroup(basicEntryGroup.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -219,18 +332,9 @@ public Output entryGroup() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -242,15 +346,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -262,6 +363,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamBindingArgs.java index d8b96e0937..d4170b1edb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamBindingArgs.java @@ -40,19 +40,9 @@ public Output entryGroup() { return this.entryGroup; } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -64,15 +54,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -84,6 +71,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -173,25 +177,30 @@ public Builder entryGroup(String entryGroup) { return entryGroup(Output.of(entryGroup)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -205,17 +214,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -229,6 +234,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamMember.java index 81adca361f..470717ad17 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamMember.java @@ -143,6 +143,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_data\_catalog\_entry\_group\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.datacatalog.EntryGroupIamPolicy; + * import com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new EntryGroupIamPolicy("policy", EntryGroupIamPolicyArgs.builder() + * .entryGroup(basicEntryGroup.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_entry\_group\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.EntryGroupIamBinding; + * import com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new EntryGroupIamBinding("binding", EntryGroupIamBindingArgs.builder() + * .entryGroup(basicEntryGroup.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_entry\_group\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.EntryGroupIamMember; + * import com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new EntryGroupIamMember("member", EntryGroupIamMemberArgs.builder() + * .entryGroup(basicEntryGroup.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -218,18 +331,9 @@ public Output entryGroup() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -241,15 +345,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -261,6 +362,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamMemberArgs.java index 52cd220977..3216f4144f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamMemberArgs.java @@ -39,19 +39,9 @@ public Output entryGroup() { return this.entryGroup; } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -172,21 +176,9 @@ public Builder entryGroup(String entryGroup) { return entryGroup(Output.of(entryGroup)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -200,17 +192,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -224,6 +213,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamPolicy.java index 0a505f7fda..01fc17d716 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamPolicy.java @@ -141,6 +141,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_data\_catalog\_entry\_group\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.datacatalog.EntryGroupIamPolicy; + * import com.pulumi.gcp.datacatalog.EntryGroupIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new EntryGroupIamPolicy("policy", EntryGroupIamPolicyArgs.builder() + * .entryGroup(basicEntryGroup.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_entry\_group\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.EntryGroupIamBinding; + * import com.pulumi.gcp.datacatalog.EntryGroupIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new EntryGroupIamBinding("binding", EntryGroupIamBindingArgs.builder() + * .entryGroup(basicEntryGroup.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_entry\_group\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.EntryGroupIamMember; + * import com.pulumi.gcp.datacatalog.EntryGroupIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new EntryGroupIamMember("member", EntryGroupIamMemberArgs.builder() + * .entryGroup(basicEntryGroup.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -230,18 +343,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -250,18 +351,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamPolicyArgs.java index 76316abc31..afdc1ff339 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/EntryGroupIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -171,18 +147,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -195,18 +159,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamBinding.java index 6b1ac01b4a..0f26e51e69 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamBinding.java @@ -144,6 +144,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_data\_catalog\_policy\_tag\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.datacatalog.PolicyTagIamPolicy; + * import com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new PolicyTagIamPolicy("policy", PolicyTagIamPolicyArgs.builder() + * .policyTag(basicPolicyTag.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_policy\_tag\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.PolicyTagIamBinding; + * import com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new PolicyTagIamBinding("binding", PolicyTagIamBindingArgs.builder() + * .policyTag(basicPolicyTag.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_policy\_tag\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.PolicyTagIamMember; + * import com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new PolicyTagIamMember("member", PolicyTagIamMemberArgs.builder() + * .policyTag(basicPolicyTag.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -199,17 +312,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -221,14 +326,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="policyTag", refs={String.class}, tree="[0]") - private Output policyTag; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -240,6 +343,20 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Export(name="policyTag", refs={String.class}, tree="[0]") + private Output policyTag; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Output policyTag() { return this.policyTag; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamBindingArgs.java index e60e4c0380..6c85d3b918 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamBindingArgs.java @@ -25,18 +25,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -48,14 +39,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="policyTag", required=true) - private Output policyTag; + @Import(name="members", required=true) + private Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -67,6 +56,21 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="policyTag", required=true) + private Output policyTag; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Output policyTag() { return this.policyTag; } @@ -126,24 +130,30 @@ public Builder condition(PolicyTagIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param policyTag Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -157,16 +167,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder policyTag(Output policyTag) { - $.policyTag = policyTag; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param policyTag Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -180,6 +187,27 @@ public Builder policyTag(Output policyTag) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param policyTag Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder policyTag(Output policyTag) { + $.policyTag = policyTag; + return this; + } + + /** + * @param policyTag Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder policyTag(String policyTag) { return policyTag(Output.of(policyTag)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamMember.java index 923cdff464..d102d3c146 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamMember.java @@ -143,6 +143,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_data\_catalog\_policy\_tag\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.datacatalog.PolicyTagIamPolicy; + * import com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new PolicyTagIamPolicy("policy", PolicyTagIamPolicyArgs.builder() + * .policyTag(basicPolicyTag.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_policy\_tag\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.PolicyTagIamBinding; + * import com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new PolicyTagIamBinding("binding", PolicyTagIamBindingArgs.builder() + * .policyTag(basicPolicyTag.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_policy\_tag\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.PolicyTagIamMember; + * import com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new PolicyTagIamMember("member", PolicyTagIamMemberArgs.builder() + * .policyTag(basicPolicyTag.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -198,17 +311,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -220,14 +325,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="policyTag", refs={String.class}, tree="[0]") - private Output policyTag; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,6 +342,20 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Export(name="policyTag", refs={String.class}, tree="[0]") + private Output policyTag; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Output policyTag() { return this.policyTag; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamMemberArgs.java index 7f44ad9b3f..221fc9a558 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamMemberArgs.java @@ -24,18 +24,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -47,14 +38,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="policyTag", required=true) - private Output policyTag; + @Import(name="member", required=true) + private Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -66,6 +55,21 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="policyTag", required=true) + private Output policyTag; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Output policyTag() { return this.policyTag; } @@ -125,20 +129,9 @@ public Builder condition(PolicyTagIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param policyTag Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -152,16 +145,14 @@ public Builder member(String member) { * @return builder * */ - public Builder policyTag(Output policyTag) { - $.policyTag = policyTag; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param policyTag Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -175,6 +166,27 @@ public Builder policyTag(Output policyTag) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param policyTag Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder policyTag(Output policyTag) { + $.policyTag = policyTag; + return this; + } + + /** + * @param policyTag Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder policyTag(String policyTag) { return policyTag(Output.of(policyTag)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamPolicy.java index 5ab4955d79..0c3a443fdc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamPolicy.java @@ -141,6 +141,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_data\_catalog\_policy\_tag\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.datacatalog.PolicyTagIamPolicy; + * import com.pulumi.gcp.datacatalog.PolicyTagIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new PolicyTagIamPolicy("policy", PolicyTagIamPolicyArgs.builder() + * .policyTag(basicPolicyTag.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_policy\_tag\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.PolicyTagIamBinding; + * import com.pulumi.gcp.datacatalog.PolicyTagIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new PolicyTagIamBinding("binding", PolicyTagIamBindingArgs.builder() + * .policyTag(basicPolicyTag.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_policy\_tag\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.PolicyTagIamMember; + * import com.pulumi.gcp.datacatalog.PolicyTagIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new PolicyTagIamMember("member", PolicyTagIamMemberArgs.builder() + * .policyTag(basicPolicyTag.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -209,18 +322,6 @@ public Output policyData() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="policyTag", refs={String.class}, tree="[0]") private Output policyTag; @@ -228,18 +329,6 @@ public Output policyData() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output policyTag() { return this.policyTag; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamPolicyArgs.java index 3429670f78..08136e63e3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/PolicyTagIamPolicyArgs.java @@ -34,18 +34,6 @@ public Output policyData() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="policyTag", required=true) private Output policyTag; @@ -53,18 +41,6 @@ public Output policyData() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output policyTag() { return this.policyTag; @@ -121,18 +97,6 @@ public Builder policyData(String policyData) { /** * @param policyTag Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -144,18 +108,6 @@ public Builder policyTag(Output policyTag) { /** * @param policyTag Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamBinding.java index e14adaa2df..fe995f28f6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamBinding.java @@ -144,6 +144,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_data\_catalog\_tag\_template\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.datacatalog.TagTemplateIamPolicy; + * import com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TagTemplateIamPolicy("policy", TagTemplateIamPolicyArgs.builder() + * .tagTemplate(basicTagTemplate.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_tag\_template\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.TagTemplateIamBinding; + * import com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TagTemplateIamBinding("binding", TagTemplateIamBindingArgs.builder() + * .tagTemplate(basicTagTemplate.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_tag\_template\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.TagTemplateIamMember; + * import com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TagTemplateIamMember("member", TagTemplateIamMemberArgs.builder() + * .tagTemplate(basicTagTemplate.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -205,18 +318,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,15 +332,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,6 +349,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamBindingArgs.java index 8b6b6f4b60..50f6f1bdd5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamBindingArgs.java @@ -25,19 +25,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -49,15 +39,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -69,6 +56,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -152,25 +156,30 @@ public Builder condition(TagTemplateIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -184,17 +193,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,6 +213,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamMember.java index 81207fc39d..8447b784d1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamMember.java @@ -143,6 +143,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_data\_catalog\_tag\_template\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.datacatalog.TagTemplateIamPolicy; + * import com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TagTemplateIamPolicy("policy", TagTemplateIamPolicyArgs.builder() + * .tagTemplate(basicTagTemplate.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_tag\_template\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.TagTemplateIamBinding; + * import com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TagTemplateIamBinding("binding", TagTemplateIamBindingArgs.builder() + * .tagTemplate(basicTagTemplate.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_tag\_template\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.TagTemplateIamMember; + * import com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TagTemplateIamMember("member", TagTemplateIamMemberArgs.builder() + * .tagTemplate(basicTagTemplate.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -204,18 +317,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -227,15 +331,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -247,6 +348,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamMemberArgs.java index bda600c23b..ebd1eb0ed5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamMemberArgs.java @@ -24,19 +24,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -48,15 +38,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -68,6 +55,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -151,21 +155,9 @@ public Builder condition(TagTemplateIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -179,17 +171,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -203,6 +192,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamPolicy.java index 9795807c05..a01d4aaf06 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamPolicy.java @@ -141,6 +141,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_data\_catalog\_tag\_template\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.datacatalog.TagTemplateIamPolicy; + * import com.pulumi.gcp.datacatalog.TagTemplateIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TagTemplateIamPolicy("policy", TagTemplateIamPolicyArgs.builder() + * .tagTemplate(basicTagTemplate.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_tag\_template\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.TagTemplateIamBinding; + * import com.pulumi.gcp.datacatalog.TagTemplateIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TagTemplateIamBinding("binding", TagTemplateIamBindingArgs.builder() + * .tagTemplate(basicTagTemplate.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_tag\_template\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.TagTemplateIamMember; + * import com.pulumi.gcp.datacatalog.TagTemplateIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TagTemplateIamMember("member", TagTemplateIamMemberArgs.builder() + * .tagTemplate(basicTagTemplate.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -216,18 +329,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -236,18 +337,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamPolicyArgs.java index 00ec26807d..62bc6d05d0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TagTemplateIamPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -150,18 +126,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -174,18 +138,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamBinding.java index e5677b59f9..bbb8a183f7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamBinding.java @@ -144,6 +144,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_data\_catalog\_taxonomy\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.datacatalog.TaxonomyIamPolicy; + * import com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TaxonomyIamPolicy("policy", TaxonomyIamPolicyArgs.builder() + * .taxonomy(basicTaxonomy.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_taxonomy\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.TaxonomyIamBinding; + * import com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TaxonomyIamBinding("binding", TaxonomyIamBindingArgs.builder() + * .taxonomy(basicTaxonomy.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_taxonomy\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.TaxonomyIamMember; + * import com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TaxonomyIamMember("member", TaxonomyIamMemberArgs.builder() + * .taxonomy(basicTaxonomy.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -205,18 +318,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,15 +332,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,6 +349,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamBindingArgs.java index 5662122ae3..ee3a8e2fe6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamBindingArgs.java @@ -25,19 +25,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -49,15 +39,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -69,6 +56,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -152,25 +156,30 @@ public Builder condition(TaxonomyIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -184,17 +193,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,6 +213,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamMember.java index 2c73074172..4395ef2eca 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamMember.java @@ -143,6 +143,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_data\_catalog\_taxonomy\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.datacatalog.TaxonomyIamPolicy; + * import com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TaxonomyIamPolicy("policy", TaxonomyIamPolicyArgs.builder() + * .taxonomy(basicTaxonomy.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_taxonomy\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.TaxonomyIamBinding; + * import com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TaxonomyIamBinding("binding", TaxonomyIamBindingArgs.builder() + * .taxonomy(basicTaxonomy.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_taxonomy\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.TaxonomyIamMember; + * import com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TaxonomyIamMember("member", TaxonomyIamMemberArgs.builder() + * .taxonomy(basicTaxonomy.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -204,18 +317,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -227,15 +331,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -247,6 +348,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamMemberArgs.java index 27f5d8af49..7fae920726 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamMemberArgs.java @@ -24,19 +24,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -48,15 +38,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -68,6 +55,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -151,21 +155,9 @@ public Builder condition(TaxonomyIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -179,17 +171,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -203,6 +192,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamPolicy.java index 2c8f66e978..c8b6b4d68d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamPolicy.java @@ -141,6 +141,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_data\_catalog\_taxonomy\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.datacatalog.TaxonomyIamPolicy; + * import com.pulumi.gcp.datacatalog.TaxonomyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TaxonomyIamPolicy("policy", TaxonomyIamPolicyArgs.builder() + * .taxonomy(basicTaxonomy.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_taxonomy\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.TaxonomyIamBinding; + * import com.pulumi.gcp.datacatalog.TaxonomyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TaxonomyIamBinding("binding", TaxonomyIamBindingArgs.builder() + * .taxonomy(basicTaxonomy.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_data\_catalog\_taxonomy\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.datacatalog.TaxonomyIamMember; + * import com.pulumi.gcp.datacatalog.TaxonomyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TaxonomyIamMember("member", TaxonomyIamMemberArgs.builder() + * .taxonomy(basicTaxonomy.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -216,18 +329,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -236,18 +337,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamPolicyArgs.java index 5298272d11..3aad524487 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/TaxonomyIamPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -150,18 +126,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -174,18 +138,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/EntryGroupIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/EntryGroupIamBindingState.java index ba10abfd5a..982127d381 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/EntryGroupIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/EntryGroupIamBindingState.java @@ -54,19 +54,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,15 +68,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -98,6 +85,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -209,25 +213,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -241,17 +250,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -265,6 +270,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/EntryGroupIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/EntryGroupIamMemberState.java index f5c4f4f8eb..034aea95d8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/EntryGroupIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/EntryGroupIamMemberState.java @@ -53,19 +53,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -77,15 +67,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -97,6 +84,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -208,21 +212,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -236,17 +228,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -260,6 +249,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/EntryGroupIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/EntryGroupIamPolicyState.java index 4f74696a76..6e19c79423 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/EntryGroupIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/EntryGroupIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -207,18 +183,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -231,18 +195,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/PolicyTagIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/PolicyTagIamBindingState.java index 8bda648182..c7b4ff82fc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/PolicyTagIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/PolicyTagIamBindingState.java @@ -39,18 +39,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -62,14 +53,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="policyTag") - private @Nullable Output policyTag; + @Import(name="members") + private @Nullable Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -81,6 +70,21 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="policyTag") + private @Nullable Output policyTag; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> policyTag() { return Optional.ofNullable(this.policyTag); } @@ -162,24 +166,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param policyTag Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -193,16 +203,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder policyTag(@Nullable Output policyTag) { - $.policyTag = policyTag; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param policyTag Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,6 +223,27 @@ public Builder policyTag(@Nullable Output policyTag) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param policyTag Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder policyTag(@Nullable Output policyTag) { + $.policyTag = policyTag; + return this; + } + + /** + * @param policyTag Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder policyTag(String policyTag) { return policyTag(Output.of(policyTag)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/PolicyTagIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/PolicyTagIamMemberState.java index 5a48181ae9..3649010bc0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/PolicyTagIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/PolicyTagIamMemberState.java @@ -38,18 +38,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -61,14 +52,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="policyTag") - private @Nullable Output policyTag; + @Import(name="member") + private @Nullable Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -80,6 +69,21 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="policyTag") + private @Nullable Output policyTag; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> policyTag() { return Optional.ofNullable(this.policyTag); } @@ -161,20 +165,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param policyTag Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -188,16 +181,14 @@ public Builder member(String member) { * @return builder * */ - public Builder policyTag(@Nullable Output policyTag) { - $.policyTag = policyTag; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param policyTag Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -211,6 +202,27 @@ public Builder policyTag(@Nullable Output policyTag) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param policyTag Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder policyTag(@Nullable Output policyTag) { + $.policyTag = policyTag; + return this; + } + + /** + * @param policyTag Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder policyTag(String policyTag) { return policyTag(Output.of(policyTag)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/PolicyTagIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/PolicyTagIamPolicyState.java index b8dcb67d70..073695c61c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/PolicyTagIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/PolicyTagIamPolicyState.java @@ -50,18 +50,6 @@ public Optional> policyData() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="policyTag") private @Nullable Output policyTag; @@ -69,18 +57,6 @@ public Optional> policyData() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> policyTag() { return Optional.ofNullable(this.policyTag); @@ -159,18 +135,6 @@ public Builder policyData(String policyData) { /** * @param policyTag Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -182,18 +146,6 @@ public Builder policyTag(@Nullable Output policyTag) { /** * @param policyTag Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TagTemplateIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TagTemplateIamBindingState.java index eb7285f225..1cf64f3042 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TagTemplateIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TagTemplateIamBindingState.java @@ -39,19 +39,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -188,25 +192,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -220,17 +229,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,6 +249,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TagTemplateIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TagTemplateIamMemberState.java index de848d8e03..497d0a343c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TagTemplateIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TagTemplateIamMemberState.java @@ -38,19 +38,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -62,15 +52,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -82,6 +69,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -187,21 +191,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -215,17 +207,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,6 +228,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TagTemplateIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TagTemplateIamPolicyState.java index 4e80cd6758..0030e0e5c3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TagTemplateIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TagTemplateIamPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -186,18 +162,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -210,18 +174,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TaxonomyIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TaxonomyIamBindingState.java index 13119d7e84..a7b3a503e3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TaxonomyIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TaxonomyIamBindingState.java @@ -39,19 +39,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -188,25 +192,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -220,17 +229,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,6 +249,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TaxonomyIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TaxonomyIamMemberState.java index 47ea459f34..01a8f9d693 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TaxonomyIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TaxonomyIamMemberState.java @@ -38,19 +38,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -62,15 +52,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -82,6 +69,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -187,21 +191,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -215,17 +207,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,6 +228,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TaxonomyIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TaxonomyIamPolicyState.java index 7fea48c4ba..0addf0bdd8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TaxonomyIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/datacatalog/inputs/TaxonomyIamPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -186,18 +162,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -210,18 +174,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamBinding.java index 0909a38f6a..5d403d064b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamBinding.java @@ -156,6 +156,131 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_asset\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.AssetIamPolicy; + * import com.pulumi.gcp.dataplex.AssetIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AssetIamPolicy("policy", AssetIamPolicyArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.dataplexZone()) + * .asset(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_asset\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.AssetIamBinding; + * import com.pulumi.gcp.dataplex.AssetIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AssetIamBinding("binding", AssetIamBindingArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.dataplexZone()) + * .asset(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_asset\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.AssetIamMember; + * import com.pulumi.gcp.dataplex.AssetIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AssetIamMember("member", AssetIamMemberArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.dataplexZone()) + * .asset(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -249,18 +374,9 @@ public Output lake() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -272,15 +388,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -292,6 +405,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamBindingArgs.java index 198ae18993..351c89c14f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamBindingArgs.java @@ -61,19 +61,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -85,15 +75,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -105,6 +92,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -216,25 +220,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,17 +257,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -272,6 +277,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamMember.java index 777d356564..e5f4f07bf8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamMember.java @@ -155,6 +155,131 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_asset\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.AssetIamPolicy; + * import com.pulumi.gcp.dataplex.AssetIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AssetIamPolicy("policy", AssetIamPolicyArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.dataplexZone()) + * .asset(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_asset\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.AssetIamBinding; + * import com.pulumi.gcp.dataplex.AssetIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AssetIamBinding("binding", AssetIamBindingArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.dataplexZone()) + * .asset(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_asset\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.AssetIamMember; + * import com.pulumi.gcp.dataplex.AssetIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AssetIamMember("member", AssetIamMemberArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.dataplexZone()) + * .asset(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -248,18 +373,9 @@ public Output lake() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -271,15 +387,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -291,6 +404,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamMemberArgs.java index 3a3963edaa..c0e8feb203 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamMemberArgs.java @@ -60,19 +60,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -84,15 +74,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -104,6 +91,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -215,21 +219,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -243,17 +235,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +256,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamPolicy.java index f16eb2b71e..f830795b2d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamPolicy.java @@ -153,6 +153,131 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_asset\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.AssetIamPolicy; + * import com.pulumi.gcp.dataplex.AssetIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AssetIamPolicy("policy", AssetIamPolicyArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.dataplexZone()) + * .asset(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_asset\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.AssetIamBinding; + * import com.pulumi.gcp.dataplex.AssetIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AssetIamBinding("binding", AssetIamBindingArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.dataplexZone()) + * .asset(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_asset\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.AssetIamMember; + * import com.pulumi.gcp.dataplex.AssetIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AssetIamMember("member", AssetIamMemberArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.dataplexZone()) + * .asset(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -260,18 +385,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -280,18 +393,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamPolicyArgs.java index 70dd9e4a7c..a6b645cc0f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/AssetIamPolicyArgs.java @@ -73,18 +73,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -93,18 +81,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -214,18 +190,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -238,18 +202,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamBinding.java index 4ba5ec5ca6..302de896f3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_datascan\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.DatascanIamPolicy; + * import com.pulumi.gcp.dataplex.DatascanIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DatascanIamPolicy("policy", DatascanIamPolicyArgs.builder() + * .project(basicProfile.project()) + * .location(basicProfile.location()) + * .dataScanId(basicProfile.dataScanId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_datascan\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.DatascanIamBinding; + * import com.pulumi.gcp.dataplex.DatascanIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DatascanIamBinding("binding", DatascanIamBindingArgs.builder() + * .project(basicProfile.project()) + * .location(basicProfile.location()) + * .dataScanId(basicProfile.dataScanId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_datascan\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.DatascanIamMember; + * import com.pulumi.gcp.dataplex.DatascanIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DatascanIamMember("member", DatascanIamMemberArgs.builder() + * .project(basicProfile.project()) + * .location(basicProfile.location()) + * .dataScanId(basicProfile.dataScanId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -233,18 +352,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,15 +366,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -276,6 +383,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamBindingArgs.java index 8e9a2db143..84fea77070 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamBindingArgs.java @@ -49,19 +49,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -186,25 +190,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -218,17 +227,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -242,6 +247,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamMember.java index bc12d1d663..b2115d2a79 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_datascan\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.DatascanIamPolicy; + * import com.pulumi.gcp.dataplex.DatascanIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DatascanIamPolicy("policy", DatascanIamPolicyArgs.builder() + * .project(basicProfile.project()) + * .location(basicProfile.location()) + * .dataScanId(basicProfile.dataScanId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_datascan\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.DatascanIamBinding; + * import com.pulumi.gcp.dataplex.DatascanIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DatascanIamBinding("binding", DatascanIamBindingArgs.builder() + * .project(basicProfile.project()) + * .location(basicProfile.location()) + * .dataScanId(basicProfile.dataScanId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_datascan\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.DatascanIamMember; + * import com.pulumi.gcp.dataplex.DatascanIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DatascanIamMember("member", DatascanIamMemberArgs.builder() + * .project(basicProfile.project()) + * .location(basicProfile.location()) + * .dataScanId(basicProfile.dataScanId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -232,18 +351,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,15 +365,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -275,6 +382,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamMemberArgs.java index b6884b51ed..57d855c813 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamMemberArgs.java @@ -48,19 +48,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,15 +62,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,6 +79,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -185,21 +189,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -213,17 +205,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -237,6 +226,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamPolicy.java index 9f9375a519..b72bb384c4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_datascan\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.DatascanIamPolicy; + * import com.pulumi.gcp.dataplex.DatascanIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DatascanIamPolicy("policy", DatascanIamPolicyArgs.builder() + * .project(basicProfile.project()) + * .location(basicProfile.location()) + * .dataScanId(basicProfile.dataScanId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_datascan\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.DatascanIamBinding; + * import com.pulumi.gcp.dataplex.DatascanIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DatascanIamBinding("binding", DatascanIamBindingArgs.builder() + * .project(basicProfile.project()) + * .location(basicProfile.location()) + * .dataScanId(basicProfile.dataScanId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_datascan\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.DatascanIamMember; + * import com.pulumi.gcp.dataplex.DatascanIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DatascanIamMember("member", DatascanIamMemberArgs.builder() + * .project(basicProfile.project()) + * .location(basicProfile.location()) + * .dataScanId(basicProfile.dataScanId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -244,18 +363,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -264,18 +371,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamPolicyArgs.java index a4dbbea30b..ca6b5f0ffc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/DatascanIamPolicyArgs.java @@ -61,18 +61,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -81,18 +69,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -184,18 +160,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -208,18 +172,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamBinding.java index 4b85fde4b6..30943ec40b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_lake\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.LakeIamPolicy; + * import com.pulumi.gcp.dataplex.LakeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new LakeIamPolicy("policy", LakeIamPolicyArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_lake\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.LakeIamBinding; + * import com.pulumi.gcp.dataplex.LakeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new LakeIamBinding("binding", LakeIamBindingArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_lake\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.LakeIamMember; + * import com.pulumi.gcp.dataplex.LakeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new LakeIamMember("member", LakeIamMemberArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -231,18 +350,9 @@ public Output lake() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -254,15 +364,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -274,6 +381,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamBindingArgs.java index 1fc5d1bf06..412b37ef80 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamBindingArgs.java @@ -47,19 +47,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -71,15 +61,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -91,6 +78,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -182,25 +186,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -214,17 +223,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -238,6 +243,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamMember.java index b860ee16af..f2cc5427fa 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_lake\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.LakeIamPolicy; + * import com.pulumi.gcp.dataplex.LakeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new LakeIamPolicy("policy", LakeIamPolicyArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_lake\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.LakeIamBinding; + * import com.pulumi.gcp.dataplex.LakeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new LakeIamBinding("binding", LakeIamBindingArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_lake\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.LakeIamMember; + * import com.pulumi.gcp.dataplex.LakeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new LakeIamMember("member", LakeIamMemberArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -230,18 +349,9 @@ public Output lake() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -253,15 +363,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -273,6 +380,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamMemberArgs.java index 6d9593174a..ca75bd82e0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamMemberArgs.java @@ -46,19 +46,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -70,15 +60,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -90,6 +77,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -181,21 +185,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -209,17 +201,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -233,6 +222,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamPolicy.java index 7f58f05e1b..0b91bfd082 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_lake\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.LakeIamPolicy; + * import com.pulumi.gcp.dataplex.LakeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new LakeIamPolicy("policy", LakeIamPolicyArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_lake\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.LakeIamBinding; + * import com.pulumi.gcp.dataplex.LakeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new LakeIamBinding("binding", LakeIamBindingArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_lake\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.LakeIamMember; + * import com.pulumi.gcp.dataplex.LakeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new LakeIamMember("member", LakeIamMemberArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -242,18 +361,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -262,18 +369,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamPolicyArgs.java index 122cfef1a2..2f872310bf 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/LakeIamPolicyArgs.java @@ -59,18 +59,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -79,18 +67,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -180,18 +156,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -204,18 +168,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamBinding.java index e127a09c3e..10b72eec01 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamBinding.java @@ -153,6 +153,128 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_task\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.TaskIamPolicy; + * import com.pulumi.gcp.dataplex.TaskIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TaskIamPolicy("policy", TaskIamPolicyArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .taskId(example.taskId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_task\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.TaskIamBinding; + * import com.pulumi.gcp.dataplex.TaskIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TaskIamBinding("binding", TaskIamBindingArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .taskId(example.taskId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_task\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.TaskIamMember; + * import com.pulumi.gcp.dataplex.TaskIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TaskIamMember("member", TaskIamMemberArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .taskId(example.taskId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -246,18 +368,9 @@ public Output lake() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,15 +382,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -289,6 +399,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamBindingArgs.java index 30ee1f99a2..3ce55dd7bc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamBindingArgs.java @@ -59,19 +59,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,15 +73,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -103,6 +90,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -218,25 +222,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -250,17 +259,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -274,6 +279,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamMember.java index ef07298291..60b2d0f9a3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamMember.java @@ -152,6 +152,128 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_task\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.TaskIamPolicy; + * import com.pulumi.gcp.dataplex.TaskIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TaskIamPolicy("policy", TaskIamPolicyArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .taskId(example.taskId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_task\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.TaskIamBinding; + * import com.pulumi.gcp.dataplex.TaskIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TaskIamBinding("binding", TaskIamBindingArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .taskId(example.taskId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_task\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.TaskIamMember; + * import com.pulumi.gcp.dataplex.TaskIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TaskIamMember("member", TaskIamMemberArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .taskId(example.taskId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -245,18 +367,9 @@ public Output lake() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -268,15 +381,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -288,6 +398,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamMemberArgs.java index a6d2f0501a..85f142ef38 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamMemberArgs.java @@ -58,19 +58,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -82,15 +72,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -102,6 +89,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -217,21 +221,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -245,17 +237,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,6 +258,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamPolicy.java index 3e8ef94167..2e46fac4d8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamPolicy.java @@ -150,6 +150,128 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_task\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.TaskIamPolicy; + * import com.pulumi.gcp.dataplex.TaskIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TaskIamPolicy("policy", TaskIamPolicyArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .taskId(example.taskId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_task\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.TaskIamBinding; + * import com.pulumi.gcp.dataplex.TaskIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TaskIamBinding("binding", TaskIamBindingArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .taskId(example.taskId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_task\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.TaskIamMember; + * import com.pulumi.gcp.dataplex.TaskIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TaskIamMember("member", TaskIamMemberArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .taskId(example.taskId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -257,18 +379,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -277,18 +387,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamPolicyArgs.java index 5d8c44e3f0..aa3cea04ce 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/TaskIamPolicyArgs.java @@ -71,18 +71,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -91,18 +79,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -216,18 +192,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -240,18 +204,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamBinding.java index dd9e7fb621..8467c9f295 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamBinding.java @@ -153,6 +153,128 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_zone\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.ZoneIamPolicy; + * import com.pulumi.gcp.dataplex.ZoneIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ZoneIamPolicy("policy", ZoneIamPolicyArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_zone\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.ZoneIamBinding; + * import com.pulumi.gcp.dataplex.ZoneIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ZoneIamBinding("binding", ZoneIamBindingArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_zone\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.ZoneIamMember; + * import com.pulumi.gcp.dataplex.ZoneIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ZoneIamMember("member", ZoneIamMemberArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -240,18 +362,9 @@ public Output lake() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -263,15 +376,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -283,6 +393,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamBindingArgs.java index 25794ee65c..7965237c34 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamBindingArgs.java @@ -54,19 +54,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,15 +68,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -98,6 +85,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -199,25 +203,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -231,17 +240,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,6 +260,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamMember.java index 9e3ca512bc..97a66e1998 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamMember.java @@ -152,6 +152,128 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_zone\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.ZoneIamPolicy; + * import com.pulumi.gcp.dataplex.ZoneIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ZoneIamPolicy("policy", ZoneIamPolicyArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_zone\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.ZoneIamBinding; + * import com.pulumi.gcp.dataplex.ZoneIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ZoneIamBinding("binding", ZoneIamBindingArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_zone\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.ZoneIamMember; + * import com.pulumi.gcp.dataplex.ZoneIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ZoneIamMember("member", ZoneIamMemberArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -239,18 +361,9 @@ public Output lake() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -262,15 +375,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -282,6 +392,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamMemberArgs.java index d5369ffd39..91de67fb49 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamMemberArgs.java @@ -53,19 +53,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -77,15 +67,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -97,6 +84,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -198,21 +202,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -226,17 +218,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -250,6 +239,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamPolicy.java index ea78ce16c1..45baf47678 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamPolicy.java @@ -150,6 +150,128 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataplex\_zone\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataplex.ZoneIamPolicy; + * import com.pulumi.gcp.dataplex.ZoneIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ZoneIamPolicy("policy", ZoneIamPolicyArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_zone\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.ZoneIamBinding; + * import com.pulumi.gcp.dataplex.ZoneIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ZoneIamBinding("binding", ZoneIamBindingArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataplex\_zone\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataplex.ZoneIamMember; + * import com.pulumi.gcp.dataplex.ZoneIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ZoneIamMember("member", ZoneIamMemberArgs.builder() + * .project(example.project()) + * .location(example.location()) + * .lake(example.lake()) + * .dataplexZone(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -251,18 +373,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -271,18 +381,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamPolicyArgs.java index 40c8588f0e..32b14f24f1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/ZoneIamPolicyArgs.java @@ -66,18 +66,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -197,18 +173,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -221,18 +185,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/AssetIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/AssetIamBindingState.java index 87028d3393..215a042c1a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/AssetIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/AssetIamBindingState.java @@ -75,19 +75,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -99,15 +89,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -119,6 +106,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -252,25 +256,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -284,17 +293,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -308,6 +313,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/AssetIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/AssetIamMemberState.java index d4428b9d48..9af7db79c4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/AssetIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/AssetIamMemberState.java @@ -74,19 +74,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -98,15 +88,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -118,6 +105,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -251,21 +255,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -279,17 +271,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -303,6 +292,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/AssetIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/AssetIamPolicyState.java index 8b8ba5d61e..ad1f86f0a6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/AssetIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/AssetIamPolicyState.java @@ -87,18 +87,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -107,18 +95,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -250,18 +226,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -274,18 +238,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/DatascanIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/DatascanIamBindingState.java index fa58f65e39..43106544cc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/DatascanIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/DatascanIamBindingState.java @@ -63,19 +63,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -87,15 +77,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,6 +94,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -222,25 +226,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -254,17 +263,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -278,6 +283,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/DatascanIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/DatascanIamMemberState.java index 300a227b38..a903ca2041 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/DatascanIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/DatascanIamMemberState.java @@ -62,19 +62,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -86,15 +76,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -106,6 +93,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -221,21 +225,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,17 +241,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -273,6 +262,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/DatascanIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/DatascanIamPolicyState.java index 314784c597..ce154e2000 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/DatascanIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/DatascanIamPolicyState.java @@ -75,18 +75,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -95,18 +83,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -220,18 +196,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -244,18 +208,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/LakeIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/LakeIamBindingState.java index 2aadfa3cff..ed61de5198 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/LakeIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/LakeIamBindingState.java @@ -61,19 +61,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -85,15 +75,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -105,6 +92,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -218,25 +222,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -250,17 +259,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -274,6 +279,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/LakeIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/LakeIamMemberState.java index 324c325030..1564ec3cf3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/LakeIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/LakeIamMemberState.java @@ -60,19 +60,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -84,15 +74,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -104,6 +91,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -217,21 +221,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -245,17 +237,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,6 +258,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/LakeIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/LakeIamPolicyState.java index f792909744..bff25b2bbc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/LakeIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/LakeIamPolicyState.java @@ -73,18 +73,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -93,18 +81,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -216,18 +192,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -240,18 +204,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/TaskIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/TaskIamBindingState.java index 5340eb5889..85e2836efa 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/TaskIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/TaskIamBindingState.java @@ -73,19 +73,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -97,15 +87,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -117,6 +104,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -254,25 +258,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -286,17 +295,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -310,6 +315,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/TaskIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/TaskIamMemberState.java index 995a68a996..ee6ad0fc7a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/TaskIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/TaskIamMemberState.java @@ -72,19 +72,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -96,15 +86,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -116,6 +103,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -253,21 +257,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -281,17 +273,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -305,6 +294,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/TaskIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/TaskIamPolicyState.java index 6ab5d62b5f..013db0e430 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/TaskIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/TaskIamPolicyState.java @@ -85,18 +85,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -105,18 +93,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -252,18 +228,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -276,18 +240,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/ZoneIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/ZoneIamBindingState.java index d448647d52..cf45d0f099 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/ZoneIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/ZoneIamBindingState.java @@ -68,19 +68,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,15 +82,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -112,6 +99,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -235,25 +239,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,17 +276,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -291,6 +296,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/ZoneIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/ZoneIamMemberState.java index 9423a8a7ed..dc817bcc08 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/ZoneIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/ZoneIamMemberState.java @@ -67,19 +67,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -91,15 +81,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -111,6 +98,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -234,21 +238,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -262,17 +254,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -286,6 +275,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/ZoneIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/ZoneIamPolicyState.java index 2be6fab7e1..f231b4699c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/ZoneIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataplex/inputs/ZoneIamPolicyState.java @@ -80,18 +80,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -100,18 +88,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -233,18 +209,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -257,18 +221,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamBinding.java index 1bf24e7cb6..c88c454921 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataproc\_autoscaling\_policy\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AutoscalingPolicyIamPolicy("policy", AutoscalingPolicyIamPolicyArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .policyId(basic.policyId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_autoscaling\_policy\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AutoscalingPolicyIamBinding("binding", AutoscalingPolicyIamBindingArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .policyId(basic.policyId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_autoscaling\_policy\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AutoscalingPolicyIamMember("member", AutoscalingPolicyIamMemberArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .policyId(basic.policyId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -229,9 +348,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -259,18 +406,6 @@ public Output policyId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -279,18 +414,6 @@ public Output policyId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamBindingArgs.java index aec2aa125a..145844124a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamBindingArgs.java @@ -44,9 +44,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -76,18 +104,6 @@ public Output policyId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -96,18 +112,6 @@ public Output policyId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -195,15 +199,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -239,18 +291,6 @@ public Builder policyId(String policyId) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -263,18 +303,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamMember.java index d79c0021c1..0d26e3e1a7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataproc\_autoscaling\_policy\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AutoscalingPolicyIamPolicy("policy", AutoscalingPolicyIamPolicyArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .policyId(basic.policyId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_autoscaling\_policy\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AutoscalingPolicyIamBinding("binding", AutoscalingPolicyIamBindingArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .policyId(basic.policyId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_autoscaling\_policy\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AutoscalingPolicyIamMember("member", AutoscalingPolicyIamMemberArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .policyId(basic.policyId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -228,9 +347,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -258,18 +405,6 @@ public Output policyId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -278,18 +413,6 @@ public Output policyId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamMemberArgs.java index 6cd87432dc..a812145280 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamMemberArgs.java @@ -43,9 +43,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -75,18 +103,6 @@ public Output policyId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -95,18 +111,6 @@ public Output policyId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -194,11 +198,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -234,18 +270,6 @@ public Builder policyId(String policyId) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -258,18 +282,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamPolicy.java index 135035af0e..b7be3db2ef 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataproc\_autoscaling\_policy\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicy; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AutoscalingPolicyIamPolicy("policy", AutoscalingPolicyIamPolicyArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .policyId(basic.policyId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_autoscaling\_policy\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamBinding; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AutoscalingPolicyIamBinding("binding", AutoscalingPolicyIamBindingArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .policyId(basic.policyId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_autoscaling\_policy\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamMember; + * import com.pulumi.gcp.dataproc.AutoscalingPolicyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AutoscalingPolicyIamMember("member", AutoscalingPolicyIamMemberArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .policyId(basic.policyId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -260,18 +379,6 @@ public Output policyId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -280,18 +387,6 @@ public Output policyId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamPolicyArgs.java index a7942c46d3..2c8b438068 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/AutoscalingPolicyIamPolicyArgs.java @@ -77,18 +77,6 @@ public Output policyId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -97,18 +85,6 @@ public Output policyId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -220,18 +196,6 @@ public Builder policyId(String policyId) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -244,18 +208,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMBinding.java index b7b4fa04e6..67590d8216 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMBinding.java @@ -142,6 +142,121 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataproc\_cluster\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataproc.ClusterIAMPolicy; + * import com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new ClusterIAMPolicy("editor", ClusterIAMPolicyArgs.builder() + * .project("your-project") + * .region("your-region") + * .cluster("your-dataproc-cluster") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_cluster\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.ClusterIAMBinding; + * import com.pulumi.gcp.dataproc.ClusterIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new ClusterIAMBinding("editor", ClusterIAMBindingArgs.builder() + * .cluster("your-dataproc-cluster") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_cluster\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.ClusterIAMMember; + * import com.pulumi.gcp.dataproc.ClusterIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new ClusterIAMMember("editor", ClusterIAMMemberArgs.builder() + * .cluster("your-dataproc-cluster") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -176,15 +291,6 @@ public class ClusterIAMBinding extends com.pulumi.resources.CustomResource { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="cluster", refs={String.class}, tree="[0]") private Output cluster; @@ -194,15 +300,6 @@ public class ClusterIAMBinding extends com.pulumi.resources.CustomResource { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output cluster() { return this.cluster; @@ -227,9 +324,31 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMBindingArgs.java index cda43bf8eb..9e86084442 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMBindingArgs.java @@ -23,15 +23,6 @@ public final class ClusterIAMBindingArgs extends com.pulumi.resources.ResourceAr * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="cluster", required=true) private Output cluster; @@ -41,15 +32,6 @@ public final class ClusterIAMBindingArgs extends com.pulumi.resources.ResourceAr * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output cluster() { return this.cluster; @@ -62,9 +44,31 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -160,15 +164,6 @@ public Builder(ClusterIAMBindingArgs defaults) { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -182,15 +177,6 @@ public Builder cluster(Output cluster) { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -207,15 +193,54 @@ public Builder condition(ClusterIAMBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMMember.java index e94e9ecad0..39a49cfa4c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMMember.java @@ -141,6 +141,121 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataproc\_cluster\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataproc.ClusterIAMPolicy; + * import com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new ClusterIAMPolicy("editor", ClusterIAMPolicyArgs.builder() + * .project("your-project") + * .region("your-region") + * .cluster("your-dataproc-cluster") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_cluster\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.ClusterIAMBinding; + * import com.pulumi.gcp.dataproc.ClusterIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new ClusterIAMBinding("editor", ClusterIAMBindingArgs.builder() + * .cluster("your-dataproc-cluster") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_cluster\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.ClusterIAMMember; + * import com.pulumi.gcp.dataproc.ClusterIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new ClusterIAMMember("editor", ClusterIAMMemberArgs.builder() + * .cluster("your-dataproc-cluster") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -175,15 +290,6 @@ public class ClusterIAMMember extends com.pulumi.resources.CustomResource { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="cluster", refs={String.class}, tree="[0]") private Output cluster; @@ -193,15 +299,6 @@ public class ClusterIAMMember extends com.pulumi.resources.CustomResource { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output cluster() { return this.cluster; @@ -226,9 +323,31 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMMemberArgs.java index d5dfff4d61..8a0485bee1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMMemberArgs.java @@ -22,15 +22,6 @@ public final class ClusterIAMMemberArgs extends com.pulumi.resources.ResourceArg * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="cluster", required=true) private Output cluster; @@ -40,15 +31,6 @@ public final class ClusterIAMMemberArgs extends com.pulumi.resources.ResourceArg * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output cluster() { return this.cluster; @@ -61,9 +43,31 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -159,15 +163,6 @@ public Builder(ClusterIAMMemberArgs defaults) { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -181,15 +176,6 @@ public Builder cluster(Output cluster) { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -206,11 +192,37 @@ public Builder condition(ClusterIAMMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMPolicy.java index 9c87257c4f..e1b1624d93 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMPolicy.java @@ -139,6 +139,121 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataproc\_cluster\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataproc.ClusterIAMPolicy; + * import com.pulumi.gcp.dataproc.ClusterIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new ClusterIAMPolicy("editor", ClusterIAMPolicyArgs.builder() + * .project("your-project") + * .region("your-region") + * .cluster("your-dataproc-cluster") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_cluster\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.ClusterIAMBinding; + * import com.pulumi.gcp.dataproc.ClusterIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new ClusterIAMBinding("editor", ClusterIAMBindingArgs.builder() + * .cluster("your-dataproc-cluster") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_cluster\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.ClusterIAMMember; + * import com.pulumi.gcp.dataproc.ClusterIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new ClusterIAMMember("editor", ClusterIAMMemberArgs.builder() + * .cluster("your-dataproc-cluster") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -173,15 +288,6 @@ public class ClusterIAMPolicy extends com.pulumi.resources.CustomResource { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="cluster", refs={String.class}, tree="[0]") private Output cluster; @@ -191,15 +297,6 @@ public class ClusterIAMPolicy extends com.pulumi.resources.CustomResource { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output cluster() { return this.cluster; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMPolicyArgs.java index 2de8762a57..7963f19a6c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/ClusterIAMPolicyArgs.java @@ -21,15 +21,6 @@ public final class ClusterIAMPolicyArgs extends com.pulumi.resources.ResourceArg * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="cluster", required=true) private Output cluster; @@ -39,15 +30,6 @@ public final class ClusterIAMPolicyArgs extends com.pulumi.resources.ResourceArg * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output cluster() { return this.cluster; @@ -138,15 +120,6 @@ public Builder(ClusterIAMPolicyArgs defaults) { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -160,15 +133,6 @@ public Builder cluster(Output cluster) { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMBinding.java index 42f5c6175b..df3398d59a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMBinding.java @@ -142,6 +142,121 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataproc\_job\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataproc.JobIAMPolicy; + * import com.pulumi.gcp.dataproc.JobIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new JobIAMPolicy("editor", JobIAMPolicyArgs.builder() + * .project("your-project") + * .region("your-region") + * .jobId("your-dataproc-job") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_job\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.JobIAMBinding; + * import com.pulumi.gcp.dataproc.JobIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new JobIAMBinding("editor", JobIAMBindingArgs.builder() + * .jobId("your-dataproc-job") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_job\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.JobIAMMember; + * import com.pulumi.gcp.dataproc.JobIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new JobIAMMember("editor", JobIAMMemberArgs.builder() + * .jobId("your-dataproc-job") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -197,9 +312,31 @@ public Output etag() { public Output jobId() { return this.jobId; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMBindingArgs.java index 9e820a47ce..eebe7e0b3a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMBindingArgs.java @@ -32,9 +32,31 @@ public Output jobId() { return this.jobId; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -143,15 +165,54 @@ public Builder jobId(String jobId) { return jobId(Output.of(jobId)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMMember.java index 71bf1b23c1..106026b2b6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMMember.java @@ -141,6 +141,121 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataproc\_job\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataproc.JobIAMPolicy; + * import com.pulumi.gcp.dataproc.JobIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new JobIAMPolicy("editor", JobIAMPolicyArgs.builder() + * .project("your-project") + * .region("your-region") + * .jobId("your-dataproc-job") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_job\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.JobIAMBinding; + * import com.pulumi.gcp.dataproc.JobIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new JobIAMBinding("editor", JobIAMBindingArgs.builder() + * .jobId("your-dataproc-job") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_job\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.JobIAMMember; + * import com.pulumi.gcp.dataproc.JobIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new JobIAMMember("editor", JobIAMMemberArgs.builder() + * .jobId("your-dataproc-job") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -196,9 +311,31 @@ public Output etag() { public Output jobId() { return this.jobId; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMMemberArgs.java index 35a2b2461c..370575e16e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMMemberArgs.java @@ -31,9 +31,31 @@ public Output jobId() { return this.jobId; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -142,11 +164,37 @@ public Builder jobId(String jobId) { return jobId(Output.of(jobId)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMPolicy.java index bee9185de9..3075df7968 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/JobIAMPolicy.java @@ -139,6 +139,121 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataproc\_job\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataproc.JobIAMPolicy; + * import com.pulumi.gcp.dataproc.JobIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new JobIAMPolicy("editor", JobIAMPolicyArgs.builder() + * .project("your-project") + * .region("your-region") + * .jobId("your-dataproc-job") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_job\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.JobIAMBinding; + * import com.pulumi.gcp.dataproc.JobIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new JobIAMBinding("editor", JobIAMBindingArgs.builder() + * .jobId("your-dataproc-job") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_job\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.JobIAMMember; + * import com.pulumi.gcp.dataproc.JobIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new JobIAMMember("editor", JobIAMMemberArgs.builder() + * .jobId("your-dataproc-job") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamBinding.java index eb41128b7a..4fbb62c9cb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamBinding.java @@ -100,18 +100,9 @@ public Output federationId() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -123,15 +114,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -143,6 +131,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamBindingArgs.java index a8c71cef74..b880e86d07 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamBindingArgs.java @@ -49,19 +49,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -186,25 +190,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -218,17 +227,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -242,6 +247,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamMember.java index 0f44cf2cd4..4a639f132a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamMember.java @@ -99,18 +99,9 @@ public Output federationId() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -122,15 +113,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -142,6 +130,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamMemberArgs.java index 0852d2ce81..ef4b707a24 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamMemberArgs.java @@ -48,19 +48,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,15 +62,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,6 +79,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -185,21 +189,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -213,17 +205,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -237,6 +226,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamPolicy.java index 250b0362eb..6d49a51df9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamPolicy.java @@ -111,18 +111,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -131,18 +119,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamPolicyArgs.java index 6ac2f33a76..8715213ad9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreFederationIamPolicyArgs.java @@ -61,18 +61,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -81,18 +69,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -184,18 +160,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -208,18 +172,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamBinding.java index 6571e994cc..39ca9ca897 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataproc\_metastore\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new MetastoreServiceIamPolicy("policy", MetastoreServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .serviceId(default_.serviceId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_metastore\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamBinding; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new MetastoreServiceIamBinding("binding", MetastoreServiceIamBindingArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .serviceId(default_.serviceId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_metastore\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamMember; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new MetastoreServiceIamMember("member", MetastoreServiceIamMemberArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .serviceId(default_.serviceId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -229,18 +348,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -252,15 +362,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -272,6 +379,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamBindingArgs.java index a7da1cf235..cf94ea1de4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamBindingArgs.java @@ -44,19 +44,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -68,15 +58,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -88,6 +75,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -181,25 +185,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -213,17 +222,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -237,6 +242,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamMember.java index d9c2170bea..261a44fe22 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataproc\_metastore\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new MetastoreServiceIamPolicy("policy", MetastoreServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .serviceId(default_.serviceId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_metastore\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamBinding; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new MetastoreServiceIamBinding("binding", MetastoreServiceIamBindingArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .serviceId(default_.serviceId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_metastore\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamMember; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new MetastoreServiceIamMember("member", MetastoreServiceIamMemberArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .serviceId(default_.serviceId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -228,18 +347,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -251,15 +361,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -271,6 +378,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamMemberArgs.java index 717b9c9574..86abe59538 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamMemberArgs.java @@ -43,19 +43,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -67,15 +57,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -87,6 +74,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -180,21 +184,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,17 +200,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -232,6 +221,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamPolicy.java index 0f6438d8ad..af996ce9e6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dataproc\_metastore\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamPolicy; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new MetastoreServiceIamPolicy("policy", MetastoreServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .serviceId(default_.serviceId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_metastore\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamBinding; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new MetastoreServiceIamBinding("binding", MetastoreServiceIamBindingArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .serviceId(default_.serviceId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dataproc\_metastore\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamMember; + * import com.pulumi.gcp.dataproc.MetastoreServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new MetastoreServiceIamMember("member", MetastoreServiceIamMemberArgs.builder() + * .project(default_.project()) + * .location(default_.location()) + * .serviceId(default_.serviceId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -240,18 +359,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -260,18 +367,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamPolicyArgs.java index 3e9802acfc..f0a4909c46 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/MetastoreServiceIamPolicyArgs.java @@ -56,18 +56,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -76,18 +64,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -179,18 +155,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -203,18 +167,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/AutoscalingPolicyIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/AutoscalingPolicyIamBindingState.java index 657976f677..04fd7f61c6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/AutoscalingPolicyIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/AutoscalingPolicyIamBindingState.java @@ -58,9 +58,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -90,18 +118,6 @@ public Optional> policyId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -110,18 +126,6 @@ public Optional> policyId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -231,15 +235,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -275,18 +327,6 @@ public Builder policyId(String policyId) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -299,18 +339,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/AutoscalingPolicyIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/AutoscalingPolicyIamMemberState.java index f77d5c697e..9075e5f738 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/AutoscalingPolicyIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/AutoscalingPolicyIamMemberState.java @@ -57,9 +57,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -89,18 +117,6 @@ public Optional> policyId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -109,18 +125,6 @@ public Optional> policyId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -230,11 +234,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -270,18 +306,6 @@ public Builder policyId(String policyId) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -294,18 +318,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/AutoscalingPolicyIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/AutoscalingPolicyIamPolicyState.java index 851e5a505d..1a722a456c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/AutoscalingPolicyIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/AutoscalingPolicyIamPolicyState.java @@ -91,18 +91,6 @@ public Optional> policyId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -111,18 +99,6 @@ public Optional> policyId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -256,18 +232,6 @@ public Builder policyId(String policyId) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -280,18 +244,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/ClusterIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/ClusterIAMBindingState.java index d8bcd35c27..05c6902e3d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/ClusterIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/ClusterIAMBindingState.java @@ -22,15 +22,6 @@ public final class ClusterIAMBindingState extends com.pulumi.resources.ResourceA * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="cluster") private @Nullable Output cluster; @@ -40,15 +31,6 @@ public final class ClusterIAMBindingState extends com.pulumi.resources.ResourceA * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> cluster() { return Optional.ofNullable(this.cluster); @@ -76,9 +58,31 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -175,15 +179,6 @@ public Builder(ClusterIAMBindingState defaults) { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -197,15 +192,6 @@ public Builder cluster(@Nullable Output cluster) { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -243,15 +229,54 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/ClusterIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/ClusterIAMMemberState.java index c066768662..3918b1476f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/ClusterIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/ClusterIAMMemberState.java @@ -21,15 +21,6 @@ public final class ClusterIAMMemberState extends com.pulumi.resources.ResourceAr * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="cluster") private @Nullable Output cluster; @@ -39,15 +30,6 @@ public final class ClusterIAMMemberState extends com.pulumi.resources.ResourceAr * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> cluster() { return Optional.ofNullable(this.cluster); @@ -75,9 +57,31 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -174,15 +178,6 @@ public Builder(ClusterIAMMemberState defaults) { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -196,15 +191,6 @@ public Builder cluster(@Nullable Output cluster) { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -242,11 +228,37 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/ClusterIAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/ClusterIAMPolicyState.java index 6e5643c039..7008fabd7a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/ClusterIAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/ClusterIAMPolicyState.java @@ -20,15 +20,6 @@ public final class ClusterIAMPolicyState extends com.pulumi.resources.ResourceAr * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="cluster") private @Nullable Output cluster; @@ -38,15 +29,6 @@ public final class ClusterIAMPolicyState extends com.pulumi.resources.ResourceAr * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> cluster() { return Optional.ofNullable(this.cluster); @@ -153,15 +135,6 @@ public Builder(ClusterIAMPolicyState defaults) { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -175,15 +148,6 @@ public Builder cluster(@Nullable Output cluster) { * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/JobIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/JobIAMBindingState.java index 8b64003a1f..24439110c1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/JobIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/JobIAMBindingState.java @@ -46,9 +46,31 @@ public Optional> jobId() { return Optional.ofNullable(this.jobId); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -179,15 +201,54 @@ public Builder jobId(String jobId) { return jobId(Output.of(jobId)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/JobIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/JobIAMMemberState.java index 28da6bdcae..d5b216b13e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/JobIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/JobIAMMemberState.java @@ -45,9 +45,31 @@ public Optional> jobId() { return Optional.ofNullable(this.jobId); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -178,11 +200,37 @@ public Builder jobId(String jobId) { return jobId(Output.of(jobId)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreFederationIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreFederationIamBindingState.java index 01a9758de4..6ef8755146 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreFederationIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreFederationIamBindingState.java @@ -63,19 +63,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -87,15 +77,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,6 +94,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -222,25 +226,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -254,17 +263,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -278,6 +283,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreFederationIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreFederationIamMemberState.java index c0cc20be4b..0dd1789c3c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreFederationIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreFederationIamMemberState.java @@ -62,19 +62,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -86,15 +76,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -106,6 +93,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -221,21 +225,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,17 +241,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -273,6 +262,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreFederationIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreFederationIamPolicyState.java index c09d184431..ab60ddeef8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreFederationIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreFederationIamPolicyState.java @@ -75,18 +75,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -95,18 +83,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -220,18 +196,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -244,18 +208,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreServiceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreServiceIamBindingState.java index 9e160d0adf..98ceac1c0f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreServiceIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreServiceIamBindingState.java @@ -58,19 +58,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -82,15 +72,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -102,6 +89,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -217,25 +221,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,17 +258,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -273,6 +278,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreServiceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreServiceIamMemberState.java index 98fc14fcd2..02f8ac026f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreServiceIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreServiceIamMemberState.java @@ -57,19 +57,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -81,15 +71,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -101,6 +88,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -216,21 +220,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,17 +236,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -268,6 +257,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreServiceIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreServiceIamPolicyState.java index 92ef1d0b7f..5038febc8d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreServiceIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dataproc/inputs/MetastoreServiceIamPolicyState.java @@ -70,18 +70,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -90,18 +78,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -215,18 +191,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -239,18 +203,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamBinding.java index c8d2718734..bea64de391 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dns\_managed\_zone\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dns.DnsManagedZoneIamPolicy; + * import com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DnsManagedZoneIamPolicy("policy", DnsManagedZoneIamPolicyArgs.builder() + * .project(default_.project()) + * .managedZone(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dns\_managed\_zone\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dns.DnsManagedZoneIamBinding; + * import com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DnsManagedZoneIamBinding("binding", DnsManagedZoneIamBindingArgs.builder() + * .project(default_.project()) + * .managedZone(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dns\_managed\_zone\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dns.DnsManagedZoneIamMember; + * import com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DnsManagedZoneIamMember("member", DnsManagedZoneIamMemberArgs.builder() + * .project(default_.project()) + * .managedZone(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -220,18 +336,9 @@ public Output etag() { public Output managedZone() { return this.managedZone; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -243,15 +350,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -263,6 +367,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamBindingArgs.java index 9f19f85c64..c34176e422 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamBindingArgs.java @@ -40,19 +40,9 @@ public Output managedZone() { return this.managedZone; } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -64,15 +54,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -84,6 +71,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -165,25 +169,30 @@ public Builder managedZone(String managedZone) { return managedZone(Output.of(managedZone)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,17 +206,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -221,6 +226,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamMember.java index a2c4769819..cd4f862914 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dns\_managed\_zone\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dns.DnsManagedZoneIamPolicy; + * import com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DnsManagedZoneIamPolicy("policy", DnsManagedZoneIamPolicyArgs.builder() + * .project(default_.project()) + * .managedZone(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dns\_managed\_zone\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dns.DnsManagedZoneIamBinding; + * import com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DnsManagedZoneIamBinding("binding", DnsManagedZoneIamBindingArgs.builder() + * .project(default_.project()) + * .managedZone(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dns\_managed\_zone\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dns.DnsManagedZoneIamMember; + * import com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DnsManagedZoneIamMember("member", DnsManagedZoneIamMemberArgs.builder() + * .project(default_.project()) + * .managedZone(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -219,18 +335,9 @@ public Output etag() { public Output managedZone() { return this.managedZone; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -242,15 +349,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -262,6 +366,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamMemberArgs.java index 1dd463fd93..3f0e430a99 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamMemberArgs.java @@ -39,19 +39,9 @@ public Output managedZone() { return this.managedZone; } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -164,21 +168,9 @@ public Builder managedZone(String managedZone) { return managedZone(Output.of(managedZone)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,17 +184,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,6 +205,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamPolicy.java index 04cadf2d51..68dc63c3c9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_dns\_managed\_zone\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.dns.DnsManagedZoneIamPolicy; + * import com.pulumi.gcp.dns.DnsManagedZoneIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new DnsManagedZoneIamPolicy("policy", DnsManagedZoneIamPolicyArgs.builder() + * .project(default_.project()) + * .managedZone(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dns\_managed\_zone\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dns.DnsManagedZoneIamBinding; + * import com.pulumi.gcp.dns.DnsManagedZoneIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new DnsManagedZoneIamBinding("binding", DnsManagedZoneIamBindingArgs.builder() + * .project(default_.project()) + * .managedZone(default_.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_dns\_managed\_zone\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.dns.DnsManagedZoneIamMember; + * import com.pulumi.gcp.dns.DnsManagedZoneIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new DnsManagedZoneIamMember("member", DnsManagedZoneIamMemberArgs.builder() + * .project(default_.project()) + * .managedZone(default_.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -231,18 +347,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -251,18 +355,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamPolicyArgs.java index b7e2bebbf1..b9739cd58f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dns/DnsManagedZoneIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -163,18 +139,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -187,18 +151,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dns/inputs/DnsManagedZoneIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/dns/inputs/DnsManagedZoneIamBindingState.java index d41c70f116..dcf7edc023 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dns/inputs/DnsManagedZoneIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dns/inputs/DnsManagedZoneIamBindingState.java @@ -54,19 +54,9 @@ public Optional> managedZone() { return Optional.ofNullable(this.managedZone); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,15 +68,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -98,6 +85,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -201,25 +205,30 @@ public Builder managedZone(String managedZone) { return managedZone(Output.of(managedZone)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -233,17 +242,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -257,6 +262,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dns/inputs/DnsManagedZoneIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/dns/inputs/DnsManagedZoneIamMemberState.java index e143c3ba00..a7ee7790bc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dns/inputs/DnsManagedZoneIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dns/inputs/DnsManagedZoneIamMemberState.java @@ -53,19 +53,9 @@ public Optional> managedZone() { return Optional.ofNullable(this.managedZone); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -77,15 +67,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -97,6 +84,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -200,21 +204,9 @@ public Builder managedZone(String managedZone) { return managedZone(Output.of(managedZone)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,17 +220,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -252,6 +241,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/dns/inputs/DnsManagedZoneIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/dns/inputs/DnsManagedZoneIamPolicyState.java index 11888a9f89..f3a3b16c45 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/dns/inputs/DnsManagedZoneIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/dns/inputs/DnsManagedZoneIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -199,18 +175,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -223,18 +187,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamBinding.java index 7c8cbe4e54..3d6fcdc780 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamBinding.java @@ -96,9 +96,37 @@ public Output consumerProject() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamBindingArgs.java index 5061cebb55..ba2fefea82 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamBindingArgs.java @@ -32,9 +32,37 @@ public Output consumerProject() { return this.consumerProject; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -111,15 +139,63 @@ public Builder consumerProject(String consumerProject) { return consumerProject(Output.of(consumerProject)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamMember.java index 40cd660057..ede3640917 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamMember.java @@ -95,9 +95,37 @@ public Output consumerProject() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamMemberArgs.java index f0c530b2aa..88e102752e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ConsumersIamMemberArgs.java @@ -31,9 +31,37 @@ public Output consumerProject() { return this.consumerProject; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -110,11 +138,43 @@ public Builder consumerProject(String consumerProject) { return consumerProject(Output.of(consumerProject)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamBinding.java index cebb7110d8..fb5993f74e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamBinding.java @@ -144,6 +144,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_endpoints\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.endpoints.ServiceIamPolicy; + * import com.pulumi.gcp.endpoints.ServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ServiceIamPolicy("policy", ServiceIamPolicyArgs.builder() + * .serviceName(endpointsService.serviceName()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_endpoints\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.endpoints.ServiceIamBinding; + * import com.pulumi.gcp.endpoints.ServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ServiceIamBinding("binding", ServiceIamBindingArgs.builder() + * .serviceName(endpointsService.serviceName()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_endpoints\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.endpoints.ServiceIamMember; + * import com.pulumi.gcp.endpoints.ServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ServiceIamMember("member", ServiceIamMemberArgs.builder() + * .serviceName(endpointsService.serviceName()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -201,9 +314,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamBindingArgs.java index f2fb47cc9c..a885340cbd 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamBindingArgs.java @@ -25,9 +25,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -94,15 +122,63 @@ public Builder condition(ServiceIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamMember.java index 4a923022d7..8852246e1c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamMember.java @@ -143,6 +143,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_endpoints\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.endpoints.ServiceIamPolicy; + * import com.pulumi.gcp.endpoints.ServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ServiceIamPolicy("policy", ServiceIamPolicyArgs.builder() + * .serviceName(endpointsService.serviceName()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_endpoints\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.endpoints.ServiceIamBinding; + * import com.pulumi.gcp.endpoints.ServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ServiceIamBinding("binding", ServiceIamBindingArgs.builder() + * .serviceName(endpointsService.serviceName()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_endpoints\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.endpoints.ServiceIamMember; + * import com.pulumi.gcp.endpoints.ServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ServiceIamMember("member", ServiceIamMemberArgs.builder() + * .serviceName(endpointsService.serviceName()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -200,9 +313,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamMemberArgs.java index 4afd3a6cec..85d984dfd9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamMemberArgs.java @@ -24,9 +24,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -93,11 +121,43 @@ public Builder condition(ServiceIamMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamPolicy.java index de9c32cf38..173f273218 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/ServiceIamPolicy.java @@ -141,6 +141,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_endpoints\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.endpoints.ServiceIamPolicy; + * import com.pulumi.gcp.endpoints.ServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ServiceIamPolicy("policy", ServiceIamPolicyArgs.builder() + * .serviceName(endpointsService.serviceName()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_endpoints\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.endpoints.ServiceIamBinding; + * import com.pulumi.gcp.endpoints.ServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ServiceIamBinding("binding", ServiceIamBindingArgs.builder() + * .serviceName(endpointsService.serviceName()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_endpoints\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.endpoints.ServiceIamMember; + * import com.pulumi.gcp.endpoints.ServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ServiceIamMember("member", ServiceIamMemberArgs.builder() + * .serviceName(endpointsService.serviceName()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ConsumersIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ConsumersIamBindingState.java index 2c9df3cae4..a1ed78a98c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ConsumersIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ConsumersIamBindingState.java @@ -46,9 +46,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -147,15 +175,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ConsumersIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ConsumersIamMemberState.java index f441f7aa1c..be0384afb5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ConsumersIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ConsumersIamMemberState.java @@ -45,9 +45,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -146,11 +174,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ServiceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ServiceIamBindingState.java index 43ea75099b..3bdb02e5fc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ServiceIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ServiceIamBindingState.java @@ -39,9 +39,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -130,15 +158,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ServiceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ServiceIamMemberState.java index da2a13542b..1d48c7f7bb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ServiceIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/endpoints/inputs/ServiceIamMemberState.java @@ -38,9 +38,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -129,11 +157,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/folder/IAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/folder/IAMMember.java index d8c28ea823..97ca2783aa 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/folder/IAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/folder/IAMMember.java @@ -324,6 +324,300 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_folder\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your folder + * using this resource. Deleting a `gcp.folder.IAMPolicy` removes access + * from anyone without permissions on its parent folder/organization. Proceed with caution. + * It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder + * to avoid locking yourself out, and it should generally only be used with folders + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.folder.IAMPolicy; + * import com.pulumi.gcp.folder.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var folder = new IAMPolicy("folder", IAMPolicyArgs.builder() + * .folder("folders/1234567") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.folder.IAMPolicy; + * import com.pulumi.gcp.folder.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var folder = new IAMPolicy("folder", IAMPolicyArgs.builder() + * .folder("folders/1234567") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_folder\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IAMBinding; + * import com.pulumi.gcp.folder.IAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IAMBinding("folder", IAMBindingArgs.builder() + * .folder("folders/1234567") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IAMBinding; + * import com.pulumi.gcp.folder.IAMBindingArgs; + * import com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IAMBinding("folder", IAMBindingArgs.builder() + * .folder("folders/1234567") + * .role("roles/container.admin") + * .members("user:jane@example.com") + * .condition(IAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_folder\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IAMMember; + * import com.pulumi.gcp.folder.IAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IAMMember("folder", IAMMemberArgs.builder() + * .folder("folders/1234567") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IAMMember; + * import com.pulumi.gcp.folder.IAMMemberArgs; + * import com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IAMMember("folder", IAMMemberArgs.builder() + * .folder("folders/1234567") + * .role("roles/firebase.admin") + * .member("user:jane@example.com") + * .condition(IAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_folder\_iam\_audit\_config + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IamAuditConfig; + * import com.pulumi.gcp.folder.IamAuditConfigArgs; + * import com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IamAuditConfig("folder", IamAuditConfigArgs.builder() + * .folder("folders/1234567") + * .service("allServices") + * .auditLogConfigs( + * IamAuditConfigAuditLogConfigArgs.builder() + * .logType("ADMIN_READ") + * .build(), + * IamAuditConfigAuditLogConfigArgs.builder() + * .logType("DATA_READ") + * .exemptedMembers("user:joebloggs@example.com") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing Audit Configs @@ -397,9 +691,27 @@ public Output etag() { public Output folder() { return this.folder; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/folder/IAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/folder/IAMMemberArgs.java index a0d3b37432..9747c6348d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/folder/IAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/folder/IAMMemberArgs.java @@ -49,9 +49,27 @@ public Output folder() { return this.folder; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -146,11 +164,33 @@ public Builder folder(String folder) { return folder(Output.of(folder)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/folder/IAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/folder/IAMPolicy.java index 4e6ab1fc09..30b8e38f48 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/folder/IAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/folder/IAMPolicy.java @@ -322,6 +322,300 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_folder\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your folder + * using this resource. Deleting a `gcp.folder.IAMPolicy` removes access + * from anyone without permissions on its parent folder/organization. Proceed with caution. + * It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder + * to avoid locking yourself out, and it should generally only be used with folders + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.folder.IAMPolicy; + * import com.pulumi.gcp.folder.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var folder = new IAMPolicy("folder", IAMPolicyArgs.builder() + * .folder("folders/1234567") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.folder.IAMPolicy; + * import com.pulumi.gcp.folder.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var folder = new IAMPolicy("folder", IAMPolicyArgs.builder() + * .folder("folders/1234567") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_folder\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IAMBinding; + * import com.pulumi.gcp.folder.IAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IAMBinding("folder", IAMBindingArgs.builder() + * .folder("folders/1234567") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IAMBinding; + * import com.pulumi.gcp.folder.IAMBindingArgs; + * import com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IAMBinding("folder", IAMBindingArgs.builder() + * .folder("folders/1234567") + * .role("roles/container.admin") + * .members("user:jane@example.com") + * .condition(IAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_folder\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IAMMember; + * import com.pulumi.gcp.folder.IAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IAMMember("folder", IAMMemberArgs.builder() + * .folder("folders/1234567") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IAMMember; + * import com.pulumi.gcp.folder.IAMMemberArgs; + * import com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IAMMember("folder", IAMMemberArgs.builder() + * .folder("folders/1234567") + * .role("roles/firebase.admin") + * .member("user:jane@example.com") + * .condition(IAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_folder\_iam\_audit\_config + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IamAuditConfig; + * import com.pulumi.gcp.folder.IamAuditConfigArgs; + * import com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IamAuditConfig("folder", IamAuditConfigArgs.builder() + * .folder("folders/1234567") + * .service("allServices") + * .auditLogConfigs( + * IamAuditConfigAuditLogConfigArgs.builder() + * .logType("ADMIN_READ") + * .build(), + * IamAuditConfigAuditLogConfigArgs.builder() + * .logType("DATA_READ") + * .exemptedMembers("user:joebloggs@example.com") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing Audit Configs diff --git a/sdk/java/src/main/java/com/pulumi/gcp/folder/IamAuditConfig.java b/sdk/java/src/main/java/com/pulumi/gcp/folder/IamAuditConfig.java index 6e6273a26d..4a3bad4096 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/folder/IamAuditConfig.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/folder/IamAuditConfig.java @@ -324,6 +324,300 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_folder\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your folder + * using this resource. Deleting a `gcp.folder.IAMPolicy` removes access + * from anyone without permissions on its parent folder/organization. Proceed with caution. + * It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder + * to avoid locking yourself out, and it should generally only be used with folders + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.folder.IAMPolicy; + * import com.pulumi.gcp.folder.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var folder = new IAMPolicy("folder", IAMPolicyArgs.builder() + * .folder("folders/1234567") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.folder.IAMPolicy; + * import com.pulumi.gcp.folder.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var folder = new IAMPolicy("folder", IAMPolicyArgs.builder() + * .folder("folders/1234567") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_folder\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IAMBinding; + * import com.pulumi.gcp.folder.IAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IAMBinding("folder", IAMBindingArgs.builder() + * .folder("folders/1234567") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IAMBinding; + * import com.pulumi.gcp.folder.IAMBindingArgs; + * import com.pulumi.gcp.folder.inputs.IAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IAMBinding("folder", IAMBindingArgs.builder() + * .folder("folders/1234567") + * .role("roles/container.admin") + * .members("user:jane@example.com") + * .condition(IAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_folder\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IAMMember; + * import com.pulumi.gcp.folder.IAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IAMMember("folder", IAMMemberArgs.builder() + * .folder("folders/1234567") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IAMMember; + * import com.pulumi.gcp.folder.IAMMemberArgs; + * import com.pulumi.gcp.folder.inputs.IAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IAMMember("folder", IAMMemberArgs.builder() + * .folder("folders/1234567") + * .role("roles/firebase.admin") + * .member("user:jane@example.com") + * .condition(IAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_folder\_iam\_audit\_config + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.folder.IamAuditConfig; + * import com.pulumi.gcp.folder.IamAuditConfigArgs; + * import com.pulumi.gcp.folder.inputs.IamAuditConfigAuditLogConfigArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var folder = new IamAuditConfig("folder", IamAuditConfigArgs.builder() + * .folder("folders/1234567") + * .service("allServices") + * .auditLogConfigs( + * IamAuditConfigAuditLogConfigArgs.builder() + * .logType("ADMIN_READ") + * .build(), + * IamAuditConfigAuditLogConfigArgs.builder() + * .logType("DATA_READ") + * .exemptedMembers("user:joebloggs@example.com") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing Audit Configs diff --git a/sdk/java/src/main/java/com/pulumi/gcp/folder/inputs/IAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/folder/inputs/IAMMemberState.java index a2296ba62b..4495a333e6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/folder/inputs/IAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/folder/inputs/IAMMemberState.java @@ -63,9 +63,27 @@ public Optional> folder() { return Optional.ofNullable(this.folder); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -182,11 +200,33 @@ public Builder folder(String folder) { return folder(Output.of(folder)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamBinding.java index 44d3386946..c4cbd69e42 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_gke\_backup\_backup\_plan\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.gkebackup.BackupPlanIamPolicy; + * import com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new BackupPlanIamPolicy("policy", BackupPlanIamPolicyArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .name(basic.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_backup\_backup\_plan\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkebackup.BackupPlanIamBinding; + * import com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new BackupPlanIamBinding("binding", BackupPlanIamBindingArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .name(basic.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_backup\_backup\_plan\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkebackup.BackupPlanIamMember; + * import com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new BackupPlanIamMember("member", BackupPlanIamMemberArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .name(basic.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -227,9 +346,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -251,18 +398,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -271,18 +406,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamBindingArgs.java index 14b9829db2..f9e38968e4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamBindingArgs.java @@ -42,9 +42,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -68,18 +96,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -88,18 +104,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -185,15 +189,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -223,18 +275,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -247,18 +287,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamMember.java index 00af57942b..c8a06801bf 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_gke\_backup\_backup\_plan\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.gkebackup.BackupPlanIamPolicy; + * import com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new BackupPlanIamPolicy("policy", BackupPlanIamPolicyArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .name(basic.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_backup\_backup\_plan\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkebackup.BackupPlanIamBinding; + * import com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new BackupPlanIamBinding("binding", BackupPlanIamBindingArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .name(basic.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_backup\_backup\_plan\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkebackup.BackupPlanIamMember; + * import com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new BackupPlanIamMember("member", BackupPlanIamMemberArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .name(basic.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -226,9 +345,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -250,18 +397,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -270,18 +405,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamMemberArgs.java index 74f09a4bbe..e3cf0590e2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamMemberArgs.java @@ -41,9 +41,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -67,18 +95,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -87,18 +103,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -184,11 +188,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -218,18 +254,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -242,18 +266,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamPolicy.java index b95c221008..a404306789 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_gke\_backup\_backup\_plan\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.gkebackup.BackupPlanIamPolicy; + * import com.pulumi.gcp.gkebackup.BackupPlanIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new BackupPlanIamPolicy("policy", BackupPlanIamPolicyArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .name(basic.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_backup\_backup\_plan\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkebackup.BackupPlanIamBinding; + * import com.pulumi.gcp.gkebackup.BackupPlanIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new BackupPlanIamBinding("binding", BackupPlanIamBindingArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .name(basic.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_backup\_backup\_plan\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkebackup.BackupPlanIamMember; + * import com.pulumi.gcp.gkebackup.BackupPlanIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new BackupPlanIamMember("member", BackupPlanIamMemberArgs.builder() + * .project(basic.project()) + * .location(basic.location()) + * .name(basic.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -252,18 +371,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -272,18 +379,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamPolicyArgs.java index b9a2906705..3e5f9e6887 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/BackupPlanIamPolicyArgs.java @@ -69,18 +69,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -89,18 +77,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -204,18 +180,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -228,18 +192,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/inputs/BackupPlanIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/inputs/BackupPlanIamBindingState.java index e7fcf074d5..8340e69cd3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/inputs/BackupPlanIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/inputs/BackupPlanIamBindingState.java @@ -56,9 +56,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -82,18 +110,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -102,18 +118,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -221,15 +225,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -259,18 +311,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -283,18 +323,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/inputs/BackupPlanIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/inputs/BackupPlanIamMemberState.java index f7689d3e25..68028ef62a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/inputs/BackupPlanIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/inputs/BackupPlanIamMemberState.java @@ -55,9 +55,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -81,18 +109,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -101,18 +117,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -220,11 +224,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -254,18 +290,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -278,18 +302,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/inputs/BackupPlanIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/inputs/BackupPlanIamPolicyState.java index eab0f79638..84be177001 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/inputs/BackupPlanIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkebackup/inputs/BackupPlanIamPolicyState.java @@ -83,18 +83,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -103,18 +91,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -240,18 +216,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -264,18 +228,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamBinding.java index ef19a691c2..b5c1a8b911 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_gke\_hub\_feature\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.gkehub.FeatureIamPolicy; + * import com.pulumi.gcp.gkehub.FeatureIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new FeatureIamPolicy("policy", FeatureIamPolicyArgs.builder() + * .project(feature.project()) + * .location(feature.location()) + * .name(feature.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_feature\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.FeatureIamBinding; + * import com.pulumi.gcp.gkehub.FeatureIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new FeatureIamBinding("binding", FeatureIamBindingArgs.builder() + * .project(feature.project()) + * .location(feature.location()) + * .name(feature.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_feature\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.FeatureIamMember; + * import com.pulumi.gcp.gkehub.FeatureIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new FeatureIamMember("member", FeatureIamMemberArgs.builder() + * .project(feature.project()) + * .location(feature.location()) + * .name(feature.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -225,9 +344,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -249,18 +396,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -269,18 +404,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamBindingArgs.java index d7a25d3610..d5199f5422 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamBindingArgs.java @@ -40,9 +40,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -66,18 +94,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +102,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -181,15 +185,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -219,18 +271,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -243,18 +283,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamMember.java index 4ac6f7645a..1b67954bf1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_gke\_hub\_feature\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.gkehub.FeatureIamPolicy; + * import com.pulumi.gcp.gkehub.FeatureIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new FeatureIamPolicy("policy", FeatureIamPolicyArgs.builder() + * .project(feature.project()) + * .location(feature.location()) + * .name(feature.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_feature\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.FeatureIamBinding; + * import com.pulumi.gcp.gkehub.FeatureIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new FeatureIamBinding("binding", FeatureIamBindingArgs.builder() + * .project(feature.project()) + * .location(feature.location()) + * .name(feature.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_feature\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.FeatureIamMember; + * import com.pulumi.gcp.gkehub.FeatureIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new FeatureIamMember("member", FeatureIamMemberArgs.builder() + * .project(feature.project()) + * .location(feature.location()) + * .name(feature.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -224,9 +343,37 @@ public Output etag() { public Output location() { return this.location; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -248,18 +395,6 @@ public Output name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -268,18 +403,6 @@ public Output name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamMemberArgs.java index a6b321c218..4a7aec6b90 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamMemberArgs.java @@ -39,9 +39,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -65,18 +93,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -85,18 +101,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -180,11 +184,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -214,18 +250,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -238,18 +262,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamPolicy.java index 553d14db10..cc2218d823 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_gke\_hub\_feature\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.gkehub.FeatureIamPolicy; + * import com.pulumi.gcp.gkehub.FeatureIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new FeatureIamPolicy("policy", FeatureIamPolicyArgs.builder() + * .project(feature.project()) + * .location(feature.location()) + * .name(feature.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_feature\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.FeatureIamBinding; + * import com.pulumi.gcp.gkehub.FeatureIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new FeatureIamBinding("binding", FeatureIamBindingArgs.builder() + * .project(feature.project()) + * .location(feature.location()) + * .name(feature.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_feature\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.FeatureIamMember; + * import com.pulumi.gcp.gkehub.FeatureIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new FeatureIamMember("member", FeatureIamMemberArgs.builder() + * .project(feature.project()) + * .location(feature.location()) + * .name(feature.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -250,18 +369,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -270,18 +377,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamPolicyArgs.java index d0a9743d18..1d56bd6302 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/FeatureIamPolicyArgs.java @@ -67,18 +67,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -87,18 +75,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -200,18 +176,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -224,18 +188,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamBinding.java index 74f2315403..6ea04e98a5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_gke\_hub\_membership\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.gkehub.MembershipIamPolicy; + * import com.pulumi.gcp.gkehub.MembershipIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new MembershipIamPolicy("policy", MembershipIamPolicyArgs.builder() + * .project(membership.project()) + * .location(membership.location()) + * .membershipId(membership.membershipId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_membership\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.MembershipIamBinding; + * import com.pulumi.gcp.gkehub.MembershipIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new MembershipIamBinding("binding", MembershipIamBindingArgs.builder() + * .project(membership.project()) + * .location(membership.location()) + * .membershipId(membership.membershipId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_membership\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.MembershipIamMember; + * import com.pulumi.gcp.gkehub.MembershipIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new MembershipIamMember("member", MembershipIamMemberArgs.builder() + * .project(membership.project()) + * .location(membership.location()) + * .membershipId(membership.membershipId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -229,24 +348,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } - @Export(name="membershipId", refs={String.class}, tree="[0]") - private Output membershipId; - - public Output membershipId() { - return this.membershipId; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,15 +362,12 @@ public Output membershipId() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -278,6 +379,28 @@ public Output membershipId() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + @Export(name="membershipId", refs={String.class}, tree="[0]") + private Output membershipId; + + public Output membershipId() { + return this.membershipId; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamBindingArgs.java index 90c99b5780..e5cb63076b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamBindingArgs.java @@ -44,9 +44,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -62,18 +90,6 @@ public Output membershipId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -82,18 +98,6 @@ public Output membershipId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -181,15 +185,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -207,18 +259,6 @@ public Builder membershipId(String membershipId) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -231,18 +271,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamMember.java index fcbb9e8988..51234a7818 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_gke\_hub\_membership\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.gkehub.MembershipIamPolicy; + * import com.pulumi.gcp.gkehub.MembershipIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new MembershipIamPolicy("policy", MembershipIamPolicyArgs.builder() + * .project(membership.project()) + * .location(membership.location()) + * .membershipId(membership.membershipId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_membership\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.MembershipIamBinding; + * import com.pulumi.gcp.gkehub.MembershipIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new MembershipIamBinding("binding", MembershipIamBindingArgs.builder() + * .project(membership.project()) + * .location(membership.location()) + * .membershipId(membership.membershipId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_membership\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.MembershipIamMember; + * import com.pulumi.gcp.gkehub.MembershipIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new MembershipIamMember("member", MembershipIamMemberArgs.builder() + * .project(membership.project()) + * .location(membership.location()) + * .membershipId(membership.membershipId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -228,24 +347,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } - @Export(name="membershipId", refs={String.class}, tree="[0]") - private Output membershipId; - - public Output membershipId() { - return this.membershipId; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -257,15 +361,12 @@ public Output membershipId() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -277,6 +378,28 @@ public Output membershipId() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + @Export(name="membershipId", refs={String.class}, tree="[0]") + private Output membershipId; + + public Output membershipId() { + return this.membershipId; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamMemberArgs.java index 90642e08f8..9f94b2f326 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamMemberArgs.java @@ -43,9 +43,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -61,18 +89,6 @@ public Output membershipId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -81,18 +97,6 @@ public Output membershipId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -180,11 +184,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -202,18 +238,6 @@ public Builder membershipId(String membershipId) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -226,18 +250,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamPolicy.java index 583e57c3ab..2bae730a90 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_gke\_hub\_membership\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.gkehub.MembershipIamPolicy; + * import com.pulumi.gcp.gkehub.MembershipIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new MembershipIamPolicy("policy", MembershipIamPolicyArgs.builder() + * .project(membership.project()) + * .location(membership.location()) + * .membershipId(membership.membershipId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_membership\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.MembershipIamBinding; + * import com.pulumi.gcp.gkehub.MembershipIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new MembershipIamBinding("binding", MembershipIamBindingArgs.builder() + * .project(membership.project()) + * .location(membership.location()) + * .membershipId(membership.membershipId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_membership\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.MembershipIamMember; + * import com.pulumi.gcp.gkehub.MembershipIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new MembershipIamMember("member", MembershipIamMemberArgs.builder() + * .project(membership.project()) + * .location(membership.location()) + * .membershipId(membership.membershipId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -246,18 +365,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -266,18 +373,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamPolicyArgs.java index b46029deb6..d123388836 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/MembershipIamPolicyArgs.java @@ -63,18 +63,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -83,18 +71,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -188,18 +164,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -212,18 +176,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamBinding.java index 85b32a660b..fd1bd1dff7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_gke\_hub\_scope\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.gkehub.ScopeIamPolicy; + * import com.pulumi.gcp.gkehub.ScopeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ScopeIamPolicy("policy", ScopeIamPolicyArgs.builder() + * .project(scope.project()) + * .scopeId(scope.scopeId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_scope\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.ScopeIamBinding; + * import com.pulumi.gcp.gkehub.ScopeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ScopeIamBinding("binding", ScopeIamBindingArgs.builder() + * .project(scope.project()) + * .scopeId(scope.scopeId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_scope\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.ScopeIamMember; + * import com.pulumi.gcp.gkehub.ScopeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ScopeIamMember("member", ScopeIamMemberArgs.builder() + * .project(scope.project()) + * .scopeId(scope.scopeId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -206,18 +322,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -229,15 +336,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,6 +353,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamBindingArgs.java index 23e57415ab..4e47a3656e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamBindingArgs.java @@ -25,19 +25,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -49,15 +39,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -69,6 +56,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -136,25 +140,30 @@ public Builder condition(ScopeIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -168,17 +177,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,6 +197,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamMember.java index 88065633ac..ce4c1277b7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_gke\_hub\_scope\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.gkehub.ScopeIamPolicy; + * import com.pulumi.gcp.gkehub.ScopeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ScopeIamPolicy("policy", ScopeIamPolicyArgs.builder() + * .project(scope.project()) + * .scopeId(scope.scopeId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_scope\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.ScopeIamBinding; + * import com.pulumi.gcp.gkehub.ScopeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ScopeIamBinding("binding", ScopeIamBindingArgs.builder() + * .project(scope.project()) + * .scopeId(scope.scopeId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_scope\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.ScopeIamMember; + * import com.pulumi.gcp.gkehub.ScopeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ScopeIamMember("member", ScopeIamMemberArgs.builder() + * .project(scope.project()) + * .scopeId(scope.scopeId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -205,18 +321,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,15 +335,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,6 +352,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamMemberArgs.java index c00d091819..3d46da764b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamMemberArgs.java @@ -24,19 +24,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -48,15 +38,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -68,6 +55,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -135,21 +139,9 @@ public Builder condition(ScopeIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -163,17 +155,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -187,6 +176,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamPolicy.java index abfad11339..6298e9637c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_gke\_hub\_scope\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.gkehub.ScopeIamPolicy; + * import com.pulumi.gcp.gkehub.ScopeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ScopeIamPolicy("policy", ScopeIamPolicyArgs.builder() + * .project(scope.project()) + * .scopeId(scope.scopeId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_scope\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.ScopeIamBinding; + * import com.pulumi.gcp.gkehub.ScopeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ScopeIamBinding("binding", ScopeIamBindingArgs.builder() + * .project(scope.project()) + * .scopeId(scope.scopeId()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_gke\_hub\_scope\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.gkehub.ScopeIamMember; + * import com.pulumi.gcp.gkehub.ScopeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ScopeIamMember("member", ScopeIamMemberArgs.builder() + * .project(scope.project()) + * .scopeId(scope.scopeId()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -217,18 +333,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -237,18 +341,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamPolicyArgs.java index 1c6d25d555..8207862d00 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/ScopeIamPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -134,18 +110,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -158,18 +122,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureIamBindingState.java index b4f1a1fa2f..5000ab3f7a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureIamBindingState.java @@ -54,9 +54,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -80,18 +108,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -100,18 +116,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -217,15 +221,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -255,18 +307,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -279,18 +319,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureIamMemberState.java index 664a8cdc22..bcf7f4cf21 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureIamMemberState.java @@ -53,9 +53,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -79,18 +107,6 @@ public Optional> name() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -99,18 +115,6 @@ public Optional> name() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -216,11 +220,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -250,18 +286,6 @@ public Builder name(String name) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -274,18 +298,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureIamPolicyState.java index 4fb6c9d9a1..233881417f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/FeatureIamPolicyState.java @@ -81,18 +81,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -101,18 +89,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -236,18 +212,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -260,18 +224,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/MembershipIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/MembershipIamBindingState.java index ff62baeb37..ef9e921826 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/MembershipIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/MembershipIamBindingState.java @@ -58,9 +58,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -76,18 +104,6 @@ public Optional> membershipId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -96,18 +112,6 @@ public Optional> membershipId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -217,15 +221,63 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -243,18 +295,6 @@ public Builder membershipId(String membershipId) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -267,18 +307,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/MembershipIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/MembershipIamMemberState.java index 27e8276f25..180858bc2c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/MembershipIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/MembershipIamMemberState.java @@ -57,9 +57,37 @@ public Optional> location() { return Optional.ofNullable(this.location); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -75,18 +103,6 @@ public Optional> membershipId() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -95,18 +111,6 @@ public Optional> membershipId() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -216,11 +220,43 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -238,18 +274,6 @@ public Builder membershipId(String membershipId) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -262,18 +286,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/MembershipIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/MembershipIamPolicyState.java index a4e6a82a6b..47001a4ee0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/MembershipIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/MembershipIamPolicyState.java @@ -77,18 +77,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -97,18 +85,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -224,18 +200,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -248,18 +212,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/ScopeIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/ScopeIamBindingState.java index 53a91579eb..52420f68e8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/ScopeIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/ScopeIamBindingState.java @@ -39,19 +39,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -172,25 +176,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -204,17 +213,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,6 +233,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/ScopeIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/ScopeIamMemberState.java index 333fc10c0b..1a5d957919 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/ScopeIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/ScopeIamMemberState.java @@ -38,19 +38,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -62,15 +52,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -82,6 +69,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -171,21 +175,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,17 +191,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -223,6 +212,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/ScopeIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/ScopeIamPolicyState.java index 71ebbd1119..b1079d0ccb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/ScopeIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/gkehub/inputs/ScopeIamPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -170,18 +146,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -194,18 +158,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamBinding.java index b0f20f0754..33c57d2880 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_consent\_store\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.ConsentStoreIamPolicy; + * import com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ConsentStoreIamPolicy("policy", ConsentStoreIamPolicyArgs.builder() + * .dataset(my_consent.dataset()) + * .consentStoreId(my_consent.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_consent\_store\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.ConsentStoreIamBinding; + * import com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ConsentStoreIamBinding("binding", ConsentStoreIamBindingArgs.builder() + * .dataset(my_consent.dataset()) + * .consentStoreId(my_consent.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_consent\_store\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.ConsentStoreIamMember; + * import com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ConsentStoreIamMember("member", ConsentStoreIamMemberArgs.builder() + * .dataset(my_consent.dataset()) + * .consentStoreId(my_consent.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -209,18 +325,6 @@ public Output consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="dataset", refs={String.class}, tree="[0]") private Output dataset; @@ -230,18 +334,6 @@ public Output consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output dataset() { return this.dataset; @@ -260,9 +352,37 @@ public Output dataset() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamBindingArgs.java index 26945b01d8..3871fa873d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamBindingArgs.java @@ -45,8 +45,23 @@ public Output consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + @Import(name="dataset", required=true) + private Output dataset; + + /** + * @return Identifies the dataset addressed by this request. Must be in the format + * 'projects/{project}/locations/{location}/datasets/{dataset}' + * Used to find the parent resource to bind the IAM policy to + * + */ + public Output dataset() { + return this.dataset; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -58,16 +73,12 @@ public Output consentStoreId() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="dataset", required=true) - private Output dataset; + @Import(name="members", required=true) + private Output> members; /** - * @return Identifies the dataset addressed by this request. Must be in the format - * 'projects/{project}/locations/{location}/datasets/{dataset}' - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,13 +90,6 @@ public Output consentStoreId() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - public Output dataset() { - return this.dataset; - } - - @Import(name="members", required=true) - private Output> members; - public Output> members() { return this.members; } @@ -172,18 +176,6 @@ public Builder consentStoreId(String consentStoreId) { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -197,8 +189,16 @@ public Builder dataset(Output dataset) { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder dataset(String dataset) { + return dataset(Output.of(dataset)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -212,19 +212,47 @@ public Builder dataset(Output dataset) { * @return builder * */ - public Builder dataset(String dataset) { - return dataset(Output.of(dataset)); - } - public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamMember.java index 75723d5424..c07d94f215 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_consent\_store\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.ConsentStoreIamPolicy; + * import com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ConsentStoreIamPolicy("policy", ConsentStoreIamPolicyArgs.builder() + * .dataset(my_consent.dataset()) + * .consentStoreId(my_consent.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_consent\_store\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.ConsentStoreIamBinding; + * import com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ConsentStoreIamBinding("binding", ConsentStoreIamBindingArgs.builder() + * .dataset(my_consent.dataset()) + * .consentStoreId(my_consent.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_consent\_store\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.ConsentStoreIamMember; + * import com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ConsentStoreIamMember("member", ConsentStoreIamMemberArgs.builder() + * .dataset(my_consent.dataset()) + * .consentStoreId(my_consent.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -208,18 +324,6 @@ public Output consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="dataset", refs={String.class}, tree="[0]") private Output dataset; @@ -229,18 +333,6 @@ public Output consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output dataset() { return this.dataset; @@ -259,9 +351,37 @@ public Output dataset() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamMemberArgs.java index 8e7cdc260c..413d88b75f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamMemberArgs.java @@ -44,8 +44,23 @@ public Output consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + @Import(name="dataset", required=true) + private Output dataset; + + /** + * @return Identifies the dataset addressed by this request. Must be in the format + * 'projects/{project}/locations/{location}/datasets/{dataset}' + * Used to find the parent resource to bind the IAM policy to + * + */ + public Output dataset() { + return this.dataset; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -57,16 +72,12 @@ public Output consentStoreId() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="dataset", required=true) - private Output dataset; + @Import(name="member", required=true) + private Output member; /** - * @return Identifies the dataset addressed by this request. Must be in the format - * 'projects/{project}/locations/{location}/datasets/{dataset}' - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,13 +89,6 @@ public Output consentStoreId() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - public Output dataset() { - return this.dataset; - } - - @Import(name="member", required=true) - private Output member; - public Output member() { return this.member; } @@ -171,18 +175,6 @@ public Builder consentStoreId(String consentStoreId) { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -196,8 +188,16 @@ public Builder dataset(Output dataset) { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder dataset(String dataset) { + return dataset(Output.of(dataset)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -211,15 +211,27 @@ public Builder dataset(Output dataset) { * @return builder * */ - public Builder dataset(String dataset) { - return dataset(Output.of(dataset)); - } - public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamPolicy.java index cd2805175c..272680161d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_consent\_store\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.ConsentStoreIamPolicy; + * import com.pulumi.gcp.healthcare.ConsentStoreIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ConsentStoreIamPolicy("policy", ConsentStoreIamPolicyArgs.builder() + * .dataset(my_consent.dataset()) + * .consentStoreId(my_consent.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_consent\_store\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.ConsentStoreIamBinding; + * import com.pulumi.gcp.healthcare.ConsentStoreIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ConsentStoreIamBinding("binding", ConsentStoreIamBindingArgs.builder() + * .dataset(my_consent.dataset()) + * .consentStoreId(my_consent.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_consent\_store\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.ConsentStoreIamMember; + * import com.pulumi.gcp.healthcare.ConsentStoreIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ConsentStoreIamMember("member", ConsentStoreIamMemberArgs.builder() + * .dataset(my_consent.dataset()) + * .consentStoreId(my_consent.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -200,18 +316,6 @@ public Output consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="dataset", refs={String.class}, tree="[0]") private Output dataset; @@ -221,18 +325,6 @@ public Output consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output dataset() { return this.dataset; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamPolicyArgs.java index 6bf6c80483..aba8a6b49a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/ConsentStoreIamPolicyArgs.java @@ -34,18 +34,6 @@ public Output consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="dataset", required=true) private Output dataset; @@ -55,18 +43,6 @@ public Output consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output dataset() { return this.dataset; @@ -141,18 +117,6 @@ public Builder consentStoreId(String consentStoreId) { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -166,18 +130,6 @@ public Builder dataset(Output dataset) { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamBinding.java index a123b30a44..9692afa4ca 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamBinding.java @@ -140,6 +140,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_dataset\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.DatasetIamPolicy; + * import com.pulumi.gcp.healthcare.DatasetIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var dataset = new DatasetIamPolicy("dataset", DatasetIamPolicyArgs.builder() + * .datasetId("your-dataset-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_dataset\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.DatasetIamBinding; + * import com.pulumi.gcp.healthcare.DatasetIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dataset = new DatasetIamBinding("dataset", DatasetIamBindingArgs.builder() + * .datasetId("your-dataset-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_dataset\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.DatasetIamMember; + * import com.pulumi.gcp.healthcare.DatasetIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dataset = new DatasetIamMember("dataset", DatasetIamMemberArgs.builder() + * .datasetId("your-dataset-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -181,15 +294,6 @@ public Output> condition() { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="datasetId", refs={String.class}, tree="[0]") private Output datasetId; @@ -200,15 +304,6 @@ public Output> condition() { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output datasetId() { return this.datasetId; @@ -227,9 +322,31 @@ public Output datasetId() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamBindingArgs.java index 552ff8f9ec..5bb965bedd 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamBindingArgs.java @@ -31,15 +31,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="datasetId", required=true) private Output datasetId; @@ -50,8 +41,14 @@ public Optional> condition() { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output datasetId() { + return this.datasetId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -60,13 +57,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output datasetId() { - return this.datasetId; - } - @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -132,15 +136,6 @@ public Builder condition(DatasetIamBindingConditionArgs condition) { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -155,8 +150,16 @@ public Builder datasetId(Output datasetId) { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder datasetId(String datasetId) { + return datasetId(Output.of(datasetId)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -167,19 +170,41 @@ public Builder datasetId(Output datasetId) { * @return builder * */ - public Builder datasetId(String datasetId) { - return datasetId(Output.of(datasetId)); - } - public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamMember.java index 96969adbe0..24ab9c71c7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamMember.java @@ -139,6 +139,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_dataset\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.DatasetIamPolicy; + * import com.pulumi.gcp.healthcare.DatasetIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var dataset = new DatasetIamPolicy("dataset", DatasetIamPolicyArgs.builder() + * .datasetId("your-dataset-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_dataset\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.DatasetIamBinding; + * import com.pulumi.gcp.healthcare.DatasetIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dataset = new DatasetIamBinding("dataset", DatasetIamBindingArgs.builder() + * .datasetId("your-dataset-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_dataset\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.DatasetIamMember; + * import com.pulumi.gcp.healthcare.DatasetIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dataset = new DatasetIamMember("dataset", DatasetIamMemberArgs.builder() + * .datasetId("your-dataset-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -180,15 +293,6 @@ public Output> condition() { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="datasetId", refs={String.class}, tree="[0]") private Output datasetId; @@ -199,15 +303,6 @@ public Output> condition() { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output datasetId() { return this.datasetId; @@ -226,9 +321,31 @@ public Output datasetId() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamMemberArgs.java index c5f95c4ca1..98df9ce868 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamMemberArgs.java @@ -30,15 +30,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="datasetId", required=true) private Output datasetId; @@ -49,8 +40,14 @@ public Optional> condition() { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output datasetId() { + return this.datasetId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -59,13 +56,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output datasetId() { - return this.datasetId; - } - @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -131,15 +135,6 @@ public Builder condition(DatasetIamMemberConditionArgs condition) { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -154,8 +149,16 @@ public Builder datasetId(Output datasetId) { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder datasetId(String datasetId) { + return datasetId(Output.of(datasetId)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -166,15 +169,24 @@ public Builder datasetId(Output datasetId) { * @return builder * */ - public Builder datasetId(String datasetId) { - return datasetId(Output.of(datasetId)); - } - public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamPolicy.java index afcc5d58e5..b66e354c3d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamPolicy.java @@ -137,6 +137,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_dataset\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.DatasetIamPolicy; + * import com.pulumi.gcp.healthcare.DatasetIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var dataset = new DatasetIamPolicy("dataset", DatasetIamPolicyArgs.builder() + * .datasetId("your-dataset-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_dataset\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.DatasetIamBinding; + * import com.pulumi.gcp.healthcare.DatasetIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dataset = new DatasetIamBinding("dataset", DatasetIamBindingArgs.builder() + * .datasetId("your-dataset-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_dataset\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.DatasetIamMember; + * import com.pulumi.gcp.healthcare.DatasetIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dataset = new DatasetIamMember("dataset", DatasetIamMemberArgs.builder() + * .datasetId("your-dataset-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -172,15 +285,6 @@ public class DatasetIamPolicy extends com.pulumi.resources.CustomResource { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="datasetId", refs={String.class}, tree="[0]") private Output datasetId; @@ -191,15 +295,6 @@ public class DatasetIamPolicy extends com.pulumi.resources.CustomResource { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output datasetId() { return this.datasetId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamPolicyArgs.java index 4cb34ba6de..5f4d781666 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DatasetIamPolicyArgs.java @@ -20,15 +20,6 @@ public final class DatasetIamPolicyArgs extends com.pulumi.resources.ResourceArg * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="datasetId", required=true) private Output datasetId; @@ -39,15 +30,6 @@ public final class DatasetIamPolicyArgs extends com.pulumi.resources.ResourceArg * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output datasetId() { return this.datasetId; @@ -101,15 +83,6 @@ public Builder(DatasetIamPolicyArgs defaults) { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -124,15 +97,6 @@ public Builder datasetId(Output datasetId) { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamBinding.java index 8d492774ea..ae35de1202 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamBinding.java @@ -140,6 +140,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_dicom\_store\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.DicomStoreIamPolicy; + * import com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var dicomStore = new DicomStoreIamPolicy("dicomStore", DicomStoreIamPolicyArgs.builder() + * .dicomStoreId("your-dicom-store-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_dicom\_store\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.DicomStoreIamBinding; + * import com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dicomStore = new DicomStoreIamBinding("dicomStore", DicomStoreIamBindingArgs.builder() + * .dicomStoreId("your-dicom-store-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_dicom\_store\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.DicomStoreIamMember; + * import com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dicomStore = new DicomStoreIamMember("dicomStore", DicomStoreIamMemberArgs.builder() + * .dicomStoreId("your-dicom-store-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -181,15 +294,6 @@ public Output> condition() { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="dicomStoreId", refs={String.class}, tree="[0]") private Output dicomStoreId; @@ -200,15 +304,6 @@ public Output> condition() { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output dicomStoreId() { return this.dicomStoreId; @@ -227,9 +322,31 @@ public Output dicomStoreId() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamBindingArgs.java index 47d8d5464a..d7b995e6e4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamBindingArgs.java @@ -31,15 +31,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="dicomStoreId", required=true) private Output dicomStoreId; @@ -50,8 +41,14 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output dicomStoreId() { + return this.dicomStoreId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -60,13 +57,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output dicomStoreId() { - return this.dicomStoreId; - } - @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -132,15 +136,6 @@ public Builder condition(DicomStoreIamBindingConditionArgs condition) { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -155,8 +150,16 @@ public Builder dicomStoreId(Output dicomStoreId) { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder dicomStoreId(String dicomStoreId) { + return dicomStoreId(Output.of(dicomStoreId)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -167,19 +170,41 @@ public Builder dicomStoreId(Output dicomStoreId) { * @return builder * */ - public Builder dicomStoreId(String dicomStoreId) { - return dicomStoreId(Output.of(dicomStoreId)); - } - public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamMember.java index 16a21a951d..2bf7367577 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamMember.java @@ -139,6 +139,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_dicom\_store\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.DicomStoreIamPolicy; + * import com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var dicomStore = new DicomStoreIamPolicy("dicomStore", DicomStoreIamPolicyArgs.builder() + * .dicomStoreId("your-dicom-store-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_dicom\_store\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.DicomStoreIamBinding; + * import com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dicomStore = new DicomStoreIamBinding("dicomStore", DicomStoreIamBindingArgs.builder() + * .dicomStoreId("your-dicom-store-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_dicom\_store\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.DicomStoreIamMember; + * import com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dicomStore = new DicomStoreIamMember("dicomStore", DicomStoreIamMemberArgs.builder() + * .dicomStoreId("your-dicom-store-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -180,15 +293,6 @@ public Output> condition() { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="dicomStoreId", refs={String.class}, tree="[0]") private Output dicomStoreId; @@ -199,15 +303,6 @@ public Output> condition() { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output dicomStoreId() { return this.dicomStoreId; @@ -226,9 +321,31 @@ public Output dicomStoreId() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamMemberArgs.java index 4d0ff4e3f1..61edf218b0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamMemberArgs.java @@ -30,15 +30,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="dicomStoreId", required=true) private Output dicomStoreId; @@ -49,8 +40,14 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output dicomStoreId() { + return this.dicomStoreId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -59,13 +56,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output dicomStoreId() { - return this.dicomStoreId; - } - @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -131,15 +135,6 @@ public Builder condition(DicomStoreIamMemberConditionArgs condition) { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -154,8 +149,16 @@ public Builder dicomStoreId(Output dicomStoreId) { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder dicomStoreId(String dicomStoreId) { + return dicomStoreId(Output.of(dicomStoreId)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -166,15 +169,24 @@ public Builder dicomStoreId(Output dicomStoreId) { * @return builder * */ - public Builder dicomStoreId(String dicomStoreId) { - return dicomStoreId(Output.of(dicomStoreId)); - } - public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamPolicy.java index c8b8578365..37e8160b2f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamPolicy.java @@ -137,6 +137,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_dicom\_store\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.DicomStoreIamPolicy; + * import com.pulumi.gcp.healthcare.DicomStoreIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var dicomStore = new DicomStoreIamPolicy("dicomStore", DicomStoreIamPolicyArgs.builder() + * .dicomStoreId("your-dicom-store-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_dicom\_store\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.DicomStoreIamBinding; + * import com.pulumi.gcp.healthcare.DicomStoreIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dicomStore = new DicomStoreIamBinding("dicomStore", DicomStoreIamBindingArgs.builder() + * .dicomStoreId("your-dicom-store-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_dicom\_store\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.DicomStoreIamMember; + * import com.pulumi.gcp.healthcare.DicomStoreIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var dicomStore = new DicomStoreIamMember("dicomStore", DicomStoreIamMemberArgs.builder() + * .dicomStoreId("your-dicom-store-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -172,15 +285,6 @@ public class DicomStoreIamPolicy extends com.pulumi.resources.CustomResource { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="dicomStoreId", refs={String.class}, tree="[0]") private Output dicomStoreId; @@ -191,15 +295,6 @@ public class DicomStoreIamPolicy extends com.pulumi.resources.CustomResource { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output dicomStoreId() { return this.dicomStoreId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamPolicyArgs.java index c38703f0c2..fe66a1f019 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/DicomStoreIamPolicyArgs.java @@ -20,15 +20,6 @@ public final class DicomStoreIamPolicyArgs extends com.pulumi.resources.Resource * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="dicomStoreId", required=true) private Output dicomStoreId; @@ -39,15 +30,6 @@ public final class DicomStoreIamPolicyArgs extends com.pulumi.resources.Resource * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output dicomStoreId() { return this.dicomStoreId; @@ -101,15 +83,6 @@ public Builder(DicomStoreIamPolicyArgs defaults) { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -124,15 +97,6 @@ public Builder dicomStoreId(Output dicomStoreId) { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamBinding.java index b59894c1c1..62998ced78 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamBinding.java @@ -140,6 +140,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_fhir\_store\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.FhirStoreIamPolicy; + * import com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var fhirStore = new FhirStoreIamPolicy("fhirStore", FhirStoreIamPolicyArgs.builder() + * .fhirStoreId("your-fhir-store-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_fhir\_store\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.FhirStoreIamBinding; + * import com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var fhirStore = new FhirStoreIamBinding("fhirStore", FhirStoreIamBindingArgs.builder() + * .fhirStoreId("your-fhir-store-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_fhir\_store\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.FhirStoreIamMember; + * import com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var fhirStore = new FhirStoreIamMember("fhirStore", FhirStoreIamMemberArgs.builder() + * .fhirStoreId("your-fhir-store-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -195,15 +308,6 @@ public Output etag() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="fhirStoreId", refs={String.class}, tree="[0]") private Output fhirStoreId; @@ -214,8 +318,13 @@ public Output etag() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output fhirStoreId() { + return this.fhirStoreId; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -224,12 +333,20 @@ public Output etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output fhirStoreId() { - return this.fhirStoreId; - } @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamBindingArgs.java index 9516e10760..6ddbb86440 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamBindingArgs.java @@ -31,15 +31,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="fhirStoreId", required=true) private Output fhirStoreId; @@ -50,8 +41,14 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output fhirStoreId() { + return this.fhirStoreId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -60,13 +57,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output fhirStoreId() { - return this.fhirStoreId; - } - @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -132,15 +136,6 @@ public Builder condition(FhirStoreIamBindingConditionArgs condition) { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -155,8 +150,16 @@ public Builder fhirStoreId(Output fhirStoreId) { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder fhirStoreId(String fhirStoreId) { + return fhirStoreId(Output.of(fhirStoreId)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -167,19 +170,41 @@ public Builder fhirStoreId(Output fhirStoreId) { * @return builder * */ - public Builder fhirStoreId(String fhirStoreId) { - return fhirStoreId(Output.of(fhirStoreId)); - } - public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamMember.java index ca39426158..33ba6985f4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamMember.java @@ -139,6 +139,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_fhir\_store\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.FhirStoreIamPolicy; + * import com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var fhirStore = new FhirStoreIamPolicy("fhirStore", FhirStoreIamPolicyArgs.builder() + * .fhirStoreId("your-fhir-store-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_fhir\_store\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.FhirStoreIamBinding; + * import com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var fhirStore = new FhirStoreIamBinding("fhirStore", FhirStoreIamBindingArgs.builder() + * .fhirStoreId("your-fhir-store-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_fhir\_store\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.FhirStoreIamMember; + * import com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var fhirStore = new FhirStoreIamMember("fhirStore", FhirStoreIamMemberArgs.builder() + * .fhirStoreId("your-fhir-store-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -194,15 +307,6 @@ public Output etag() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="fhirStoreId", refs={String.class}, tree="[0]") private Output fhirStoreId; @@ -213,8 +317,13 @@ public Output etag() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output fhirStoreId() { + return this.fhirStoreId; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -223,12 +332,20 @@ public Output etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output fhirStoreId() { - return this.fhirStoreId; - } @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamMemberArgs.java index 8b6ab67c73..de3e298a0a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamMemberArgs.java @@ -30,15 +30,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="fhirStoreId", required=true) private Output fhirStoreId; @@ -49,8 +40,14 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output fhirStoreId() { + return this.fhirStoreId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -59,13 +56,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output fhirStoreId() { - return this.fhirStoreId; - } - @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -131,15 +135,6 @@ public Builder condition(FhirStoreIamMemberConditionArgs condition) { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -154,8 +149,16 @@ public Builder fhirStoreId(Output fhirStoreId) { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder fhirStoreId(String fhirStoreId) { + return fhirStoreId(Output.of(fhirStoreId)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -166,15 +169,24 @@ public Builder fhirStoreId(Output fhirStoreId) { * @return builder * */ - public Builder fhirStoreId(String fhirStoreId) { - return fhirStoreId(Output.of(fhirStoreId)); - } - public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamPolicy.java index a002ddb7d7..14bdf9abbb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamPolicy.java @@ -137,6 +137,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_fhir\_store\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.FhirStoreIamPolicy; + * import com.pulumi.gcp.healthcare.FhirStoreIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var fhirStore = new FhirStoreIamPolicy("fhirStore", FhirStoreIamPolicyArgs.builder() + * .fhirStoreId("your-fhir-store-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_fhir\_store\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.FhirStoreIamBinding; + * import com.pulumi.gcp.healthcare.FhirStoreIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var fhirStore = new FhirStoreIamBinding("fhirStore", FhirStoreIamBindingArgs.builder() + * .fhirStoreId("your-fhir-store-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_fhir\_store\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.FhirStoreIamMember; + * import com.pulumi.gcp.healthcare.FhirStoreIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var fhirStore = new FhirStoreIamMember("fhirStore", FhirStoreIamMemberArgs.builder() + * .fhirStoreId("your-fhir-store-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -186,15 +299,6 @@ public Output etag() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="fhirStoreId", refs={String.class}, tree="[0]") private Output fhirStoreId; @@ -205,15 +309,6 @@ public Output etag() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output fhirStoreId() { return this.fhirStoreId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamPolicyArgs.java index fe83c06c72..3ab71f8029 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/FhirStoreIamPolicyArgs.java @@ -20,15 +20,6 @@ public final class FhirStoreIamPolicyArgs extends com.pulumi.resources.ResourceA * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="fhirStoreId", required=true) private Output fhirStoreId; @@ -39,15 +30,6 @@ public final class FhirStoreIamPolicyArgs extends com.pulumi.resources.ResourceA * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output fhirStoreId() { return this.fhirStoreId; @@ -101,15 +83,6 @@ public Builder(FhirStoreIamPolicyArgs defaults) { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -124,15 +97,6 @@ public Builder fhirStoreId(Output fhirStoreId) { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamBinding.java index 0aa958d740..e4fec61ba1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamBinding.java @@ -140,6 +140,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.Hl7StoreIamPolicy; + * import com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var hl7V2Store = new Hl7StoreIamPolicy("hl7V2Store", Hl7StoreIamPolicyArgs.builder() + * .hl7V2StoreId("your-hl7-v2-store-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.Hl7StoreIamBinding; + * import com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var hl7V2Store = new Hl7StoreIamBinding("hl7V2Store", Hl7StoreIamBindingArgs.builder() + * .hl7V2StoreId("your-hl7-v2-store-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.Hl7StoreIamMember; + * import com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var hl7V2Store = new Hl7StoreIamMember("hl7V2Store", Hl7StoreIamMemberArgs.builder() + * .hl7V2StoreId("your-hl7-v2-store-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -195,15 +308,6 @@ public Output etag() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="hl7V2StoreId", refs={String.class}, tree="[0]") private Output hl7V2StoreId; @@ -214,8 +318,13 @@ public Output etag() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output hl7V2StoreId() { + return this.hl7V2StoreId; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -224,12 +333,20 @@ public Output etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output hl7V2StoreId() { - return this.hl7V2StoreId; - } @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamBindingArgs.java index a410671589..0a728dfef1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamBindingArgs.java @@ -31,15 +31,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="hl7V2StoreId", required=true) private Output hl7V2StoreId; @@ -50,8 +41,14 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output hl7V2StoreId() { + return this.hl7V2StoreId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -60,13 +57,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output hl7V2StoreId() { - return this.hl7V2StoreId; - } - @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -132,15 +136,6 @@ public Builder condition(Hl7StoreIamBindingConditionArgs condition) { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -155,8 +150,16 @@ public Builder hl7V2StoreId(Output hl7V2StoreId) { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder hl7V2StoreId(String hl7V2StoreId) { + return hl7V2StoreId(Output.of(hl7V2StoreId)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -167,19 +170,41 @@ public Builder hl7V2StoreId(Output hl7V2StoreId) { * @return builder * */ - public Builder hl7V2StoreId(String hl7V2StoreId) { - return hl7V2StoreId(Output.of(hl7V2StoreId)); - } - public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamMember.java index a071100ae0..c1920461bf 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamMember.java @@ -139,6 +139,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.Hl7StoreIamPolicy; + * import com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var hl7V2Store = new Hl7StoreIamPolicy("hl7V2Store", Hl7StoreIamPolicyArgs.builder() + * .hl7V2StoreId("your-hl7-v2-store-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.Hl7StoreIamBinding; + * import com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var hl7V2Store = new Hl7StoreIamBinding("hl7V2Store", Hl7StoreIamBindingArgs.builder() + * .hl7V2StoreId("your-hl7-v2-store-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.Hl7StoreIamMember; + * import com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var hl7V2Store = new Hl7StoreIamMember("hl7V2Store", Hl7StoreIamMemberArgs.builder() + * .hl7V2StoreId("your-hl7-v2-store-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -194,15 +307,6 @@ public Output etag() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="hl7V2StoreId", refs={String.class}, tree="[0]") private Output hl7V2StoreId; @@ -213,8 +317,13 @@ public Output etag() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output hl7V2StoreId() { + return this.hl7V2StoreId; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -223,12 +332,20 @@ public Output etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output hl7V2StoreId() { - return this.hl7V2StoreId; - } @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamMemberArgs.java index e3f08b066a..04add9eefa 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamMemberArgs.java @@ -30,15 +30,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="hl7V2StoreId", required=true) private Output hl7V2StoreId; @@ -49,8 +40,14 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output hl7V2StoreId() { + return this.hl7V2StoreId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -59,13 +56,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output hl7V2StoreId() { - return this.hl7V2StoreId; - } - @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -131,15 +135,6 @@ public Builder condition(Hl7StoreIamMemberConditionArgs condition) { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -154,8 +149,16 @@ public Builder hl7V2StoreId(Output hl7V2StoreId) { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder hl7V2StoreId(String hl7V2StoreId) { + return hl7V2StoreId(Output.of(hl7V2StoreId)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -166,15 +169,24 @@ public Builder hl7V2StoreId(Output hl7V2StoreId) { * @return builder * */ - public Builder hl7V2StoreId(String hl7V2StoreId) { - return hl7V2StoreId(Output.of(hl7V2StoreId)); - } - public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamPolicy.java index 9557b1db3e..e77d0afc07 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamPolicy.java @@ -137,6 +137,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.healthcare.Hl7StoreIamPolicy; + * import com.pulumi.gcp.healthcare.Hl7StoreIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var hl7V2Store = new Hl7StoreIamPolicy("hl7V2Store", Hl7StoreIamPolicyArgs.builder() + * .hl7V2StoreId("your-hl7-v2-store-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.Hl7StoreIamBinding; + * import com.pulumi.gcp.healthcare.Hl7StoreIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var hl7V2Store = new Hl7StoreIamBinding("hl7V2Store", Hl7StoreIamBindingArgs.builder() + * .hl7V2StoreId("your-hl7-v2-store-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.healthcare.Hl7StoreIamMember; + * import com.pulumi.gcp.healthcare.Hl7StoreIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var hl7V2Store = new Hl7StoreIamMember("hl7V2Store", Hl7StoreIamMemberArgs.builder() + * .hl7V2StoreId("your-hl7-v2-store-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -186,15 +299,6 @@ public Output etag() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="hl7V2StoreId", refs={String.class}, tree="[0]") private Output hl7V2StoreId; @@ -205,15 +309,6 @@ public Output etag() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output hl7V2StoreId() { return this.hl7V2StoreId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamPolicyArgs.java index 6604c63303..06c749818e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/Hl7StoreIamPolicyArgs.java @@ -20,15 +20,6 @@ public final class Hl7StoreIamPolicyArgs extends com.pulumi.resources.ResourceAr * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="hl7V2StoreId", required=true) private Output hl7V2StoreId; @@ -39,15 +30,6 @@ public final class Hl7StoreIamPolicyArgs extends com.pulumi.resources.ResourceAr * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output hl7V2StoreId() { return this.hl7V2StoreId; @@ -101,15 +83,6 @@ public Builder(Hl7StoreIamPolicyArgs defaults) { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -124,15 +97,6 @@ public Builder hl7V2StoreId(Output hl7V2StoreId) { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/ConsentStoreIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/ConsentStoreIamBindingState.java index af8be1f062..c3761f6ccb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/ConsentStoreIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/ConsentStoreIamBindingState.java @@ -44,18 +44,6 @@ public Optional> consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="dataset") private @Nullable Output dataset; @@ -65,18 +53,6 @@ public Optional> consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> dataset() { return Optional.ofNullable(this.dataset); @@ -97,9 +73,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -187,18 +191,6 @@ public Builder consentStoreId(String consentStoreId) { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -212,18 +204,6 @@ public Builder dataset(@Nullable Output dataset) { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -252,15 +232,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/ConsentStoreIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/ConsentStoreIamMemberState.java index bcaad92a9e..879e173a94 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/ConsentStoreIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/ConsentStoreIamMemberState.java @@ -43,18 +43,6 @@ public Optional> consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="dataset") private @Nullable Output dataset; @@ -64,18 +52,6 @@ public Optional> consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> dataset() { return Optional.ofNullable(this.dataset); @@ -96,9 +72,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -186,18 +190,6 @@ public Builder consentStoreId(String consentStoreId) { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -211,18 +203,6 @@ public Builder dataset(@Nullable Output dataset) { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -251,11 +231,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/ConsentStoreIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/ConsentStoreIamPolicyState.java index e835f29970..a37b6b2a14 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/ConsentStoreIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/ConsentStoreIamPolicyState.java @@ -35,18 +35,6 @@ public Optional> consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="dataset") private @Nullable Output dataset; @@ -56,18 +44,6 @@ public Optional> consentStoreId() { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> dataset() { return Optional.ofNullable(this.dataset); @@ -158,18 +134,6 @@ public Builder consentStoreId(String consentStoreId) { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -183,18 +147,6 @@ public Builder dataset(@Nullable Output dataset) { * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DatasetIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DatasetIamBindingState.java index a630b998e6..8bff1a8038 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DatasetIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DatasetIamBindingState.java @@ -30,15 +30,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="datasetId") private @Nullable Output datasetId; @@ -49,15 +40,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> datasetId() { return Optional.ofNullable(this.datasetId); @@ -78,9 +60,31 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -147,15 +151,6 @@ public Builder condition(DatasetIamBindingConditionArgs condition) { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -170,15 +165,6 @@ public Builder datasetId(@Nullable Output datasetId) { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -207,15 +193,54 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DatasetIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DatasetIamMemberState.java index e400bb8177..4a55d3cdb8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DatasetIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DatasetIamMemberState.java @@ -29,15 +29,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="datasetId") private @Nullable Output datasetId; @@ -48,15 +39,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> datasetId() { return Optional.ofNullable(this.datasetId); @@ -77,9 +59,31 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -146,15 +150,6 @@ public Builder condition(DatasetIamMemberConditionArgs condition) { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -169,15 +164,6 @@ public Builder datasetId(@Nullable Output datasetId) { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -206,11 +192,37 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DatasetIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DatasetIamPolicyState.java index 2f8ae6d0ca..7fd245489e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DatasetIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DatasetIamPolicyState.java @@ -21,15 +21,6 @@ public final class DatasetIamPolicyState extends com.pulumi.resources.ResourceAr * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="datasetId") private @Nullable Output datasetId; @@ -40,15 +31,6 @@ public final class DatasetIamPolicyState extends com.pulumi.resources.ResourceAr * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> datasetId() { return Optional.ofNullable(this.datasetId); @@ -118,15 +100,6 @@ public Builder(DatasetIamPolicyState defaults) { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -141,15 +114,6 @@ public Builder datasetId(@Nullable Output datasetId) { * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DicomStoreIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DicomStoreIamBindingState.java index 639a8687d1..ad886c3b47 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DicomStoreIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DicomStoreIamBindingState.java @@ -30,15 +30,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="dicomStoreId") private @Nullable Output dicomStoreId; @@ -49,15 +40,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> dicomStoreId() { return Optional.ofNullable(this.dicomStoreId); @@ -78,9 +60,31 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -147,15 +151,6 @@ public Builder condition(DicomStoreIamBindingConditionArgs condition) { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -170,15 +165,6 @@ public Builder dicomStoreId(@Nullable Output dicomStoreId) { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -207,15 +193,54 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DicomStoreIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DicomStoreIamMemberState.java index d56308c79b..b1fc6d1d5e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DicomStoreIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DicomStoreIamMemberState.java @@ -29,15 +29,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="dicomStoreId") private @Nullable Output dicomStoreId; @@ -48,15 +39,6 @@ public Optional> condition() { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> dicomStoreId() { return Optional.ofNullable(this.dicomStoreId); @@ -77,9 +59,31 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -146,15 +150,6 @@ public Builder condition(DicomStoreIamMemberConditionArgs condition) { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -169,15 +164,6 @@ public Builder dicomStoreId(@Nullable Output dicomStoreId) { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -206,11 +192,37 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DicomStoreIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DicomStoreIamPolicyState.java index 074564182c..276a236658 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DicomStoreIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/DicomStoreIamPolicyState.java @@ -21,15 +21,6 @@ public final class DicomStoreIamPolicyState extends com.pulumi.resources.Resourc * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="dicomStoreId") private @Nullable Output dicomStoreId; @@ -40,15 +31,6 @@ public final class DicomStoreIamPolicyState extends com.pulumi.resources.Resourc * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> dicomStoreId() { return Optional.ofNullable(this.dicomStoreId); @@ -118,15 +100,6 @@ public Builder(DicomStoreIamPolicyState defaults) { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -141,15 +114,6 @@ public Builder dicomStoreId(@Nullable Output dicomStoreId) { * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/FhirStoreIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/FhirStoreIamBindingState.java index b27f6565f5..2f0603c40d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/FhirStoreIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/FhirStoreIamBindingState.java @@ -45,15 +45,6 @@ public Optional> etag() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="fhirStoreId") private @Nullable Output fhirStoreId; @@ -64,8 +55,14 @@ public Optional> etag() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Optional> fhirStoreId() { + return Optional.ofNullable(this.fhirStoreId); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,13 +71,20 @@ public Optional> etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Optional> fhirStoreId() { - return Optional.ofNullable(this.fhirStoreId); - } - @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -168,15 +172,6 @@ public Builder etag(String etag) { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -191,8 +186,16 @@ public Builder fhirStoreId(@Nullable Output fhirStoreId) { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder fhirStoreId(String fhirStoreId) { + return fhirStoreId(Output.of(fhirStoreId)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -203,19 +206,41 @@ public Builder fhirStoreId(@Nullable Output fhirStoreId) { * @return builder * */ - public Builder fhirStoreId(String fhirStoreId) { - return fhirStoreId(Output.of(fhirStoreId)); - } - public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/FhirStoreIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/FhirStoreIamMemberState.java index 0edfb53af3..9f617e21e8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/FhirStoreIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/FhirStoreIamMemberState.java @@ -44,15 +44,6 @@ public Optional> etag() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="fhirStoreId") private @Nullable Output fhirStoreId; @@ -63,8 +54,14 @@ public Optional> etag() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Optional> fhirStoreId() { + return Optional.ofNullable(this.fhirStoreId); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,13 +70,20 @@ public Optional> etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Optional> fhirStoreId() { - return Optional.ofNullable(this.fhirStoreId); - } - @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -167,15 +171,6 @@ public Builder etag(String etag) { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -190,8 +185,16 @@ public Builder fhirStoreId(@Nullable Output fhirStoreId) { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder fhirStoreId(String fhirStoreId) { + return fhirStoreId(Output.of(fhirStoreId)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -202,15 +205,24 @@ public Builder fhirStoreId(@Nullable Output fhirStoreId) { * @return builder * */ - public Builder fhirStoreId(String fhirStoreId) { - return fhirStoreId(Output.of(fhirStoreId)); - } - public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/FhirStoreIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/FhirStoreIamPolicyState.java index 22083b82e2..b2b659ca31 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/FhirStoreIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/FhirStoreIamPolicyState.java @@ -36,15 +36,6 @@ public Optional> etag() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="fhirStoreId") private @Nullable Output fhirStoreId; @@ -55,15 +46,6 @@ public Optional> etag() { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> fhirStoreId() { return Optional.ofNullable(this.fhirStoreId); @@ -139,15 +121,6 @@ public Builder etag(String etag) { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -162,15 +135,6 @@ public Builder fhirStoreId(@Nullable Output fhirStoreId) { * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/Hl7StoreIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/Hl7StoreIamBindingState.java index 1cd747b8c7..9ac49a9032 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/Hl7StoreIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/Hl7StoreIamBindingState.java @@ -45,15 +45,6 @@ public Optional> etag() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="hl7V2StoreId") private @Nullable Output hl7V2StoreId; @@ -64,8 +55,14 @@ public Optional> etag() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Optional> hl7V2StoreId() { + return Optional.ofNullable(this.hl7V2StoreId); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,13 +71,20 @@ public Optional> etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Optional> hl7V2StoreId() { - return Optional.ofNullable(this.hl7V2StoreId); - } - @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -168,15 +172,6 @@ public Builder etag(String etag) { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -191,8 +186,16 @@ public Builder hl7V2StoreId(@Nullable Output hl7V2StoreId) { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder hl7V2StoreId(String hl7V2StoreId) { + return hl7V2StoreId(Output.of(hl7V2StoreId)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -203,19 +206,41 @@ public Builder hl7V2StoreId(@Nullable Output hl7V2StoreId) { * @return builder * */ - public Builder hl7V2StoreId(String hl7V2StoreId) { - return hl7V2StoreId(Output.of(hl7V2StoreId)); - } - public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/Hl7StoreIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/Hl7StoreIamMemberState.java index d08810a98a..887315edd6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/Hl7StoreIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/Hl7StoreIamMemberState.java @@ -44,15 +44,6 @@ public Optional> etag() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="hl7V2StoreId") private @Nullable Output hl7V2StoreId; @@ -63,8 +54,14 @@ public Optional> etag() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Optional> hl7V2StoreId() { + return Optional.ofNullable(this.hl7V2StoreId); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,13 +70,20 @@ public Optional> etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Optional> hl7V2StoreId() { - return Optional.ofNullable(this.hl7V2StoreId); - } - @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -167,15 +171,6 @@ public Builder etag(String etag) { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -190,8 +185,16 @@ public Builder hl7V2StoreId(@Nullable Output hl7V2StoreId) { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder hl7V2StoreId(String hl7V2StoreId) { + return hl7V2StoreId(Output.of(hl7V2StoreId)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -202,15 +205,24 @@ public Builder hl7V2StoreId(@Nullable Output hl7V2StoreId) { * @return builder * */ - public Builder hl7V2StoreId(String hl7V2StoreId) { - return hl7V2StoreId(Output.of(hl7V2StoreId)); - } - public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/Hl7StoreIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/Hl7StoreIamPolicyState.java index 1f4aa6c4fe..e09df44815 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/Hl7StoreIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/healthcare/inputs/Hl7StoreIamPolicyState.java @@ -36,15 +36,6 @@ public Optional> etag() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="hl7V2StoreId") private @Nullable Output hl7V2StoreId; @@ -55,15 +46,6 @@ public Optional> etag() { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> hl7V2StoreId() { return Optional.ofNullable(this.hl7V2StoreId); @@ -139,15 +121,6 @@ public Builder etag(String etag) { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -162,15 +135,6 @@ public Builder hl7V2StoreId(@Nullable Output hl7V2StoreId) { * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamBinding.java index df2f263b63..3a1f440cf4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamBinding.java @@ -286,6 +286,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_app\_engine\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.AppEngineServiceIamPolicy; + * import com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AppEngineServiceIamPolicy("policy", AppEngineServiceIamPolicyArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.AppEngineServiceIamPolicy; + * import com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new AppEngineServiceIamPolicy("policy", AppEngineServiceIamPolicyArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_app\_engine\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineServiceIamBinding; + * import com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AppEngineServiceIamBinding("binding", AppEngineServiceIamBindingArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineServiceIamBinding; + * import com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AppEngineServiceIamBinding("binding", AppEngineServiceIamBindingArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(AppEngineServiceIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_app\_engine\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineServiceIamMember; + * import com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AppEngineServiceIamMember("member", AppEngineServiceIamMemberArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineServiceIamMember; + * import com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AppEngineServiceIamMember("member", AppEngineServiceIamMemberArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(AppEngineServiceIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -371,18 +624,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -394,15 +638,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -414,6 +655,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamBindingArgs.java index f03adfdd4d..9fdc543a71 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamBindingArgs.java @@ -50,19 +50,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,15 +64,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -94,6 +81,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -205,25 +209,30 @@ public Builder condition(AppEngineServiceIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -237,17 +246,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -261,6 +266,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamMember.java index c802582ba4..b40c44dc67 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamMember.java @@ -285,6 +285,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_app\_engine\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.AppEngineServiceIamPolicy; + * import com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AppEngineServiceIamPolicy("policy", AppEngineServiceIamPolicyArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.AppEngineServiceIamPolicy; + * import com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new AppEngineServiceIamPolicy("policy", AppEngineServiceIamPolicyArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_app\_engine\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineServiceIamBinding; + * import com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AppEngineServiceIamBinding("binding", AppEngineServiceIamBindingArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineServiceIamBinding; + * import com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AppEngineServiceIamBinding("binding", AppEngineServiceIamBindingArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(AppEngineServiceIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_app\_engine\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineServiceIamMember; + * import com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AppEngineServiceIamMember("member", AppEngineServiceIamMemberArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineServiceIamMember; + * import com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AppEngineServiceIamMember("member", AppEngineServiceIamMemberArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(AppEngineServiceIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -370,18 +623,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -393,15 +637,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -413,6 +654,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamMemberArgs.java index 183a7a6bef..236f0a2fc0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamMemberArgs.java @@ -49,19 +49,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -204,21 +208,9 @@ public Builder condition(AppEngineServiceIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -232,17 +224,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,6 +245,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamPolicy.java index ce822786b5..3014e31c33 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamPolicy.java @@ -283,6 +283,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_app\_engine\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.AppEngineServiceIamPolicy; + * import com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AppEngineServiceIamPolicy("policy", AppEngineServiceIamPolicyArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.AppEngineServiceIamPolicy; + * import com.pulumi.gcp.iap.AppEngineServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new AppEngineServiceIamPolicy("policy", AppEngineServiceIamPolicyArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_app\_engine\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineServiceIamBinding; + * import com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AppEngineServiceIamBinding("binding", AppEngineServiceIamBindingArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineServiceIamBinding; + * import com.pulumi.gcp.iap.AppEngineServiceIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.AppEngineServiceIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AppEngineServiceIamBinding("binding", AppEngineServiceIamBindingArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(AppEngineServiceIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_app\_engine\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineServiceIamMember; + * import com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AppEngineServiceIamMember("member", AppEngineServiceIamMemberArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineServiceIamMember; + * import com.pulumi.gcp.iap.AppEngineServiceIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.AppEngineServiceIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AppEngineServiceIamMember("member", AppEngineServiceIamMemberArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(AppEngineServiceIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -372,18 +625,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -392,18 +633,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamPolicyArgs.java index f50afeb1ea..ca564a9306 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineServiceIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -179,18 +155,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -203,18 +167,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamBinding.java index 15c9762aad..84683433da 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamBinding.java @@ -292,6 +292,265 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_app\_engine\_version\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.AppEngineVersionIamPolicy; + * import com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AppEngineVersionIamPolicy("policy", AppEngineVersionIamPolicyArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.AppEngineVersionIamPolicy; + * import com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new AppEngineVersionIamPolicy("policy", AppEngineVersionIamPolicyArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_app\_engine\_version\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineVersionIamBinding; + * import com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AppEngineVersionIamBinding("binding", AppEngineVersionIamBindingArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineVersionIamBinding; + * import com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AppEngineVersionIamBinding("binding", AppEngineVersionIamBindingArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(AppEngineVersionIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_app\_engine\_version\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineVersionIamMember; + * import com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AppEngineVersionIamMember("member", AppEngineVersionIamMemberArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineVersionIamMember; + * import com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AppEngineVersionIamMember("member", AppEngineVersionIamMemberArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(AppEngineVersionIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -377,18 +636,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -400,15 +650,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -420,6 +667,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamBindingArgs.java index e206ad883e..61c64c236f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamBindingArgs.java @@ -50,19 +50,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,15 +64,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -94,6 +81,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -221,25 +225,30 @@ public Builder condition(AppEngineVersionIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -253,17 +262,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -277,6 +282,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamMember.java index 031bdca7f1..ad3a2749e5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamMember.java @@ -291,6 +291,265 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_app\_engine\_version\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.AppEngineVersionIamPolicy; + * import com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AppEngineVersionIamPolicy("policy", AppEngineVersionIamPolicyArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.AppEngineVersionIamPolicy; + * import com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new AppEngineVersionIamPolicy("policy", AppEngineVersionIamPolicyArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_app\_engine\_version\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineVersionIamBinding; + * import com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AppEngineVersionIamBinding("binding", AppEngineVersionIamBindingArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineVersionIamBinding; + * import com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AppEngineVersionIamBinding("binding", AppEngineVersionIamBindingArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(AppEngineVersionIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_app\_engine\_version\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineVersionIamMember; + * import com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AppEngineVersionIamMember("member", AppEngineVersionIamMemberArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineVersionIamMember; + * import com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AppEngineVersionIamMember("member", AppEngineVersionIamMemberArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(AppEngineVersionIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -376,18 +635,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -399,15 +649,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -419,6 +666,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamMemberArgs.java index 7475ac04bf..d543cb7b65 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamMemberArgs.java @@ -49,19 +49,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -220,21 +224,9 @@ public Builder condition(AppEngineVersionIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,17 +240,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -272,6 +261,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamPolicy.java index af8d7f3c45..b674ddc846 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamPolicy.java @@ -289,6 +289,265 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_app\_engine\_version\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.AppEngineVersionIamPolicy; + * import com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new AppEngineVersionIamPolicy("policy", AppEngineVersionIamPolicyArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.AppEngineVersionIamPolicy; + * import com.pulumi.gcp.iap.AppEngineVersionIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new AppEngineVersionIamPolicy("policy", AppEngineVersionIamPolicyArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_app\_engine\_version\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineVersionIamBinding; + * import com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AppEngineVersionIamBinding("binding", AppEngineVersionIamBindingArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineVersionIamBinding; + * import com.pulumi.gcp.iap.AppEngineVersionIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.AppEngineVersionIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new AppEngineVersionIamBinding("binding", AppEngineVersionIamBindingArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(AppEngineVersionIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_app\_engine\_version\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineVersionIamMember; + * import com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AppEngineVersionIamMember("member", AppEngineVersionIamMemberArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.AppEngineVersionIamMember; + * import com.pulumi.gcp.iap.AppEngineVersionIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.AppEngineVersionIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new AppEngineVersionIamMember("member", AppEngineVersionIamMemberArgs.builder() + * .project(version.project()) + * .appId(version.project()) + * .service(version.service()) + * .versionId(version.versionId()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(AppEngineVersionIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -378,18 +637,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -398,18 +645,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamPolicyArgs.java index fa2ea00ef2..1020534824 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/AppEngineVersionIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -195,18 +171,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -219,18 +183,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamBinding.java index 6d05b30578..83fadb65b8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamBinding.java @@ -286,6 +286,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_tunnel\_dest\_group\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelDestGroupIamPolicy; + * import com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TunnelDestGroupIamPolicy("policy", TunnelDestGroupIamPolicyArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelDestGroupIamPolicy; + * import com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new TunnelDestGroupIamPolicy("policy", TunnelDestGroupIamPolicyArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_dest\_group\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelDestGroupIamBinding; + * import com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelDestGroupIamBinding("binding", TunnelDestGroupIamBindingArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelDestGroupIamBinding; + * import com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelDestGroupIamBinding("binding", TunnelDestGroupIamBindingArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(TunnelDestGroupIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_dest\_group\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelDestGroupIamMember; + * import com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelDestGroupIamMember("member", TunnelDestGroupIamMemberArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelDestGroupIamMember; + * import com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelDestGroupIamMember("member", TunnelDestGroupIamMemberArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .condition(TunnelDestGroupIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -365,18 +618,9 @@ public Output destGroup() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -388,15 +632,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -408,6 +649,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamBindingArgs.java index 7a7342ca91..5eba2fef8b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamBindingArgs.java @@ -42,19 +42,9 @@ public Output destGroup() { return this.destGroup; } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -66,15 +56,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -86,6 +73,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -191,25 +195,30 @@ public Builder destGroup(String destGroup) { return destGroup(Output.of(destGroup)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -223,17 +232,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -247,6 +252,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamMember.java index ed9cc337e8..437f11dce7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamMember.java @@ -285,6 +285,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_tunnel\_dest\_group\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelDestGroupIamPolicy; + * import com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TunnelDestGroupIamPolicy("policy", TunnelDestGroupIamPolicyArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelDestGroupIamPolicy; + * import com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new TunnelDestGroupIamPolicy("policy", TunnelDestGroupIamPolicyArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_dest\_group\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelDestGroupIamBinding; + * import com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelDestGroupIamBinding("binding", TunnelDestGroupIamBindingArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelDestGroupIamBinding; + * import com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelDestGroupIamBinding("binding", TunnelDestGroupIamBindingArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(TunnelDestGroupIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_dest\_group\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelDestGroupIamMember; + * import com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelDestGroupIamMember("member", TunnelDestGroupIamMemberArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelDestGroupIamMember; + * import com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelDestGroupIamMember("member", TunnelDestGroupIamMemberArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .condition(TunnelDestGroupIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -364,18 +617,9 @@ public Output destGroup() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -387,15 +631,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -407,6 +648,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamMemberArgs.java index 644ae293f5..270590fc3b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamMemberArgs.java @@ -41,19 +41,9 @@ public Output destGroup() { return this.destGroup; } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -65,15 +55,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -85,6 +72,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -190,21 +194,9 @@ public Builder destGroup(String destGroup) { return destGroup(Output.of(destGroup)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -218,17 +210,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -242,6 +231,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamPolicy.java index ff488e89da..b5aad961e0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamPolicy.java @@ -283,6 +283,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_tunnel\_dest\_group\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelDestGroupIamPolicy; + * import com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TunnelDestGroupIamPolicy("policy", TunnelDestGroupIamPolicyArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelDestGroupIamPolicy; + * import com.pulumi.gcp.iap.TunnelDestGroupIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new TunnelDestGroupIamPolicy("policy", TunnelDestGroupIamPolicyArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_dest\_group\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelDestGroupIamBinding; + * import com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelDestGroupIamBinding("binding", TunnelDestGroupIamBindingArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelDestGroupIamBinding; + * import com.pulumi.gcp.iap.TunnelDestGroupIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.TunnelDestGroupIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelDestGroupIamBinding("binding", TunnelDestGroupIamBindingArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(TunnelDestGroupIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_dest\_group\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelDestGroupIamMember; + * import com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelDestGroupIamMember("member", TunnelDestGroupIamMemberArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelDestGroupIamMember; + * import com.pulumi.gcp.iap.TunnelDestGroupIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.TunnelDestGroupIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelDestGroupIamMember("member", TunnelDestGroupIamMemberArgs.builder() + * .project(destGroup.project()) + * .region(destGroup.region()) + * .destGroup(destGroup.groupName()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .condition(TunnelDestGroupIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -366,18 +619,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -386,18 +627,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamPolicyArgs.java index 6c9d451d35..06c9a6f3fe 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelDestGroupIamPolicyArgs.java @@ -44,18 +44,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -64,18 +52,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -165,18 +141,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -189,18 +153,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamBinding.java index a49833c45d..fefd116fec 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamBinding.java @@ -274,6 +274,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_tunnel\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelIamPolicy; + * import com.pulumi.gcp.iap.TunnelIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TunnelIamPolicy("policy", TunnelIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelIamPolicy; + * import com.pulumi.gcp.iap.TunnelIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new TunnelIamPolicy("policy", TunnelIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelIamBinding; + * import com.pulumi.gcp.iap.TunnelIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelIamBinding("binding", TunnelIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelIamBinding; + * import com.pulumi.gcp.iap.TunnelIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelIamBinding("binding", TunnelIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(TunnelIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelIamMember; + * import com.pulumi.gcp.iap.TunnelIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelIamMember("member", TunnelIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelIamMember; + * import com.pulumi.gcp.iap.TunnelIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelIamMember("member", TunnelIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .condition(TunnelIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -341,18 +582,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -364,15 +596,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -384,6 +613,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamBindingArgs.java index 3fd016f982..172f1bf917 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamBindingArgs.java @@ -35,19 +35,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -59,15 +49,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,6 +66,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -152,25 +156,30 @@ public Builder condition(TunnelIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -184,17 +193,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,6 +213,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamMember.java index 2f9d18ca08..75ca8d18fc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamMember.java @@ -273,6 +273,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_tunnel\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelIamPolicy; + * import com.pulumi.gcp.iap.TunnelIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TunnelIamPolicy("policy", TunnelIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelIamPolicy; + * import com.pulumi.gcp.iap.TunnelIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new TunnelIamPolicy("policy", TunnelIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelIamBinding; + * import com.pulumi.gcp.iap.TunnelIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelIamBinding("binding", TunnelIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelIamBinding; + * import com.pulumi.gcp.iap.TunnelIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelIamBinding("binding", TunnelIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(TunnelIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelIamMember; + * import com.pulumi.gcp.iap.TunnelIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelIamMember("member", TunnelIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelIamMember; + * import com.pulumi.gcp.iap.TunnelIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelIamMember("member", TunnelIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .condition(TunnelIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -340,18 +581,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -363,15 +595,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -383,6 +612,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamMemberArgs.java index f608febd97..1ad880f78f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamMemberArgs.java @@ -34,19 +34,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -58,15 +48,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,6 +65,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -151,21 +155,9 @@ public Builder condition(TunnelIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -179,17 +171,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -203,6 +192,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamPolicy.java index 772d7758cd..9913d672f7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamPolicy.java @@ -271,6 +271,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_tunnel\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelIamPolicy; + * import com.pulumi.gcp.iap.TunnelIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TunnelIamPolicy("policy", TunnelIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelIamPolicy; + * import com.pulumi.gcp.iap.TunnelIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new TunnelIamPolicy("policy", TunnelIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelIamBinding; + * import com.pulumi.gcp.iap.TunnelIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelIamBinding("binding", TunnelIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelIamBinding; + * import com.pulumi.gcp.iap.TunnelIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.TunnelIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelIamBinding("binding", TunnelIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(TunnelIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelIamMember; + * import com.pulumi.gcp.iap.TunnelIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelIamMember("member", TunnelIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelIamMember; + * import com.pulumi.gcp.iap.TunnelIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.TunnelIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelIamMember("member", TunnelIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .condition(TunnelIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -342,18 +583,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -362,18 +591,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamPolicyArgs.java index 4e000adac9..f30817bd94 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelIamPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -126,18 +102,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -150,18 +114,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMBinding.java index ed4a52ec04..72135fab18 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMBinding.java @@ -286,6 +286,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_tunnel\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelInstanceIAMPolicy; + * import com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TunnelInstanceIAMPolicy("policy", TunnelInstanceIAMPolicyArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelInstanceIAMPolicy; + * import com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new TunnelInstanceIAMPolicy("policy", TunnelInstanceIAMPolicyArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelInstanceIAMBinding; + * import com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelInstanceIAMBinding("binding", TunnelInstanceIAMBindingArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelInstanceIAMBinding; + * import com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs; + * import com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelInstanceIAMBinding("binding", TunnelInstanceIAMBindingArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(TunnelInstanceIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelInstanceIAMMember; + * import com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelInstanceIAMMember("member", TunnelInstanceIAMMemberArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelInstanceIAMMember; + * import com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs; + * import com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelInstanceIAMMember("member", TunnelInstanceIAMMemberArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .condition(TunnelInstanceIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -373,18 +626,9 @@ public Output etag() { public Output instance() { return this.instance; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -396,15 +640,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -416,6 +657,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMBindingArgs.java index 0e9d58a189..00df6d1f82 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMBindingArgs.java @@ -50,19 +50,9 @@ public Output instance() { return this.instance; } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,15 +64,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -94,6 +81,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -197,25 +201,30 @@ public Builder instance(String instance) { return instance(Output.of(instance)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -229,17 +238,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -253,6 +258,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMMember.java index 9558f9b32f..f86ca535f1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMMember.java @@ -285,6 +285,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_tunnel\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelInstanceIAMPolicy; + * import com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TunnelInstanceIAMPolicy("policy", TunnelInstanceIAMPolicyArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelInstanceIAMPolicy; + * import com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new TunnelInstanceIAMPolicy("policy", TunnelInstanceIAMPolicyArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelInstanceIAMBinding; + * import com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelInstanceIAMBinding("binding", TunnelInstanceIAMBindingArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelInstanceIAMBinding; + * import com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs; + * import com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelInstanceIAMBinding("binding", TunnelInstanceIAMBindingArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(TunnelInstanceIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelInstanceIAMMember; + * import com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelInstanceIAMMember("member", TunnelInstanceIAMMemberArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelInstanceIAMMember; + * import com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs; + * import com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelInstanceIAMMember("member", TunnelInstanceIAMMemberArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .condition(TunnelInstanceIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -372,18 +625,9 @@ public Output etag() { public Output instance() { return this.instance; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -395,15 +639,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -415,6 +656,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMMemberArgs.java index 33e34bdba6..ba4af75651 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMMemberArgs.java @@ -49,19 +49,9 @@ public Output instance() { return this.instance; } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -196,21 +200,9 @@ public Builder instance(String instance) { return instance(Output.of(instance)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -224,17 +216,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,6 +237,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMPolicy.java index c7cbaede0d..68214df8e8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMPolicy.java @@ -283,6 +283,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_tunnel\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelInstanceIAMPolicy; + * import com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TunnelInstanceIAMPolicy("policy", TunnelInstanceIAMPolicyArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.TunnelInstanceIAMPolicy; + * import com.pulumi.gcp.iap.TunnelInstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new TunnelInstanceIAMPolicy("policy", TunnelInstanceIAMPolicyArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelInstanceIAMBinding; + * import com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelInstanceIAMBinding("binding", TunnelInstanceIAMBindingArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelInstanceIAMBinding; + * import com.pulumi.gcp.iap.TunnelInstanceIAMBindingArgs; + * import com.pulumi.gcp.iap.inputs.TunnelInstanceIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TunnelInstanceIAMBinding("binding", TunnelInstanceIAMBindingArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .role("roles/iap.tunnelResourceAccessor") + * .members("user:jane@example.com") + * .condition(TunnelInstanceIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_tunnel\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelInstanceIAMMember; + * import com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelInstanceIAMMember("member", TunnelInstanceIAMMemberArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.TunnelInstanceIAMMember; + * import com.pulumi.gcp.iap.TunnelInstanceIAMMemberArgs; + * import com.pulumi.gcp.iap.inputs.TunnelInstanceIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TunnelInstanceIAMMember("member", TunnelInstanceIAMMemberArgs.builder() + * .project(tunnelvm.project()) + * .zone(tunnelvm.zone()) + * .instance(tunnelvm.name()) + * .role("roles/iap.tunnelResourceAccessor") + * .member("user:jane@example.com") + * .condition(TunnelInstanceIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -374,18 +627,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -394,18 +635,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMPolicyArgs.java index ec5aa961ba..882a3f76b6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/TunnelInstanceIAMPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -171,18 +147,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -195,18 +159,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamBinding.java index 3eeb35be40..ce10f5addf 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamBinding.java @@ -280,6 +280,253 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_backend\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebBackendServiceIamPolicy; + * import com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebBackendServiceIamPolicy("policy", WebBackendServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebBackendServiceIamPolicy; + * import com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebBackendServiceIamPolicy("policy", WebBackendServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_backend\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebBackendServiceIamBinding; + * import com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebBackendServiceIamBinding("binding", WebBackendServiceIamBindingArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebBackendServiceIamBinding; + * import com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebBackendServiceIamBinding("binding", WebBackendServiceIamBindingArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebBackendServiceIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_backend\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebBackendServiceIamMember; + * import com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebBackendServiceIamMember("member", WebBackendServiceIamMemberArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebBackendServiceIamMember; + * import com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebBackendServiceIamMember("member", WebBackendServiceIamMemberArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebBackendServiceIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -349,18 +596,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -372,15 +610,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -392,6 +627,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamBindingArgs.java index ba530a264f..4fcb09604a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamBindingArgs.java @@ -35,19 +35,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -59,15 +49,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,6 +66,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -168,25 +172,30 @@ public Builder condition(WebBackendServiceIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -200,17 +209,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -224,6 +229,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamMember.java index 35de5b7e77..b9644f6272 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamMember.java @@ -279,6 +279,253 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_backend\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebBackendServiceIamPolicy; + * import com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebBackendServiceIamPolicy("policy", WebBackendServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebBackendServiceIamPolicy; + * import com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebBackendServiceIamPolicy("policy", WebBackendServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_backend\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebBackendServiceIamBinding; + * import com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebBackendServiceIamBinding("binding", WebBackendServiceIamBindingArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebBackendServiceIamBinding; + * import com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebBackendServiceIamBinding("binding", WebBackendServiceIamBindingArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebBackendServiceIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_backend\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebBackendServiceIamMember; + * import com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebBackendServiceIamMember("member", WebBackendServiceIamMemberArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebBackendServiceIamMember; + * import com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebBackendServiceIamMember("member", WebBackendServiceIamMemberArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebBackendServiceIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -348,18 +595,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -371,15 +609,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -391,6 +626,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamMemberArgs.java index 53b543e75e..1169509365 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamMemberArgs.java @@ -34,19 +34,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -58,15 +48,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,6 +65,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -167,21 +171,9 @@ public Builder condition(WebBackendServiceIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -195,17 +187,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -219,6 +208,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamPolicy.java index e456924cb9..23c364eb6b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamPolicy.java @@ -277,6 +277,253 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_backend\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebBackendServiceIamPolicy; + * import com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebBackendServiceIamPolicy("policy", WebBackendServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebBackendServiceIamPolicy; + * import com.pulumi.gcp.iap.WebBackendServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebBackendServiceIamPolicy("policy", WebBackendServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_backend\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebBackendServiceIamBinding; + * import com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebBackendServiceIamBinding("binding", WebBackendServiceIamBindingArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebBackendServiceIamBinding; + * import com.pulumi.gcp.iap.WebBackendServiceIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebBackendServiceIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebBackendServiceIamBinding("binding", WebBackendServiceIamBindingArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebBackendServiceIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_backend\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebBackendServiceIamMember; + * import com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebBackendServiceIamMember("member", WebBackendServiceIamMemberArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebBackendServiceIamMember; + * import com.pulumi.gcp.iap.WebBackendServiceIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebBackendServiceIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebBackendServiceIamMember("member", WebBackendServiceIamMemberArgs.builder() + * .project(default_.project()) + * .webBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebBackendServiceIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -350,18 +597,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -370,18 +605,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamPolicyArgs.java index e492afec01..4b2e785e65 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebBackendServiceIamPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -142,18 +118,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -166,18 +130,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamBinding.java index 5c5e92c079..810b210ae9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamBinding.java @@ -274,6 +274,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebIamPolicy; + * import com.pulumi.gcp.iap.WebIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebIamPolicy("policy", WebIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebIamPolicy; + * import com.pulumi.gcp.iap.WebIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebIamPolicy("policy", WebIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebIamBinding; + * import com.pulumi.gcp.iap.WebIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebIamBinding("binding", WebIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebIamBinding; + * import com.pulumi.gcp.iap.WebIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebIamBinding("binding", WebIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebIamMember; + * import com.pulumi.gcp.iap.WebIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebIamMember("member", WebIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebIamMember; + * import com.pulumi.gcp.iap.WebIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebIamMember("member", WebIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -341,18 +582,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -364,15 +596,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -384,6 +613,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamBindingArgs.java index 6e726d231f..9cecbfc432 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamBindingArgs.java @@ -35,19 +35,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -59,15 +49,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,6 +66,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -152,25 +156,30 @@ public Builder condition(WebIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -184,17 +193,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,6 +213,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamMember.java index 060e336cae..97db4abb6a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamMember.java @@ -273,6 +273,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebIamPolicy; + * import com.pulumi.gcp.iap.WebIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebIamPolicy("policy", WebIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebIamPolicy; + * import com.pulumi.gcp.iap.WebIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebIamPolicy("policy", WebIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebIamBinding; + * import com.pulumi.gcp.iap.WebIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebIamBinding("binding", WebIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebIamBinding; + * import com.pulumi.gcp.iap.WebIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebIamBinding("binding", WebIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebIamMember; + * import com.pulumi.gcp.iap.WebIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebIamMember("member", WebIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebIamMember; + * import com.pulumi.gcp.iap.WebIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebIamMember("member", WebIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -340,18 +581,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -363,15 +595,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -383,6 +612,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamMemberArgs.java index 2c17b029ab..42a186c0e1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamMemberArgs.java @@ -34,19 +34,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -58,15 +48,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,6 +65,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -151,21 +155,9 @@ public Builder condition(WebIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -179,17 +171,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -203,6 +192,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamPolicy.java index 7deb5c6fc4..3d9d429b04 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamPolicy.java @@ -271,6 +271,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebIamPolicy; + * import com.pulumi.gcp.iap.WebIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebIamPolicy("policy", WebIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebIamPolicy; + * import com.pulumi.gcp.iap.WebIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebIamPolicy("policy", WebIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebIamBinding; + * import com.pulumi.gcp.iap.WebIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebIamBinding("binding", WebIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebIamBinding; + * import com.pulumi.gcp.iap.WebIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebIamBinding("binding", WebIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebIamMember; + * import com.pulumi.gcp.iap.WebIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebIamMember("member", WebIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebIamMember; + * import com.pulumi.gcp.iap.WebIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebIamMember("member", WebIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -342,18 +583,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -362,18 +591,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamPolicyArgs.java index 6f645d017c..27f7d7378e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebIamPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -126,18 +102,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -150,18 +114,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamBinding.java index 4669bbf827..c6d702cd9b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamBinding.java @@ -286,6 +286,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_region\_backend\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebRegionBackendServiceIamPolicy("policy", WebRegionBackendServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebRegionBackendServiceIamPolicy("policy", WebRegionBackendServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_region\_backend\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebRegionBackendServiceIamBinding("binding", WebRegionBackendServiceIamBindingArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebRegionBackendServiceIamBinding("binding", WebRegionBackendServiceIamBindingArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebRegionBackendServiceIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_region\_backend\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamMember; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebRegionBackendServiceIamMember("member", WebRegionBackendServiceIamMemberArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamMember; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebRegionBackendServiceIamMember("member", WebRegionBackendServiceIamMemberArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebRegionBackendServiceIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -357,18 +610,9 @@ public Output> condition() public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -380,15 +624,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -400,6 +641,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamBindingArgs.java index 52cd6f7ac8..dd316bfa63 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamBindingArgs.java @@ -35,19 +35,9 @@ public Optional> conditio return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -59,15 +49,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,6 +66,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -176,25 +180,30 @@ public Builder condition(WebRegionBackendServiceIamBindingConditionArgs conditio return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,17 +217,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -232,6 +237,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamMember.java index 4680847e3f..7024c02835 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamMember.java @@ -285,6 +285,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_region\_backend\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebRegionBackendServiceIamPolicy("policy", WebRegionBackendServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebRegionBackendServiceIamPolicy("policy", WebRegionBackendServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_region\_backend\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebRegionBackendServiceIamBinding("binding", WebRegionBackendServiceIamBindingArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebRegionBackendServiceIamBinding("binding", WebRegionBackendServiceIamBindingArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebRegionBackendServiceIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_region\_backend\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamMember; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebRegionBackendServiceIamMember("member", WebRegionBackendServiceIamMemberArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamMember; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebRegionBackendServiceIamMember("member", WebRegionBackendServiceIamMemberArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebRegionBackendServiceIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -356,18 +609,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -379,15 +623,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -399,6 +640,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamMemberArgs.java index 35cf2cbe74..b5f28aad9a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamMemberArgs.java @@ -34,19 +34,9 @@ public Optional> condition return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -58,15 +48,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,6 +65,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -175,21 +179,9 @@ public Builder condition(WebRegionBackendServiceIamMemberConditionArgs condition return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -203,17 +195,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -227,6 +216,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamPolicy.java index c317122213..423471d0ee 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamPolicy.java @@ -283,6 +283,259 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_region\_backend\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebRegionBackendServiceIamPolicy("policy", WebRegionBackendServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicy; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebRegionBackendServiceIamPolicy("policy", WebRegionBackendServiceIamPolicyArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_region\_backend\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebRegionBackendServiceIamBinding("binding", WebRegionBackendServiceIamBindingArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamBinding; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebRegionBackendServiceIamBinding("binding", WebRegionBackendServiceIamBindingArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebRegionBackendServiceIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_region\_backend\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamMember; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebRegionBackendServiceIamMember("member", WebRegionBackendServiceIamMemberArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamMember; + * import com.pulumi.gcp.iap.WebRegionBackendServiceIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebRegionBackendServiceIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebRegionBackendServiceIamMember("member", WebRegionBackendServiceIamMemberArgs.builder() + * .project(default_.project()) + * .region(default_.region()) + * .webRegionBackendService(default_.name()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebRegionBackendServiceIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -358,18 +611,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -378,18 +619,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamPolicyArgs.java index 51b2899d53..97bae49753 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebRegionBackendServiceIamPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -150,18 +126,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -174,18 +138,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamBinding.java index ef3d8d0a24..8f877c3385 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamBinding.java @@ -280,6 +280,253 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_type\_app\_engine\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebTypeAppEngingIamPolicy("policy", WebTypeAppEngingIamPolicyArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebTypeAppEngingIamPolicy("policy", WebTypeAppEngingIamPolicyArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_type\_app\_engine\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamBinding; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebTypeAppEngingIamBinding("binding", WebTypeAppEngingIamBindingArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamBinding; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebTypeAppEngingIamBinding("binding", WebTypeAppEngingIamBindingArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebTypeAppEngingIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_type\_app\_engine\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamMember; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebTypeAppEngingIamMember("member", WebTypeAppEngingIamMemberArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamMember; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebTypeAppEngingIamMember("member", WebTypeAppEngingIamMemberArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebTypeAppEngingIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -363,18 +610,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -386,15 +624,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -406,6 +641,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamBindingArgs.java index c1c2457b5a..f7a4866b72 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamBindingArgs.java @@ -50,19 +50,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,15 +64,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -94,6 +81,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -189,25 +193,30 @@ public Builder condition(WebTypeAppEngingIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -221,17 +230,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -245,6 +250,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamMember.java index ac0c5c4151..4250e49c07 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamMember.java @@ -279,6 +279,253 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_type\_app\_engine\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebTypeAppEngingIamPolicy("policy", WebTypeAppEngingIamPolicyArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebTypeAppEngingIamPolicy("policy", WebTypeAppEngingIamPolicyArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_type\_app\_engine\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamBinding; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebTypeAppEngingIamBinding("binding", WebTypeAppEngingIamBindingArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamBinding; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebTypeAppEngingIamBinding("binding", WebTypeAppEngingIamBindingArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebTypeAppEngingIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_type\_app\_engine\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamMember; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebTypeAppEngingIamMember("member", WebTypeAppEngingIamMemberArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamMember; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebTypeAppEngingIamMember("member", WebTypeAppEngingIamMemberArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebTypeAppEngingIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -362,18 +609,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -385,15 +623,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -405,6 +640,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamMemberArgs.java index 6711b709a1..1f7e08fef5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamMemberArgs.java @@ -49,19 +49,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -188,21 +192,9 @@ public Builder condition(WebTypeAppEngingIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,17 +208,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -240,6 +229,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamPolicy.java index 1fa6581ced..952ef9fc63 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamPolicy.java @@ -277,6 +277,253 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_type\_app\_engine\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebTypeAppEngingIamPolicy("policy", WebTypeAppEngingIamPolicyArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamPolicy; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebTypeAppEngingIamPolicy("policy", WebTypeAppEngingIamPolicyArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_type\_app\_engine\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamBinding; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebTypeAppEngingIamBinding("binding", WebTypeAppEngingIamBindingArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamBinding; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebTypeAppEngingIamBinding("binding", WebTypeAppEngingIamBindingArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebTypeAppEngingIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_type\_app\_engine\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamMember; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebTypeAppEngingIamMember("member", WebTypeAppEngingIamMemberArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamMember; + * import com.pulumi.gcp.iap.WebTypeAppEngingIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebTypeAppEngingIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebTypeAppEngingIamMember("member", WebTypeAppEngingIamMemberArgs.builder() + * .project(app.project()) + * .appId(app.appId()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebTypeAppEngingIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -364,18 +611,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -384,18 +619,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamPolicyArgs.java index 20a0a6dad2..c6db124667 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeAppEngingIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -163,18 +139,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -187,18 +151,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamBinding.java index a211099e6a..29239f7000 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamBinding.java @@ -274,6 +274,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_type\_compute\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebTypeComputeIamPolicy; + * import com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebTypeComputeIamPolicy("policy", WebTypeComputeIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebTypeComputeIamPolicy; + * import com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebTypeComputeIamPolicy("policy", WebTypeComputeIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_type\_compute\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeComputeIamBinding; + * import com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebTypeComputeIamBinding("binding", WebTypeComputeIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeComputeIamBinding; + * import com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebTypeComputeIamBinding("binding", WebTypeComputeIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebTypeComputeIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_type\_compute\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeComputeIamMember; + * import com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebTypeComputeIamMember("member", WebTypeComputeIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeComputeIamMember; + * import com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebTypeComputeIamMember("member", WebTypeComputeIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebTypeComputeIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -341,18 +582,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -364,15 +596,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -384,6 +613,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamBindingArgs.java index 0b2f46abd9..752847eb92 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamBindingArgs.java @@ -35,19 +35,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -59,15 +49,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,6 +66,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -152,25 +156,30 @@ public Builder condition(WebTypeComputeIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -184,17 +193,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,6 +213,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamMember.java index 9eb7d5715d..c50e5c44d7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamMember.java @@ -273,6 +273,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_type\_compute\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebTypeComputeIamPolicy; + * import com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebTypeComputeIamPolicy("policy", WebTypeComputeIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebTypeComputeIamPolicy; + * import com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebTypeComputeIamPolicy("policy", WebTypeComputeIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_type\_compute\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeComputeIamBinding; + * import com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebTypeComputeIamBinding("binding", WebTypeComputeIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeComputeIamBinding; + * import com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebTypeComputeIamBinding("binding", WebTypeComputeIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebTypeComputeIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_type\_compute\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeComputeIamMember; + * import com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebTypeComputeIamMember("member", WebTypeComputeIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeComputeIamMember; + * import com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebTypeComputeIamMember("member", WebTypeComputeIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebTypeComputeIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -340,18 +581,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -363,15 +595,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -383,6 +612,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamMemberArgs.java index ba7d58d13f..c7c5e6249f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamMemberArgs.java @@ -34,19 +34,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -58,15 +48,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,6 +65,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -151,21 +155,9 @@ public Builder condition(WebTypeComputeIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -179,17 +171,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -203,6 +192,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamPolicy.java index 08e21fdae5..b4cfd63384 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamPolicy.java @@ -271,6 +271,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_iap\_web\_type\_compute\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebTypeComputeIamPolicy; + * import com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new WebTypeComputeIamPolicy("policy", WebTypeComputeIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.iap.WebTypeComputeIamPolicy; + * import com.pulumi.gcp.iap.WebTypeComputeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new WebTypeComputeIamPolicy("policy", WebTypeComputeIamPolicyArgs.builder() + * .project(projectService.project()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_type\_compute\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeComputeIamBinding; + * import com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebTypeComputeIamBinding("binding", WebTypeComputeIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeComputeIamBinding; + * import com.pulumi.gcp.iap.WebTypeComputeIamBindingArgs; + * import com.pulumi.gcp.iap.inputs.WebTypeComputeIamBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new WebTypeComputeIamBinding("binding", WebTypeComputeIamBindingArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .members("user:jane@example.com") + * .condition(WebTypeComputeIamBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_iap\_web\_type\_compute\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeComputeIamMember; + * import com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebTypeComputeIamMember("member", WebTypeComputeIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.iap.WebTypeComputeIamMember; + * import com.pulumi.gcp.iap.WebTypeComputeIamMemberArgs; + * import com.pulumi.gcp.iap.inputs.WebTypeComputeIamMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new WebTypeComputeIamMember("member", WebTypeComputeIamMemberArgs.builder() + * .project(projectService.project()) + * .role("roles/iap.httpsResourceAccessor") + * .member("user:jane@example.com") + * .condition(WebTypeComputeIamMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -342,18 +583,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -362,18 +591,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamPolicyArgs.java index c202908c21..8e654e039d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/WebTypeComputeIamPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -126,18 +102,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -150,18 +114,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineServiceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineServiceIamBindingState.java index 9fddd5cf4e..0b9ae55093 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineServiceIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineServiceIamBindingState.java @@ -64,19 +64,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -88,15 +78,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -108,6 +95,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -241,25 +245,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -273,17 +282,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -297,6 +302,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineServiceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineServiceIamMemberState.java index 6e476a192b..dd7f6c246a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineServiceIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineServiceIamMemberState.java @@ -63,19 +63,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -87,15 +77,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,6 +94,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -240,21 +244,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -268,17 +260,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -292,6 +281,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineServiceIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineServiceIamPolicyState.java index d7769d09fd..eab147a7cb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineServiceIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineServiceIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -215,18 +191,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -239,18 +203,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineVersionIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineVersionIamBindingState.java index 3b3ee147ef..2716b4ba03 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineVersionIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineVersionIamBindingState.java @@ -64,19 +64,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -88,15 +78,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -108,6 +95,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -257,25 +261,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -289,17 +298,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -313,6 +318,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineVersionIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineVersionIamMemberState.java index cd7882da71..e0f0be9a6e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineVersionIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineVersionIamMemberState.java @@ -63,19 +63,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -87,15 +77,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,6 +94,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -256,21 +260,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -284,17 +276,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -308,6 +297,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineVersionIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineVersionIamPolicyState.java index 2c6fcd61a3..e8b915e34f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineVersionIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/AppEngineVersionIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -231,18 +207,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -255,18 +219,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelDestGroupIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelDestGroupIamBindingState.java index 6438962e10..0d5306a90c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelDestGroupIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelDestGroupIamBindingState.java @@ -56,19 +56,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -80,15 +70,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -100,6 +87,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -227,25 +231,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -259,17 +268,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -283,6 +288,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelDestGroupIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelDestGroupIamMemberState.java index 12c12ca1ce..a6c8ef94d4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelDestGroupIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelDestGroupIamMemberState.java @@ -55,19 +55,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,15 +69,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -99,6 +86,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -226,21 +230,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -254,17 +246,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -278,6 +267,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelDestGroupIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelDestGroupIamPolicyState.java index dafafb6a06..2b742c92ef 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelDestGroupIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelDestGroupIamPolicyState.java @@ -58,18 +58,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -78,18 +66,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -201,18 +177,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -225,18 +189,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelIamBindingState.java index 7f1aa2540f..176c2229b9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelIamBindingState.java @@ -49,19 +49,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -188,25 +192,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -220,17 +229,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,6 +249,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelIamMemberState.java index f779766155..b7bbf09068 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelIamMemberState.java @@ -48,19 +48,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,15 +62,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,6 +79,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -187,21 +191,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -215,17 +207,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,6 +228,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelIamPolicyState.java index 23ecf06cdb..bb8a886a46 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelIamPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -162,18 +138,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -186,18 +150,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelInstanceIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelInstanceIAMBindingState.java index 778fc44bf0..c68cc14615 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelInstanceIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelInstanceIAMBindingState.java @@ -64,19 +64,9 @@ public Optional> instance() { return Optional.ofNullable(this.instance); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -88,15 +78,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -108,6 +95,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -233,25 +237,30 @@ public Builder instance(String instance) { return instance(Output.of(instance)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -265,17 +274,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -289,6 +294,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelInstanceIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelInstanceIAMMemberState.java index 5e235440b6..cb40af0cd6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelInstanceIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelInstanceIAMMemberState.java @@ -63,19 +63,9 @@ public Optional> instance() { return Optional.ofNullable(this.instance); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -87,15 +77,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,6 +94,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -232,21 +236,9 @@ public Builder instance(String instance) { return instance(Output.of(instance)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -260,17 +252,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -284,6 +273,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelInstanceIAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelInstanceIAMPolicyState.java index 0151efd612..e4bb491f80 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelInstanceIAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/TunnelInstanceIAMPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -207,18 +183,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -231,18 +195,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebBackendServiceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebBackendServiceIamBindingState.java index 843f5eaeb9..02fc357e7a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebBackendServiceIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebBackendServiceIamBindingState.java @@ -49,19 +49,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -204,25 +208,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -236,17 +245,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -260,6 +265,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebBackendServiceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebBackendServiceIamMemberState.java index adc4363b02..56055c893b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebBackendServiceIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebBackendServiceIamMemberState.java @@ -48,19 +48,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,15 +62,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,6 +79,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -203,21 +207,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -231,17 +223,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -255,6 +244,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebBackendServiceIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebBackendServiceIamPolicyState.java index 789d4214a1..8b637a5fca 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebBackendServiceIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebBackendServiceIamPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -178,18 +154,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -202,18 +166,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebIamBindingState.java index a83eae229a..3509bc8ab8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebIamBindingState.java @@ -49,19 +49,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -188,25 +192,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -220,17 +229,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,6 +249,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebIamMemberState.java index ac70d9bf6b..e40cd0c0f8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebIamMemberState.java @@ -48,19 +48,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,15 +62,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,6 +79,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -187,21 +191,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -215,17 +207,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,6 +228,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebIamPolicyState.java index 3675ad9cf6..8bcdd7a056 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebIamPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -162,18 +138,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -186,18 +150,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebRegionBackendServiceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebRegionBackendServiceIamBindingState.java index f7d448fde1..a47850c153 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebRegionBackendServiceIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebRegionBackendServiceIamBindingState.java @@ -49,19 +49,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -212,25 +216,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,17 +253,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -268,6 +273,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebRegionBackendServiceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebRegionBackendServiceIamMemberState.java index cad73b899e..8962ded2d0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebRegionBackendServiceIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebRegionBackendServiceIamMemberState.java @@ -48,19 +48,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,15 +62,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,6 +79,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -211,21 +215,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,17 +231,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -263,6 +252,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebRegionBackendServiceIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebRegionBackendServiceIamPolicyState.java index 7cb3cd6520..2371d14c46 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebRegionBackendServiceIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebRegionBackendServiceIamPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -186,18 +162,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -210,18 +174,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeAppEngingIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeAppEngingIamBindingState.java index 40d8a552e4..37058664a3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeAppEngingIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeAppEngingIamBindingState.java @@ -64,19 +64,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -88,15 +78,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -108,6 +95,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -225,25 +229,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -257,17 +266,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -281,6 +286,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeAppEngingIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeAppEngingIamMemberState.java index 94166ab04f..0a5a90608d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeAppEngingIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeAppEngingIamMemberState.java @@ -63,19 +63,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -87,15 +77,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -107,6 +94,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -224,21 +228,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -252,17 +244,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -276,6 +265,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeAppEngingIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeAppEngingIamPolicyState.java index 72a5ad7431..b8e7da08c6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeAppEngingIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeAppEngingIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -199,18 +175,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -223,18 +187,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeComputeIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeComputeIamBindingState.java index b0b22fa2a0..69e794e398 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeComputeIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeComputeIamBindingState.java @@ -49,19 +49,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -73,15 +63,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,6 +80,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -188,25 +192,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -220,17 +229,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,6 +249,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeComputeIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeComputeIamMemberState.java index c26afee43e..fd8cfe24d4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeComputeIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeComputeIamMemberState.java @@ -48,19 +48,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -72,15 +62,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,6 +79,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -187,21 +191,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -215,17 +207,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,6 +228,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeComputeIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeComputeIamPolicyState.java index 58305a4b05..792a17b28a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeComputeIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/iap/inputs/WebTypeComputeIamPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -162,18 +138,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -186,18 +150,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMBinding.java index 120c9b28b8..fdb3b46fec 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMBinding.java @@ -323,15 +323,6 @@ public Output> condition() { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="cryptoKeyId", refs={String.class}, tree="[0]") private Output cryptoKeyId; @@ -342,15 +333,6 @@ public Output> condition() { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output cryptoKeyId() { return this.cryptoKeyId; @@ -369,9 +351,31 @@ public Output cryptoKeyId() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMBindingArgs.java index ad112faab0..f3e43ffbb9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMBindingArgs.java @@ -41,15 +41,6 @@ public Optional> condition() { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="cryptoKeyId", required=true) private Output cryptoKeyId; @@ -60,8 +51,14 @@ public Optional> condition() { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output cryptoKeyId() { + return this.cryptoKeyId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. @@ -70,13 +67,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output cryptoKeyId() { - return this.cryptoKeyId; - } - @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -154,15 +158,6 @@ public Builder condition(CryptoKeyIAMBindingConditionArgs condition) { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -177,8 +172,16 @@ public Builder cryptoKeyId(Output cryptoKeyId) { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder cryptoKeyId(String cryptoKeyId) { + return cryptoKeyId(Output.of(cryptoKeyId)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. @@ -189,19 +192,41 @@ public Builder cryptoKeyId(Output cryptoKeyId) { * @return builder * */ - public Builder cryptoKeyId(String cryptoKeyId) { - return cryptoKeyId(Output.of(cryptoKeyId)); - } - public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMMember.java index fd7bfd905c..9c21016bc9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMMember.java @@ -322,15 +322,6 @@ public Output> condition() { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="cryptoKeyId", refs={String.class}, tree="[0]") private Output cryptoKeyId; @@ -341,15 +332,6 @@ public Output> condition() { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output cryptoKeyId() { return this.cryptoKeyId; @@ -368,9 +350,31 @@ public Output cryptoKeyId() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMMemberArgs.java index 93623c40ec..b6556f3840 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMMemberArgs.java @@ -40,15 +40,6 @@ public Optional> condition() { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="cryptoKeyId", required=true) private Output cryptoKeyId; @@ -59,8 +50,14 @@ public Optional> condition() { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output cryptoKeyId() { + return this.cryptoKeyId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. @@ -69,13 +66,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output cryptoKeyId() { - return this.cryptoKeyId; - } - @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -153,15 +157,6 @@ public Builder condition(CryptoKeyIAMMemberConditionArgs condition) { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -176,8 +171,16 @@ public Builder cryptoKeyId(Output cryptoKeyId) { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder cryptoKeyId(String cryptoKeyId) { + return cryptoKeyId(Output.of(cryptoKeyId)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. @@ -188,15 +191,24 @@ public Builder cryptoKeyId(Output cryptoKeyId) { * @return builder * */ - public Builder cryptoKeyId(String cryptoKeyId) { - return cryptoKeyId(Output.of(cryptoKeyId)); - } - public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMPolicy.java index 033f6b9872..93f7fe26a1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMPolicy.java @@ -304,15 +304,6 @@ public class CryptoKeyIAMPolicy extends com.pulumi.resources.CustomResource { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="cryptoKeyId", refs={String.class}, tree="[0]") private Output cryptoKeyId; @@ -323,15 +314,6 @@ public class CryptoKeyIAMPolicy extends com.pulumi.resources.CustomResource { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output cryptoKeyId() { return this.cryptoKeyId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMPolicyArgs.java index b4c19ee811..86ee1f66f4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/CryptoKeyIAMPolicyArgs.java @@ -20,15 +20,6 @@ public final class CryptoKeyIAMPolicyArgs extends com.pulumi.resources.ResourceA * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="cryptoKeyId", required=true) private Output cryptoKeyId; @@ -39,15 +30,6 @@ public final class CryptoKeyIAMPolicyArgs extends com.pulumi.resources.ResourceA * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output cryptoKeyId() { return this.cryptoKeyId; @@ -101,15 +83,6 @@ public Builder(CryptoKeyIAMPolicyArgs defaults) { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -124,15 +97,6 @@ public Builder cryptoKeyId(Output cryptoKeyId) { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMBinding.java index 118d2e8a58..673404b484 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMBinding.java @@ -284,6 +284,263 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_kms\_key\_ring\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRing; + * import com.pulumi.gcp.kms.KeyRingArgs; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.kms.KeyRingIAMPolicy; + * import com.pulumi.gcp.kms.KeyRingIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyring = new KeyRing("keyring", KeyRingArgs.builder() + * .name("keyring-example") + * .location("global") + * .build()); + * + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var keyRing = new KeyRingIAMPolicy("keyRing", KeyRingIAMPolicyArgs.builder() + * .keyRingId(keyring.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRing; + * import com.pulumi.gcp.kms.KeyRingArgs; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.kms.KeyRingIAMPolicy; + * import com.pulumi.gcp.kms.KeyRingIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyring = new KeyRing("keyring", KeyRingArgs.builder() + * .name("keyring-example") + * .location("global") + * .build()); + * + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var keyRing = new KeyRingIAMPolicy("keyRing", KeyRingIAMPolicyArgs.builder() + * .keyRingId(keyring.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_kms\_key\_ring\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRingIAMBinding; + * import com.pulumi.gcp.kms.KeyRingIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyRing = new KeyRingIAMBinding("keyRing", KeyRingIAMBindingArgs.builder() + * .keyRingId("your-key-ring-id") + * .role("roles/cloudkms.admin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRingIAMBinding; + * import com.pulumi.gcp.kms.KeyRingIAMBindingArgs; + * import com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyRing = new KeyRingIAMBinding("keyRing", KeyRingIAMBindingArgs.builder() + * .keyRingId("your-key-ring-id") + * .role("roles/cloudkms.admin") + * .members("user:jane@example.com") + * .condition(KeyRingIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_kms\_key\_ring\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRingIAMMember; + * import com.pulumi.gcp.kms.KeyRingIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyRing = new KeyRingIAMMember("keyRing", KeyRingIAMMemberArgs.builder() + * .keyRingId("your-key-ring-id") + * .role("roles/cloudkms.admin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRingIAMMember; + * import com.pulumi.gcp.kms.KeyRingIAMMemberArgs; + * import com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyRing = new KeyRingIAMMember("keyRing", KeyRingIAMMemberArgs.builder() + * .keyRingId("your-key-ring-id") + * .role("roles/cloudkms.admin") + * .member("user:jane@example.com") + * .condition(KeyRingIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -349,15 +606,6 @@ public Output etag() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="keyRingId", refs={String.class}, tree="[0]") private Output keyRingId; @@ -368,8 +616,13 @@ public Output etag() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output keyRingId() { + return this.keyRingId; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -378,12 +631,20 @@ public Output etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output keyRingId() { - return this.keyRingId; - } @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMBindingArgs.java index 9cb2c110ac..9624768950 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMBindingArgs.java @@ -41,15 +41,6 @@ public Optional> condition() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="keyRingId", required=true) private Output keyRingId; @@ -60,8 +51,14 @@ public Optional> condition() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output keyRingId() { + return this.keyRingId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -70,13 +67,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output keyRingId() { - return this.keyRingId; - } - @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -156,15 +160,6 @@ public Builder condition(KeyRingIAMBindingConditionArgs condition) { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -179,8 +174,16 @@ public Builder keyRingId(Output keyRingId) { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder keyRingId(String keyRingId) { + return keyRingId(Output.of(keyRingId)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -191,19 +194,41 @@ public Builder keyRingId(Output keyRingId) { * @return builder * */ - public Builder keyRingId(String keyRingId) { - return keyRingId(Output.of(keyRingId)); - } - public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMMember.java index 47ec9ffe73..7dda02791d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMMember.java @@ -283,6 +283,263 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_kms\_key\_ring\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRing; + * import com.pulumi.gcp.kms.KeyRingArgs; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.kms.KeyRingIAMPolicy; + * import com.pulumi.gcp.kms.KeyRingIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyring = new KeyRing("keyring", KeyRingArgs.builder() + * .name("keyring-example") + * .location("global") + * .build()); + * + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var keyRing = new KeyRingIAMPolicy("keyRing", KeyRingIAMPolicyArgs.builder() + * .keyRingId(keyring.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRing; + * import com.pulumi.gcp.kms.KeyRingArgs; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.kms.KeyRingIAMPolicy; + * import com.pulumi.gcp.kms.KeyRingIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyring = new KeyRing("keyring", KeyRingArgs.builder() + * .name("keyring-example") + * .location("global") + * .build()); + * + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var keyRing = new KeyRingIAMPolicy("keyRing", KeyRingIAMPolicyArgs.builder() + * .keyRingId(keyring.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_kms\_key\_ring\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRingIAMBinding; + * import com.pulumi.gcp.kms.KeyRingIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyRing = new KeyRingIAMBinding("keyRing", KeyRingIAMBindingArgs.builder() + * .keyRingId("your-key-ring-id") + * .role("roles/cloudkms.admin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRingIAMBinding; + * import com.pulumi.gcp.kms.KeyRingIAMBindingArgs; + * import com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyRing = new KeyRingIAMBinding("keyRing", KeyRingIAMBindingArgs.builder() + * .keyRingId("your-key-ring-id") + * .role("roles/cloudkms.admin") + * .members("user:jane@example.com") + * .condition(KeyRingIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_kms\_key\_ring\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRingIAMMember; + * import com.pulumi.gcp.kms.KeyRingIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyRing = new KeyRingIAMMember("keyRing", KeyRingIAMMemberArgs.builder() + * .keyRingId("your-key-ring-id") + * .role("roles/cloudkms.admin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRingIAMMember; + * import com.pulumi.gcp.kms.KeyRingIAMMemberArgs; + * import com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyRing = new KeyRingIAMMember("keyRing", KeyRingIAMMemberArgs.builder() + * .keyRingId("your-key-ring-id") + * .role("roles/cloudkms.admin") + * .member("user:jane@example.com") + * .condition(KeyRingIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -348,15 +605,6 @@ public Output etag() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="keyRingId", refs={String.class}, tree="[0]") private Output keyRingId; @@ -367,8 +615,13 @@ public Output etag() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output keyRingId() { + return this.keyRingId; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -377,12 +630,20 @@ public Output etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output keyRingId() { - return this.keyRingId; - } @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMMemberArgs.java index 8cc34dd1c1..4e940ee89d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMMemberArgs.java @@ -40,15 +40,6 @@ public Optional> condition() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="keyRingId", required=true) private Output keyRingId; @@ -59,8 +50,14 @@ public Optional> condition() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output keyRingId() { + return this.keyRingId; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -69,13 +66,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output keyRingId() { - return this.keyRingId; - } - @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -155,15 +159,6 @@ public Builder condition(KeyRingIAMMemberConditionArgs condition) { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -178,8 +173,16 @@ public Builder keyRingId(Output keyRingId) { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder keyRingId(String keyRingId) { + return keyRingId(Output.of(keyRingId)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -190,15 +193,24 @@ public Builder keyRingId(Output keyRingId) { * @return builder * */ - public Builder keyRingId(String keyRingId) { - return keyRingId(Output.of(keyRingId)); - } - public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMPolicy.java index 4867d458f6..e9e03f111d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMPolicy.java @@ -281,6 +281,263 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_kms\_key\_ring\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRing; + * import com.pulumi.gcp.kms.KeyRingArgs; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.kms.KeyRingIAMPolicy; + * import com.pulumi.gcp.kms.KeyRingIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyring = new KeyRing("keyring", KeyRingArgs.builder() + * .name("keyring-example") + * .location("global") + * .build()); + * + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var keyRing = new KeyRingIAMPolicy("keyRing", KeyRingIAMPolicyArgs.builder() + * .keyRingId(keyring.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRing; + * import com.pulumi.gcp.kms.KeyRingArgs; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.kms.KeyRingIAMPolicy; + * import com.pulumi.gcp.kms.KeyRingIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyring = new KeyRing("keyring", KeyRingArgs.builder() + * .name("keyring-example") + * .location("global") + * .build()); + * + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var keyRing = new KeyRingIAMPolicy("keyRing", KeyRingIAMPolicyArgs.builder() + * .keyRingId(keyring.id()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_kms\_key\_ring\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRingIAMBinding; + * import com.pulumi.gcp.kms.KeyRingIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyRing = new KeyRingIAMBinding("keyRing", KeyRingIAMBindingArgs.builder() + * .keyRingId("your-key-ring-id") + * .role("roles/cloudkms.admin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRingIAMBinding; + * import com.pulumi.gcp.kms.KeyRingIAMBindingArgs; + * import com.pulumi.gcp.kms.inputs.KeyRingIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyRing = new KeyRingIAMBinding("keyRing", KeyRingIAMBindingArgs.builder() + * .keyRingId("your-key-ring-id") + * .role("roles/cloudkms.admin") + * .members("user:jane@example.com") + * .condition(KeyRingIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_kms\_key\_ring\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRingIAMMember; + * import com.pulumi.gcp.kms.KeyRingIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyRing = new KeyRingIAMMember("keyRing", KeyRingIAMMemberArgs.builder() + * .keyRingId("your-key-ring-id") + * .role("roles/cloudkms.admin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.kms.KeyRingIAMMember; + * import com.pulumi.gcp.kms.KeyRingIAMMemberArgs; + * import com.pulumi.gcp.kms.inputs.KeyRingIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var keyRing = new KeyRingIAMMember("keyRing", KeyRingIAMMemberArgs.builder() + * .keyRingId("your-key-ring-id") + * .role("roles/cloudkms.admin") + * .member("user:jane@example.com") + * .condition(KeyRingIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -330,15 +587,6 @@ public Output etag() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="keyRingId", refs={String.class}, tree="[0]") private Output keyRingId; @@ -349,15 +597,6 @@ public Output etag() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output keyRingId() { return this.keyRingId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMPolicyArgs.java index 82e4c32b1b..295b2420c8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/KeyRingIAMPolicyArgs.java @@ -20,15 +20,6 @@ public final class KeyRingIAMPolicyArgs extends com.pulumi.resources.ResourceArg * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="keyRingId", required=true) private Output keyRingId; @@ -39,15 +30,6 @@ public final class KeyRingIAMPolicyArgs extends com.pulumi.resources.ResourceArg * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output keyRingId() { return this.keyRingId; @@ -101,15 +83,6 @@ public Builder(KeyRingIAMPolicyArgs defaults) { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -124,15 +97,6 @@ public Builder keyRingId(Output keyRingId) { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/CryptoKeyIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/CryptoKeyIAMBindingState.java index a9286b12f2..e718a3b9fb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/CryptoKeyIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/CryptoKeyIAMBindingState.java @@ -40,15 +40,6 @@ public Optional> condition() { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="cryptoKeyId") private @Nullable Output cryptoKeyId; @@ -59,15 +50,6 @@ public Optional> condition() { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> cryptoKeyId() { return Optional.ofNullable(this.cryptoKeyId); @@ -88,9 +70,31 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -169,15 +173,6 @@ public Builder condition(CryptoKeyIAMBindingConditionArgs condition) { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -192,15 +187,6 @@ public Builder cryptoKeyId(@Nullable Output cryptoKeyId) { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -229,15 +215,54 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/CryptoKeyIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/CryptoKeyIAMMemberState.java index 7ae99cae65..7d2697bd98 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/CryptoKeyIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/CryptoKeyIAMMemberState.java @@ -39,15 +39,6 @@ public Optional> condition() { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="cryptoKeyId") private @Nullable Output cryptoKeyId; @@ -58,15 +49,6 @@ public Optional> condition() { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> cryptoKeyId() { return Optional.ofNullable(this.cryptoKeyId); @@ -87,9 +69,31 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -168,15 +172,6 @@ public Builder condition(CryptoKeyIAMMemberConditionArgs condition) { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -191,15 +186,6 @@ public Builder cryptoKeyId(@Nullable Output cryptoKeyId) { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -228,11 +214,37 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/CryptoKeyIAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/CryptoKeyIAMPolicyState.java index b8e3ddb925..a234d65260 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/CryptoKeyIAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/CryptoKeyIAMPolicyState.java @@ -21,15 +21,6 @@ public final class CryptoKeyIAMPolicyState extends com.pulumi.resources.Resource * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="cryptoKeyId") private @Nullable Output cryptoKeyId; @@ -40,15 +31,6 @@ public final class CryptoKeyIAMPolicyState extends com.pulumi.resources.Resource * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> cryptoKeyId() { return Optional.ofNullable(this.cryptoKeyId); @@ -118,15 +100,6 @@ public Builder(CryptoKeyIAMPolicyState defaults) { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -141,15 +114,6 @@ public Builder cryptoKeyId(@Nullable Output cryptoKeyId) { * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/KeyRingIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/KeyRingIAMBindingState.java index 2f590c837b..c8ca912298 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/KeyRingIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/KeyRingIAMBindingState.java @@ -55,15 +55,6 @@ public Optional> etag() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="keyRingId") private @Nullable Output keyRingId; @@ -74,8 +65,14 @@ public Optional> etag() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Optional> keyRingId() { + return Optional.ofNullable(this.keyRingId); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -84,13 +81,20 @@ public Optional> etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Optional> keyRingId() { - return Optional.ofNullable(this.keyRingId); - } - @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -192,15 +196,6 @@ public Builder etag(String etag) { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -215,8 +210,16 @@ public Builder keyRingId(@Nullable Output keyRingId) { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder keyRingId(String keyRingId) { + return keyRingId(Output.of(keyRingId)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -227,19 +230,41 @@ public Builder keyRingId(@Nullable Output keyRingId) { * @return builder * */ - public Builder keyRingId(String keyRingId) { - return keyRingId(Output.of(keyRingId)); - } - public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/KeyRingIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/KeyRingIAMMemberState.java index 958a35914f..3afefc23aa 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/KeyRingIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/KeyRingIAMMemberState.java @@ -54,15 +54,6 @@ public Optional> etag() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="keyRingId") private @Nullable Output keyRingId; @@ -73,8 +64,14 @@ public Optional> etag() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Optional> keyRingId() { + return Optional.ofNullable(this.keyRingId); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,13 +80,20 @@ public Optional> etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Optional> keyRingId() { - return Optional.ofNullable(this.keyRingId); - } - @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -191,15 +195,6 @@ public Builder etag(String etag) { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -214,8 +209,16 @@ public Builder keyRingId(@Nullable Output keyRingId) { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder keyRingId(String keyRingId) { + return keyRingId(Output.of(keyRingId)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -226,15 +229,24 @@ public Builder keyRingId(@Nullable Output keyRingId) { * @return builder * */ - public Builder keyRingId(String keyRingId) { - return keyRingId(Output.of(keyRingId)); - } - public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/KeyRingIAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/KeyRingIAMPolicyState.java index 8af34de0df..013ac26ade 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/KeyRingIAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/kms/inputs/KeyRingIAMPolicyState.java @@ -36,15 +36,6 @@ public Optional> etag() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="keyRingId") private @Nullable Output keyRingId; @@ -55,15 +46,6 @@ public Optional> etag() { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> keyRingId() { return Optional.ofNullable(this.keyRingId); @@ -139,15 +121,6 @@ public Builder etag(String etag) { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -162,15 +135,6 @@ public Builder keyRingId(@Nullable Output keyRingId) { * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AddressGroupIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AddressGroupIamPolicy.java index 4659f357f6..4aa6dd7735 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AddressGroupIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AddressGroupIamPolicy.java @@ -133,18 +133,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -153,18 +141,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AddressGroupIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AddressGroupIamPolicyArgs.java index 9a31c025b2..55e08b4cea 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AddressGroupIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/AddressGroupIamPolicyArgs.java @@ -69,18 +69,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -89,18 +77,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -204,18 +180,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -228,18 +192,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AddressGroupIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AddressGroupIamPolicyState.java index 6f72edf973..231513f4c8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AddressGroupIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/networksecurity/inputs/AddressGroupIamPolicyState.java @@ -83,18 +83,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -103,18 +91,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -240,18 +216,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -264,18 +228,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamBinding.java index b9de32c87c..602adecd32 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_notebooks\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.notebooks.InstanceIamPolicy; + * import com.pulumi.gcp.notebooks.InstanceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new InstanceIamPolicy("policy", InstanceIamPolicyArgs.builder() + * .project(instance.project()) + * .location(instance.location()) + * .instanceName(instance.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_notebooks\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.notebooks.InstanceIamBinding; + * import com.pulumi.gcp.notebooks.InstanceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new InstanceIamBinding("binding", InstanceIamBindingArgs.builder() + * .project(instance.project()) + * .location(instance.location()) + * .instanceName(instance.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_notebooks\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.notebooks.InstanceIamMember; + * import com.pulumi.gcp.notebooks.InstanceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new InstanceIamMember("member", InstanceIamMemberArgs.builder() + * .project(instance.project()) + * .location(instance.location()) + * .instanceName(instance.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -239,18 +358,9 @@ public Output instanceName() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -262,15 +372,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -282,6 +389,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamBindingArgs.java index 1c99cbce2c..2a8d6e157d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamBindingArgs.java @@ -55,19 +55,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,15 +69,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -99,6 +86,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -202,25 +206,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -234,17 +243,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -258,6 +263,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamMember.java index a69338ebe5..57432d2e9c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_notebooks\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.notebooks.InstanceIamPolicy; + * import com.pulumi.gcp.notebooks.InstanceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new InstanceIamPolicy("policy", InstanceIamPolicyArgs.builder() + * .project(instance.project()) + * .location(instance.location()) + * .instanceName(instance.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_notebooks\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.notebooks.InstanceIamBinding; + * import com.pulumi.gcp.notebooks.InstanceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new InstanceIamBinding("binding", InstanceIamBindingArgs.builder() + * .project(instance.project()) + * .location(instance.location()) + * .instanceName(instance.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_notebooks\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.notebooks.InstanceIamMember; + * import com.pulumi.gcp.notebooks.InstanceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new InstanceIamMember("member", InstanceIamMemberArgs.builder() + * .project(instance.project()) + * .location(instance.location()) + * .instanceName(instance.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -238,18 +357,9 @@ public Output instanceName() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -261,15 +371,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -281,6 +388,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamMemberArgs.java index 6490cbce21..e0d65b2c6a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamMemberArgs.java @@ -54,19 +54,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,15 +68,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -98,6 +85,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -201,21 +205,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -229,17 +221,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -253,6 +242,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamPolicy.java index dab28d17fd..e1decdde54 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_notebooks\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.notebooks.InstanceIamPolicy; + * import com.pulumi.gcp.notebooks.InstanceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new InstanceIamPolicy("policy", InstanceIamPolicyArgs.builder() + * .project(instance.project()) + * .location(instance.location()) + * .instanceName(instance.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_notebooks\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.notebooks.InstanceIamBinding; + * import com.pulumi.gcp.notebooks.InstanceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new InstanceIamBinding("binding", InstanceIamBindingArgs.builder() + * .project(instance.project()) + * .location(instance.location()) + * .instanceName(instance.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_notebooks\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.notebooks.InstanceIamMember; + * import com.pulumi.gcp.notebooks.InstanceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new InstanceIamMember("member", InstanceIamMemberArgs.builder() + * .project(instance.project()) + * .location(instance.location()) + * .instanceName(instance.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -250,18 +369,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -270,18 +377,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamPolicyArgs.java index a66060d496..37c1c23854 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/InstanceIamPolicyArgs.java @@ -67,18 +67,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -87,18 +75,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -200,18 +176,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -224,18 +188,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamBinding.java index 96e6b5d546..5a4eca25e7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamBinding.java @@ -150,6 +150,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_notebooks\_runtime\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.notebooks.RuntimeIamPolicy; + * import com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new RuntimeIamPolicy("policy", RuntimeIamPolicyArgs.builder() + * .project(runtime.project()) + * .location(runtime.location()) + * .runtimeName(runtime.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_notebooks\_runtime\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.notebooks.RuntimeIamBinding; + * import com.pulumi.gcp.notebooks.RuntimeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new RuntimeIamBinding("binding", RuntimeIamBindingArgs.builder() + * .project(runtime.project()) + * .location(runtime.location()) + * .runtimeName(runtime.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_notebooks\_runtime\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.notebooks.RuntimeIamMember; + * import com.pulumi.gcp.notebooks.RuntimeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new RuntimeIamMember("member", RuntimeIamMemberArgs.builder() + * .project(runtime.project()) + * .location(runtime.location()) + * .runtimeName(runtime.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -225,18 +344,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,15 +358,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -268,6 +375,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamBindingArgs.java index df58423bf2..d1a5fe5ebe 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamBindingArgs.java @@ -40,19 +40,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -64,15 +54,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -84,6 +71,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -181,25 +185,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -213,17 +222,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -237,6 +242,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamMember.java index 55be1ceea6..86726c16a7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamMember.java @@ -149,6 +149,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_notebooks\_runtime\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.notebooks.RuntimeIamPolicy; + * import com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new RuntimeIamPolicy("policy", RuntimeIamPolicyArgs.builder() + * .project(runtime.project()) + * .location(runtime.location()) + * .runtimeName(runtime.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_notebooks\_runtime\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.notebooks.RuntimeIamBinding; + * import com.pulumi.gcp.notebooks.RuntimeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new RuntimeIamBinding("binding", RuntimeIamBindingArgs.builder() + * .project(runtime.project()) + * .location(runtime.location()) + * .runtimeName(runtime.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_notebooks\_runtime\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.notebooks.RuntimeIamMember; + * import com.pulumi.gcp.notebooks.RuntimeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new RuntimeIamMember("member", RuntimeIamMemberArgs.builder() + * .project(runtime.project()) + * .location(runtime.location()) + * .runtimeName(runtime.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -224,18 +343,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -247,15 +357,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -267,6 +374,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamMemberArgs.java index 45ba2e7902..159c73e7b6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamMemberArgs.java @@ -39,19 +39,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -180,21 +184,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,17 +200,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -232,6 +221,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamPolicy.java index e277e851b2..e2a9a3aab7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamPolicy.java @@ -147,6 +147,125 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_notebooks\_runtime\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.notebooks.RuntimeIamPolicy; + * import com.pulumi.gcp.notebooks.RuntimeIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new RuntimeIamPolicy("policy", RuntimeIamPolicyArgs.builder() + * .project(runtime.project()) + * .location(runtime.location()) + * .runtimeName(runtime.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_notebooks\_runtime\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.notebooks.RuntimeIamBinding; + * import com.pulumi.gcp.notebooks.RuntimeIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new RuntimeIamBinding("binding", RuntimeIamBindingArgs.builder() + * .project(runtime.project()) + * .location(runtime.location()) + * .runtimeName(runtime.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_notebooks\_runtime\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.notebooks.RuntimeIamMember; + * import com.pulumi.gcp.notebooks.RuntimeIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new RuntimeIamMember("member", RuntimeIamMemberArgs.builder() + * .project(runtime.project()) + * .location(runtime.location()) + * .runtimeName(runtime.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -236,18 +355,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -256,18 +363,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamPolicyArgs.java index b777b8c8e3..25bec265bf 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/RuntimeIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -179,18 +155,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -203,18 +167,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/InstanceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/InstanceIamBindingState.java index c490f4bbf2..214301fd30 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/InstanceIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/InstanceIamBindingState.java @@ -69,19 +69,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,15 +83,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -113,6 +100,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -238,25 +242,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -270,17 +279,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -294,6 +299,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/InstanceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/InstanceIamMemberState.java index e3f4132afd..d6278540e2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/InstanceIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/InstanceIamMemberState.java @@ -68,19 +68,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,15 +82,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -112,6 +99,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -237,21 +241,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -265,17 +257,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -289,6 +278,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/InstanceIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/InstanceIamPolicyState.java index 47a063e31d..f5721b4876 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/InstanceIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/InstanceIamPolicyState.java @@ -81,18 +81,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -101,18 +89,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -236,18 +212,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -260,18 +224,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/RuntimeIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/RuntimeIamBindingState.java index 8cdbb3dcfa..98bd0ca271 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/RuntimeIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/RuntimeIamBindingState.java @@ -54,19 +54,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,15 +68,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -98,6 +85,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -217,25 +221,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,17 +258,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -273,6 +278,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/RuntimeIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/RuntimeIamMemberState.java index 1039dc171a..8b382a070d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/RuntimeIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/RuntimeIamMemberState.java @@ -53,19 +53,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -77,15 +67,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -97,6 +84,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -216,21 +220,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,17 +236,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -268,6 +257,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/RuntimeIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/RuntimeIamPolicyState.java index 6619c5559b..8d355d4962 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/RuntimeIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/notebooks/inputs/RuntimeIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -215,18 +191,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -239,18 +203,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/organizations/IAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/organizations/IAMMember.java index a1da1ae082..f5f4625c0e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/organizations/IAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/organizations/IAMMember.java @@ -327,6 +327,306 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_organization\_iam\_policy + * + * !> **Warning:** New organizations have several default policies which will, + * without extreme caution, be **overwritten** by use of this resource. + * The safest alternative is to use multiple `gcp.organizations.IAMBinding` + * resources. This resource makes it easy to remove your own access to + * an organization, which will require a call to Google Support to have + * fixed, and can take multiple days to resolve. + * + * In general, this resource should only be used with organizations + * fully managed by this provider.I f you do use this resource, + * the best way to be sure that you are not making dangerous changes is to start + * by **importing** your existing policy, and examining the diff very closely. + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.organizations.IAMPolicy; + * import com.pulumi.gcp.organizations.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var organization = new IAMPolicy("organization", IAMPolicyArgs.builder() + * .orgId("1234567890") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.organizations.IAMPolicy; + * import com.pulumi.gcp.organizations.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var organization = new IAMPolicy("organization", IAMPolicyArgs.builder() + * .orgId("1234567890") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_organization\_iam\_binding + * + * > **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization. + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.IAMBinding; + * import com.pulumi.gcp.organizations.IAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var organization = new IAMBinding("organization", IAMBindingArgs.builder() + * .orgId("1234567890") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.IAMBinding; + * import com.pulumi.gcp.organizations.IAMBindingArgs; + * import com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var organization = new IAMBinding("organization", IAMBindingArgs.builder() + * .orgId("1234567890") + * .role("roles/editor") + * .members("user:jane@example.com") + * .condition(IAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_organization\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.IAMMember; + * import com.pulumi.gcp.organizations.IAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var organization = new IAMMember("organization", IAMMemberArgs.builder() + * .orgId("1234567890") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.IAMMember; + * import com.pulumi.gcp.organizations.IAMMemberArgs; + * import com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var organization = new IAMMember("organization", IAMMemberArgs.builder() + * .orgId("1234567890") + * .role("roles/editor") + * .member("user:jane@example.com") + * .condition(IAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_organization\_iam\_audit\_config + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.IamAuditConfig; + * import com.pulumi.gcp.organizations.IamAuditConfigArgs; + * import com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var organization = new IamAuditConfig("organization", IamAuditConfigArgs.builder() + * .orgId("1234567890") + * .service("allServices") + * .auditLogConfigs( + * IamAuditConfigAuditLogConfigArgs.builder() + * .logType("ADMIN_READ") + * .build(), + * IamAuditConfigAuditLogConfigArgs.builder() + * .logType("DATA_READ") + * .exemptedMembers("user:joebloggs@example.com") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing Audit Configs @@ -386,9 +686,27 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/organizations/IAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/organizations/IAMMemberArgs.java index cbfd7382fa..20d27f2b6f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/organizations/IAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/organizations/IAMMemberArgs.java @@ -34,9 +34,27 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -125,11 +143,33 @@ public Builder condition(IAMMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/organizations/IAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/organizations/IAMPolicy.java index d5061e5b63..18b2eaa350 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/organizations/IAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/organizations/IAMPolicy.java @@ -325,6 +325,306 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_organization\_iam\_policy + * + * !> **Warning:** New organizations have several default policies which will, + * without extreme caution, be **overwritten** by use of this resource. + * The safest alternative is to use multiple `gcp.organizations.IAMBinding` + * resources. This resource makes it easy to remove your own access to + * an organization, which will require a call to Google Support to have + * fixed, and can take multiple days to resolve. + * + * In general, this resource should only be used with organizations + * fully managed by this provider.I f you do use this resource, + * the best way to be sure that you are not making dangerous changes is to start + * by **importing** your existing policy, and examining the diff very closely. + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.organizations.IAMPolicy; + * import com.pulumi.gcp.organizations.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var organization = new IAMPolicy("organization", IAMPolicyArgs.builder() + * .orgId("1234567890") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.organizations.IAMPolicy; + * import com.pulumi.gcp.organizations.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var organization = new IAMPolicy("organization", IAMPolicyArgs.builder() + * .orgId("1234567890") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_organization\_iam\_binding + * + * > **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization. + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.IAMBinding; + * import com.pulumi.gcp.organizations.IAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var organization = new IAMBinding("organization", IAMBindingArgs.builder() + * .orgId("1234567890") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.IAMBinding; + * import com.pulumi.gcp.organizations.IAMBindingArgs; + * import com.pulumi.gcp.organizations.inputs.IAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var organization = new IAMBinding("organization", IAMBindingArgs.builder() + * .orgId("1234567890") + * .role("roles/editor") + * .members("user:jane@example.com") + * .condition(IAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_organization\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.IAMMember; + * import com.pulumi.gcp.organizations.IAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var organization = new IAMMember("organization", IAMMemberArgs.builder() + * .orgId("1234567890") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.IAMMember; + * import com.pulumi.gcp.organizations.IAMMemberArgs; + * import com.pulumi.gcp.organizations.inputs.IAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var organization = new IAMMember("organization", IAMMemberArgs.builder() + * .orgId("1234567890") + * .role("roles/editor") + * .member("user:jane@example.com") + * .condition(IAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_organization\_iam\_audit\_config + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.IamAuditConfig; + * import com.pulumi.gcp.organizations.IamAuditConfigArgs; + * import com.pulumi.gcp.organizations.inputs.IamAuditConfigAuditLogConfigArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var organization = new IamAuditConfig("organization", IamAuditConfigArgs.builder() + * .orgId("1234567890") + * .service("allServices") + * .auditLogConfigs( + * IamAuditConfigAuditLogConfigArgs.builder() + * .logType("ADMIN_READ") + * .build(), + * IamAuditConfigAuditLogConfigArgs.builder() + * .logType("DATA_READ") + * .exemptedMembers("user:joebloggs@example.com") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing Audit Configs diff --git a/sdk/java/src/main/java/com/pulumi/gcp/organizations/inputs/IAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/organizations/inputs/IAMMemberState.java index d8068ec609..46e906a352 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/organizations/inputs/IAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/organizations/inputs/IAMMemberState.java @@ -48,9 +48,27 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -161,11 +179,33 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMAuditConfig.java b/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMAuditConfig.java index 41d8a4e056..06988b5763 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMAuditConfig.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMAuditConfig.java @@ -324,6 +324,300 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_project\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your project + * using this resource. Deleting a `gcp.projects.IAMPolicy` removes access + * from anyone without organization-level access to the project. Proceed with caution. + * It's not recommended to use `gcp.projects.IAMPolicy` with your provider project + * to avoid locking yourself out, and it should generally only be used with projects + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.projects.IAMPolicy; + * import com.pulumi.gcp.projects.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var project = new IAMPolicy("project", IAMPolicyArgs.builder() + * .project("your-project-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.projects.IAMPolicy; + * import com.pulumi.gcp.projects.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var project = new IAMPolicy("project", IAMPolicyArgs.builder() + * .project("your-project-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_project\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMBinding; + * import com.pulumi.gcp.projects.IAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMBinding("project", IAMBindingArgs.builder() + * .project("your-project-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMBinding; + * import com.pulumi.gcp.projects.IAMBindingArgs; + * import com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMBinding("project", IAMBindingArgs.builder() + * .project("your-project-id") + * .role("roles/container.admin") + * .members("user:jane@example.com") + * .condition(IAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_project\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMMember; + * import com.pulumi.gcp.projects.IAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMMember("project", IAMMemberArgs.builder() + * .project("your-project-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMMember; + * import com.pulumi.gcp.projects.IAMMemberArgs; + * import com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMMember("project", IAMMemberArgs.builder() + * .project("your-project-id") + * .role("roles/firebase.admin") + * .member("user:jane@example.com") + * .condition(IAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_project\_iam\_audit\_config + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMAuditConfig; + * import com.pulumi.gcp.projects.IAMAuditConfigArgs; + * import com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMAuditConfig("project", IAMAuditConfigArgs.builder() + * .project("your-project-id") + * .service("allServices") + * .auditLogConfigs( + * IAMAuditConfigAuditLogConfigArgs.builder() + * .logType("ADMIN_READ") + * .build(), + * IAMAuditConfigAuditLogConfigArgs.builder() + * .logType("DATA_READ") + * .exemptedMembers("user:joebloggs@example.com") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing Audit Configs diff --git a/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMBinding.java index 899ac7f6f2..8d2ac68437 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMBinding.java @@ -325,6 +325,300 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_project\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your project + * using this resource. Deleting a `gcp.projects.IAMPolicy` removes access + * from anyone without organization-level access to the project. Proceed with caution. + * It's not recommended to use `gcp.projects.IAMPolicy` with your provider project + * to avoid locking yourself out, and it should generally only be used with projects + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.projects.IAMPolicy; + * import com.pulumi.gcp.projects.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var project = new IAMPolicy("project", IAMPolicyArgs.builder() + * .project("your-project-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.projects.IAMPolicy; + * import com.pulumi.gcp.projects.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var project = new IAMPolicy("project", IAMPolicyArgs.builder() + * .project("your-project-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_project\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMBinding; + * import com.pulumi.gcp.projects.IAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMBinding("project", IAMBindingArgs.builder() + * .project("your-project-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMBinding; + * import com.pulumi.gcp.projects.IAMBindingArgs; + * import com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMBinding("project", IAMBindingArgs.builder() + * .project("your-project-id") + * .role("roles/container.admin") + * .members("user:jane@example.com") + * .condition(IAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_project\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMMember; + * import com.pulumi.gcp.projects.IAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMMember("project", IAMMemberArgs.builder() + * .project("your-project-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMMember; + * import com.pulumi.gcp.projects.IAMMemberArgs; + * import com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMMember("project", IAMMemberArgs.builder() + * .project("your-project-id") + * .role("roles/firebase.admin") + * .member("user:jane@example.com") + * .condition(IAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_project\_iam\_audit\_config + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMAuditConfig; + * import com.pulumi.gcp.projects.IAMAuditConfigArgs; + * import com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMAuditConfig("project", IAMAuditConfigArgs.builder() + * .project("your-project-id") + * .service("allServices") + * .auditLogConfigs( + * IAMAuditConfigAuditLogConfigArgs.builder() + * .logType("ADMIN_READ") + * .build(), + * IAMAuditConfigAuditLogConfigArgs.builder() + * .logType("DATA_READ") + * .exemptedMembers("user:joebloggs@example.com") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing Audit Configs @@ -384,9 +678,27 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMBindingArgs.java index 20bcd34b81..50038e7f87 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMBindingArgs.java @@ -35,9 +35,27 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -128,15 +146,48 @@ public Builder condition(IAMBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMMember.java index 2e931614df..d13e00a4f9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMMember.java @@ -324,6 +324,300 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_project\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your project + * using this resource. Deleting a `gcp.projects.IAMPolicy` removes access + * from anyone without organization-level access to the project. Proceed with caution. + * It's not recommended to use `gcp.projects.IAMPolicy` with your provider project + * to avoid locking yourself out, and it should generally only be used with projects + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.projects.IAMPolicy; + * import com.pulumi.gcp.projects.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var project = new IAMPolicy("project", IAMPolicyArgs.builder() + * .project("your-project-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.projects.IAMPolicy; + * import com.pulumi.gcp.projects.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var project = new IAMPolicy("project", IAMPolicyArgs.builder() + * .project("your-project-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_project\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMBinding; + * import com.pulumi.gcp.projects.IAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMBinding("project", IAMBindingArgs.builder() + * .project("your-project-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMBinding; + * import com.pulumi.gcp.projects.IAMBindingArgs; + * import com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMBinding("project", IAMBindingArgs.builder() + * .project("your-project-id") + * .role("roles/container.admin") + * .members("user:jane@example.com") + * .condition(IAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_project\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMMember; + * import com.pulumi.gcp.projects.IAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMMember("project", IAMMemberArgs.builder() + * .project("your-project-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMMember; + * import com.pulumi.gcp.projects.IAMMemberArgs; + * import com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMMember("project", IAMMemberArgs.builder() + * .project("your-project-id") + * .role("roles/firebase.admin") + * .member("user:jane@example.com") + * .condition(IAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_project\_iam\_audit\_config + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMAuditConfig; + * import com.pulumi.gcp.projects.IAMAuditConfigArgs; + * import com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMAuditConfig("project", IAMAuditConfigArgs.builder() + * .project("your-project-id") + * .service("allServices") + * .auditLogConfigs( + * IAMAuditConfigAuditLogConfigArgs.builder() + * .logType("ADMIN_READ") + * .build(), + * IAMAuditConfigAuditLogConfigArgs.builder() + * .logType("DATA_READ") + * .exemptedMembers("user:joebloggs@example.com") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing Audit Configs @@ -383,9 +677,27 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMMemberArgs.java index aa651f141c..2fe009b5aa 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMMemberArgs.java @@ -34,9 +34,27 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -127,11 +145,33 @@ public Builder condition(IAMMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMPolicy.java index 661e496a42..33afe0a4b0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/projects/IAMPolicy.java @@ -322,6 +322,300 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_project\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your project + * using this resource. Deleting a `gcp.projects.IAMPolicy` removes access + * from anyone without organization-level access to the project. Proceed with caution. + * It's not recommended to use `gcp.projects.IAMPolicy` with your provider project + * to avoid locking yourself out, and it should generally only be used with projects + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.projects.IAMPolicy; + * import com.pulumi.gcp.projects.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var project = new IAMPolicy("project", IAMPolicyArgs.builder() + * .project("your-project-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.projects.IAMPolicy; + * import com.pulumi.gcp.projects.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/compute.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var project = new IAMPolicy("project", IAMPolicyArgs.builder() + * .project("your-project-id") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_project\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMBinding; + * import com.pulumi.gcp.projects.IAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMBinding("project", IAMBindingArgs.builder() + * .project("your-project-id") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMBinding; + * import com.pulumi.gcp.projects.IAMBindingArgs; + * import com.pulumi.gcp.projects.inputs.IAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMBinding("project", IAMBindingArgs.builder() + * .project("your-project-id") + * .role("roles/container.admin") + * .members("user:jane@example.com") + * .condition(IAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_project\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMMember; + * import com.pulumi.gcp.projects.IAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMMember("project", IAMMemberArgs.builder() + * .project("your-project-id") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMMember; + * import com.pulumi.gcp.projects.IAMMemberArgs; + * import com.pulumi.gcp.projects.inputs.IAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMMember("project", IAMMemberArgs.builder() + * .project("your-project-id") + * .role("roles/firebase.admin") + * .member("user:jane@example.com") + * .condition(IAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_project\_iam\_audit\_config + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.projects.IAMAuditConfig; + * import com.pulumi.gcp.projects.IAMAuditConfigArgs; + * import com.pulumi.gcp.projects.inputs.IAMAuditConfigAuditLogConfigArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var project = new IAMAuditConfig("project", IAMAuditConfigArgs.builder() + * .project("your-project-id") + * .service("allServices") + * .auditLogConfigs( + * IAMAuditConfigAuditLogConfigArgs.builder() + * .logType("ADMIN_READ") + * .build(), + * IAMAuditConfigAuditLogConfigArgs.builder() + * .logType("DATA_READ") + * .exemptedMembers("user:joebloggs@example.com") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing Audit Configs diff --git a/sdk/java/src/main/java/com/pulumi/gcp/projects/inputs/IAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/projects/inputs/IAMBindingState.java index 191dbe6753..56195e6c7f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/projects/inputs/IAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/projects/inputs/IAMBindingState.java @@ -49,9 +49,27 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -164,15 +182,48 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/projects/inputs/IAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/projects/inputs/IAMMemberState.java index c147aa17a3..1b6ebaa144 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/projects/inputs/IAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/projects/inputs/IAMMemberState.java @@ -48,9 +48,27 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -163,11 +181,33 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamBinding.java index 51d7b45158..520b5c94b3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_pubsub\_schema\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.pubsub.SchemaIamPolicy; + * import com.pulumi.gcp.pubsub.SchemaIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new SchemaIamPolicy("policy", SchemaIamPolicyArgs.builder() + * .project(example.project()) + * .schema(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_schema\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.SchemaIamBinding; + * import com.pulumi.gcp.pubsub.SchemaIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SchemaIamBinding("binding", SchemaIamBindingArgs.builder() + * .project(example.project()) + * .schema(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_schema\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.SchemaIamMember; + * import com.pulumi.gcp.pubsub.SchemaIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SchemaIamMember("member", SchemaIamMemberArgs.builder() + * .project(example.project()) + * .schema(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -206,18 +322,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -229,15 +336,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,6 +353,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamBindingArgs.java index 929d71e0c6..c457f35e88 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamBindingArgs.java @@ -25,19 +25,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -49,15 +39,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -69,6 +56,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -144,25 +148,30 @@ public Builder condition(SchemaIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -176,17 +185,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -200,6 +205,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamMember.java index 88a592c897..8371fe6959 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_pubsub\_schema\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.pubsub.SchemaIamPolicy; + * import com.pulumi.gcp.pubsub.SchemaIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new SchemaIamPolicy("policy", SchemaIamPolicyArgs.builder() + * .project(example.project()) + * .schema(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_schema\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.SchemaIamBinding; + * import com.pulumi.gcp.pubsub.SchemaIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SchemaIamBinding("binding", SchemaIamBindingArgs.builder() + * .project(example.project()) + * .schema(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_schema\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.SchemaIamMember; + * import com.pulumi.gcp.pubsub.SchemaIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SchemaIamMember("member", SchemaIamMemberArgs.builder() + * .project(example.project()) + * .schema(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -205,18 +321,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,15 +335,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,6 +352,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamMemberArgs.java index 4df0d4ba2a..a5d371aed5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamMemberArgs.java @@ -24,19 +24,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -48,15 +38,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -68,6 +55,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -143,21 +147,9 @@ public Builder condition(SchemaIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -171,17 +163,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -195,6 +184,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamPolicy.java index 3040b4dec4..cbbc3bf518 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_pubsub\_schema\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.pubsub.SchemaIamPolicy; + * import com.pulumi.gcp.pubsub.SchemaIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new SchemaIamPolicy("policy", SchemaIamPolicyArgs.builder() + * .project(example.project()) + * .schema(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_schema\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.SchemaIamBinding; + * import com.pulumi.gcp.pubsub.SchemaIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SchemaIamBinding("binding", SchemaIamBindingArgs.builder() + * .project(example.project()) + * .schema(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_schema\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.SchemaIamMember; + * import com.pulumi.gcp.pubsub.SchemaIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SchemaIamMember("member", SchemaIamMemberArgs.builder() + * .project(example.project()) + * .schema(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -217,18 +333,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -237,18 +341,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamPolicyArgs.java index 35b0653fec..f17759a8c3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SchemaIamPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -142,18 +118,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -166,18 +130,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMBinding.java index 39aad6623d..a1fd472bae 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMBinding.java @@ -140,6 +140,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_pubsub\_subscription\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.pubsub.SubscriptionIAMPolicy; + * import com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new SubscriptionIAMPolicy("editor", SubscriptionIAMPolicyArgs.builder() + * .subscription("your-subscription-name") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_subscription\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.SubscriptionIAMBinding; + * import com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new SubscriptionIAMBinding("editor", SubscriptionIAMBindingArgs.builder() + * .subscription("your-subscription-name") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_subscription\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.SubscriptionIAMMember; + * import com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new SubscriptionIAMMember("editor", SubscriptionIAMMemberArgs.builder() + * .subscription("your-subscription-name") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -189,9 +302,31 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -232,15 +367,6 @@ public Output role() { /** * The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="subscription", refs={String.class}, tree="[0]") private Output subscription; @@ -248,15 +374,6 @@ public Output role() { /** * @return The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output subscription() { return this.subscription; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMBindingArgs.java index e22e926b91..b95a391ccb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMBindingArgs.java @@ -25,9 +25,31 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -71,15 +93,6 @@ public Output role() { /** * The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="subscription", required=true) private Output subscription; @@ -87,15 +100,6 @@ public Output role() { /** * @return The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output subscription() { return this.subscription; @@ -138,15 +142,54 @@ public Builder condition(SubscriptionIAMBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -202,15 +245,6 @@ public Builder role(String role) { /** * @param subscription The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -222,15 +256,6 @@ public Builder subscription(Output subscription) { /** * @param subscription The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMMember.java index aa6337501a..ea14178e71 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMMember.java @@ -139,6 +139,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_pubsub\_subscription\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.pubsub.SubscriptionIAMPolicy; + * import com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new SubscriptionIAMPolicy("editor", SubscriptionIAMPolicyArgs.builder() + * .subscription("your-subscription-name") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_subscription\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.SubscriptionIAMBinding; + * import com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new SubscriptionIAMBinding("editor", SubscriptionIAMBindingArgs.builder() + * .subscription("your-subscription-name") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_subscription\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.SubscriptionIAMMember; + * import com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new SubscriptionIAMMember("editor", SubscriptionIAMMemberArgs.builder() + * .subscription("your-subscription-name") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -188,9 +301,31 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -231,15 +366,6 @@ public Output role() { /** * The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="subscription", refs={String.class}, tree="[0]") private Output subscription; @@ -247,15 +373,6 @@ public Output role() { /** * @return The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output subscription() { return this.subscription; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMMemberArgs.java index 8853c7e8b8..b2a2e571d7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMMemberArgs.java @@ -24,9 +24,31 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -70,15 +92,6 @@ public Output role() { /** * The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="subscription", required=true) private Output subscription; @@ -86,15 +99,6 @@ public Output role() { /** * @return The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output subscription() { return this.subscription; @@ -137,11 +141,37 @@ public Builder condition(SubscriptionIAMMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -197,15 +227,6 @@ public Builder role(String role) { /** * @param subscription The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -217,15 +238,6 @@ public Builder subscription(Output subscription) { /** * @param subscription The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMPolicy.java index 388ca39dd6..1b6c47b215 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMPolicy.java @@ -137,6 +137,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_pubsub\_subscription\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.pubsub.SubscriptionIAMPolicy; + * import com.pulumi.gcp.pubsub.SubscriptionIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var editor = new SubscriptionIAMPolicy("editor", SubscriptionIAMPolicyArgs.builder() + * .subscription("your-subscription-name") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_subscription\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.SubscriptionIAMBinding; + * import com.pulumi.gcp.pubsub.SubscriptionIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new SubscriptionIAMBinding("editor", SubscriptionIAMBindingArgs.builder() + * .subscription("your-subscription-name") + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_subscription\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.SubscriptionIAMMember; + * import com.pulumi.gcp.pubsub.SubscriptionIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var editor = new SubscriptionIAMMember("editor", SubscriptionIAMMemberArgs.builder() + * .subscription("your-subscription-name") + * .role("roles/editor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -219,15 +332,6 @@ public Output project() { /** * The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="subscription", refs={String.class}, tree="[0]") private Output subscription; @@ -235,15 +339,6 @@ public Output project() { /** * @return The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output subscription() { return this.subscription; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMPolicyArgs.java index 206e62b5ed..dae847923f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/SubscriptionIAMPolicyArgs.java @@ -57,15 +57,6 @@ public Optional> project() { /** * The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="subscription", required=true) private Output subscription; @@ -73,15 +64,6 @@ public Optional> project() { /** * @return The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output subscription() { return this.subscription; @@ -166,15 +148,6 @@ public Builder project(String project) { /** * @param subscription The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -186,15 +159,6 @@ public Builder subscription(Output subscription) { /** * @param subscription The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMBinding.java index ce89c57a76..a520dd6a1f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_pubsub\_topic\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.pubsub.TopicIAMPolicy; + * import com.pulumi.gcp.pubsub.TopicIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TopicIAMPolicy("policy", TopicIAMPolicyArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_topic\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.TopicIAMBinding; + * import com.pulumi.gcp.pubsub.TopicIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TopicIAMBinding("binding", TopicIAMBindingArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_topic\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.TopicIAMMember; + * import com.pulumi.gcp.pubsub.TopicIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TopicIAMMember("member", TopicIAMMemberArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -206,18 +322,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -229,15 +336,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,6 +353,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMBindingArgs.java index 54f2e0807e..5020efe889 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMBindingArgs.java @@ -25,19 +25,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -49,15 +39,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -69,6 +56,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -144,25 +148,30 @@ public Builder condition(TopicIAMBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -176,17 +185,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -200,6 +205,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMMember.java index a7ca3cd35a..7f3163b6c4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_pubsub\_topic\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.pubsub.TopicIAMPolicy; + * import com.pulumi.gcp.pubsub.TopicIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TopicIAMPolicy("policy", TopicIAMPolicyArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_topic\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.TopicIAMBinding; + * import com.pulumi.gcp.pubsub.TopicIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TopicIAMBinding("binding", TopicIAMBindingArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_topic\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.TopicIAMMember; + * import com.pulumi.gcp.pubsub.TopicIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TopicIAMMember("member", TopicIAMMemberArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -205,18 +321,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,15 +335,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,6 +352,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMMemberArgs.java index 8a830e6b57..7abaffe89c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMMemberArgs.java @@ -24,19 +24,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -48,15 +38,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -68,6 +55,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -143,21 +147,9 @@ public Builder condition(TopicIAMMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -171,17 +163,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -195,6 +184,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMPolicy.java index 2a0ea72ae0..a06ad58a8a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_pubsub\_topic\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.pubsub.TopicIAMPolicy; + * import com.pulumi.gcp.pubsub.TopicIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TopicIAMPolicy("policy", TopicIAMPolicyArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_topic\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.TopicIAMBinding; + * import com.pulumi.gcp.pubsub.TopicIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TopicIAMBinding("binding", TopicIAMBindingArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_topic\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.TopicIAMMember; + * import com.pulumi.gcp.pubsub.TopicIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TopicIAMMember("member", TopicIAMMemberArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -217,18 +333,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -237,18 +341,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMPolicyArgs.java index 3663aa927d..0adcddf9e8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/TopicIAMPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -142,18 +118,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -166,18 +130,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SchemaIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SchemaIamBindingState.java index dc76f0b51d..7c6b0f912e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SchemaIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SchemaIamBindingState.java @@ -39,19 +39,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -180,25 +184,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -212,17 +221,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -236,6 +241,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SchemaIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SchemaIamMemberState.java index c1b41d16ce..8b54a3339b 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SchemaIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SchemaIamMemberState.java @@ -38,19 +38,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -62,15 +52,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -82,6 +69,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -179,21 +183,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -207,17 +199,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -231,6 +220,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SchemaIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SchemaIamPolicyState.java index 15eb3818de..63a28e9f96 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SchemaIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SchemaIamPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -178,18 +154,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -202,18 +166,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SubscriptionIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SubscriptionIAMBindingState.java index 03b53d1774..c5d34a0d57 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SubscriptionIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SubscriptionIAMBindingState.java @@ -39,9 +39,31 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -85,15 +107,6 @@ public Optional> role() { /** * The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="subscription") private @Nullable Output subscription; @@ -101,15 +114,6 @@ public Optional> role() { /** * @return The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> subscription() { return Optional.ofNullable(this.subscription); @@ -174,15 +178,54 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -238,15 +281,6 @@ public Builder role(String role) { /** * @param subscription The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -258,15 +292,6 @@ public Builder subscription(@Nullable Output subscription) { /** * @param subscription The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SubscriptionIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SubscriptionIAMMemberState.java index 712f82ddb5..3b8290dd4a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SubscriptionIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SubscriptionIAMMemberState.java @@ -38,9 +38,31 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -84,15 +106,6 @@ public Optional> role() { /** * The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="subscription") private @Nullable Output subscription; @@ -100,15 +113,6 @@ public Optional> role() { /** * @return The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> subscription() { return Optional.ofNullable(this.subscription); @@ -173,11 +177,37 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -233,15 +263,6 @@ public Builder role(String role) { /** * @param subscription The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -253,15 +274,6 @@ public Builder subscription(@Nullable Output subscription) { /** * @param subscription The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SubscriptionIAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SubscriptionIAMPolicyState.java index f9eaa1b307..1d944920ca 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SubscriptionIAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/SubscriptionIAMPolicyState.java @@ -71,15 +71,6 @@ public Optional> project() { /** * The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="subscription") private @Nullable Output subscription; @@ -87,15 +78,6 @@ public Optional> project() { /** * @return The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> subscription() { return Optional.ofNullable(this.subscription); @@ -202,15 +184,6 @@ public Builder project(String project) { /** * @param subscription The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -222,15 +195,6 @@ public Builder subscription(@Nullable Output subscription) { /** * @param subscription The subscription name or id to bind to attach IAM policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/TopicIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/TopicIAMBindingState.java index dcae6b4276..76a8390950 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/TopicIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/TopicIAMBindingState.java @@ -39,19 +39,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -180,25 +184,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -212,17 +221,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -236,6 +241,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/TopicIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/TopicIAMMemberState.java index 29df4080f1..ccfc2e3dc5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/TopicIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/TopicIAMMemberState.java @@ -38,19 +38,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -62,15 +52,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -82,6 +69,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -179,21 +183,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -207,17 +199,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -231,6 +220,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/TopicIAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/TopicIAMPolicyState.java index ffbacf7a4f..4a8d9f5336 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/TopicIAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/pubsub/inputs/TopicIAMPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -178,18 +154,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -202,18 +166,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamBinding.java index 1e27fcabfb..2f4a023a63 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamBinding.java @@ -90,18 +90,9 @@ public Output config() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -113,15 +104,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -133,6 +121,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamBindingArgs.java index 9607be7202..cf3823c212 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamBindingArgs.java @@ -40,19 +40,9 @@ public Output config() { return this.config; } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -64,15 +54,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -84,6 +71,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -165,25 +169,30 @@ public Builder config(String config) { return config(Output.of(config)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -197,17 +206,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -221,6 +226,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamMember.java index d5d1e7d6ae..04e663158d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamMember.java @@ -89,18 +89,9 @@ public Output config() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -112,15 +103,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -132,6 +120,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamMemberArgs.java index 75ce08de08..904e3cb1db 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamMemberArgs.java @@ -39,19 +39,9 @@ public Output config() { return this.config; } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -164,21 +168,9 @@ public Builder config(String config) { return config(Output.of(config)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,17 +184,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,6 +205,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamPolicy.java index 9406919559..3f2ee93801 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamPolicy.java @@ -101,18 +101,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -121,18 +109,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamPolicyArgs.java index 83d1eecb56..8e95730bc0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/ConfigIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -163,18 +139,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -187,18 +151,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/inputs/ConfigIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/inputs/ConfigIamBindingState.java index 480d77496a..7e41e57d45 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/inputs/ConfigIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/inputs/ConfigIamBindingState.java @@ -54,19 +54,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,15 +68,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -98,6 +85,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -201,25 +205,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -233,17 +242,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -257,6 +262,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/inputs/ConfigIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/inputs/ConfigIamMemberState.java index 87efb0d201..eef8571160 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/inputs/ConfigIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/inputs/ConfigIamMemberState.java @@ -53,19 +53,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -77,15 +67,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -97,6 +84,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -200,21 +204,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,17 +220,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -252,6 +241,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/inputs/ConfigIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/inputs/ConfigIamPolicyState.java index 1261caabe0..503a9f6e32 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/inputs/ConfigIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/runtimeconfig/inputs/ConfigIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -199,18 +175,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -223,18 +187,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamBinding.java index 33c4db88a1..46d9f4b0d1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_secret\_manager\_secret\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.secretmanager.SecretIamPolicy; + * import com.pulumi.gcp.secretmanager.SecretIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/secretmanager.secretAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new SecretIamPolicy("policy", SecretIamPolicyArgs.builder() + * .project(secret_basic.project()) + * .secretId(secret_basic.secretId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_secret\_manager\_secret\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.secretmanager.SecretIamBinding; + * import com.pulumi.gcp.secretmanager.SecretIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SecretIamBinding("binding", SecretIamBindingArgs.builder() + * .project(secret_basic.project()) + * .secretId(secret_basic.secretId()) + * .role("roles/secretmanager.secretAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_secret\_manager\_secret\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.secretmanager.SecretIamMember; + * import com.pulumi.gcp.secretmanager.SecretIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SecretIamMember("member", SecretIamMemberArgs.builder() + * .project(secret_basic.project()) + * .secretId(secret_basic.secretId()) + * .role("roles/secretmanager.secretAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -206,18 +322,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -229,15 +336,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,6 +353,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamBindingArgs.java index f503ade48a..018589d208 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamBindingArgs.java @@ -25,19 +25,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -49,15 +39,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -69,6 +56,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -136,25 +140,30 @@ public Builder condition(SecretIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -168,17 +177,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,6 +197,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamMember.java index c6a29c8f77..ebb62d2869 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_secret\_manager\_secret\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.secretmanager.SecretIamPolicy; + * import com.pulumi.gcp.secretmanager.SecretIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/secretmanager.secretAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new SecretIamPolicy("policy", SecretIamPolicyArgs.builder() + * .project(secret_basic.project()) + * .secretId(secret_basic.secretId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_secret\_manager\_secret\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.secretmanager.SecretIamBinding; + * import com.pulumi.gcp.secretmanager.SecretIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SecretIamBinding("binding", SecretIamBindingArgs.builder() + * .project(secret_basic.project()) + * .secretId(secret_basic.secretId()) + * .role("roles/secretmanager.secretAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_secret\_manager\_secret\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.secretmanager.SecretIamMember; + * import com.pulumi.gcp.secretmanager.SecretIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SecretIamMember("member", SecretIamMemberArgs.builder() + * .project(secret_basic.project()) + * .secretId(secret_basic.secretId()) + * .role("roles/secretmanager.secretAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -205,18 +321,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,15 +335,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,6 +352,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamMemberArgs.java index a3f81b41e4..f8ef1cd147 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamMemberArgs.java @@ -24,19 +24,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -48,15 +38,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -68,6 +55,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -135,21 +139,9 @@ public Builder condition(SecretIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -163,17 +155,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -187,6 +176,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamPolicy.java index 53a714c64d..1304516848 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_secret\_manager\_secret\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.secretmanager.SecretIamPolicy; + * import com.pulumi.gcp.secretmanager.SecretIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/secretmanager.secretAccessor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new SecretIamPolicy("policy", SecretIamPolicyArgs.builder() + * .project(secret_basic.project()) + * .secretId(secret_basic.secretId()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_secret\_manager\_secret\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.secretmanager.SecretIamBinding; + * import com.pulumi.gcp.secretmanager.SecretIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new SecretIamBinding("binding", SecretIamBindingArgs.builder() + * .project(secret_basic.project()) + * .secretId(secret_basic.secretId()) + * .role("roles/secretmanager.secretAccessor") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_secret\_manager\_secret\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.secretmanager.SecretIamMember; + * import com.pulumi.gcp.secretmanager.SecretIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new SecretIamMember("member", SecretIamMemberArgs.builder() + * .project(secret_basic.project()) + * .secretId(secret_basic.secretId()) + * .role("roles/secretmanager.secretAccessor") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -217,18 +333,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -237,18 +341,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamPolicyArgs.java index e290c80dd1..878f64e7ba 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/SecretIamPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -134,18 +110,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -158,18 +122,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/inputs/SecretIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/inputs/SecretIamBindingState.java index f686d94138..036b3699ed 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/inputs/SecretIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/inputs/SecretIamBindingState.java @@ -39,19 +39,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -172,25 +176,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -204,17 +213,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,6 +233,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/inputs/SecretIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/inputs/SecretIamMemberState.java index f4a52e4036..71a4fa6347 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/inputs/SecretIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/inputs/SecretIamMemberState.java @@ -38,19 +38,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -62,15 +52,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -82,6 +69,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -171,21 +175,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,17 +191,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -223,6 +212,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/inputs/SecretIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/inputs/SecretIamPolicyState.java index 28a334c5e5..22069c9811 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/inputs/SecretIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/secretmanager/inputs/SecretIamPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -170,18 +146,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -194,18 +158,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMBinding.java index 1e01bb83ff..719fb6b0e8 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMBinding.java @@ -273,6 +273,249 @@ * ``` * <!--End PulumiCodeChooser --> * + * ### Additional Examples + * + * ### Service Account IAM Policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMPolicy; + * import com.pulumi.gcp.serviceaccount.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iam.serviceAccountUser") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that only Jane can interact with") + * .build()); + * + * var admin_account_iam = new IAMPolicy("admin-account-iam", IAMPolicyArgs.builder() + * .serviceAccountId(sa.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ### Service Account IAM Binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMBinding; + * import com.pulumi.gcp.serviceaccount.IAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that only Jane can use") + * .build()); + * + * var admin_account_iam = new IAMBinding("admin-account-iam", IAMBindingArgs.builder() + * .serviceAccountId(sa.name()) + * .role("roles/iam.serviceAccountUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ### Service Account IAM Binding With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMBinding; + * import com.pulumi.gcp.serviceaccount.IAMBindingArgs; + * import com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that only Jane can use") + * .build()); + * + * var admin_account_iam = new IAMBinding("admin-account-iam", IAMBindingArgs.builder() + * .serviceAccountId(sa.name()) + * .role("roles/iam.serviceAccountUser") + * .members("user:jane@example.com") + * .condition(IAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ### Service Account IAM Member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ComputeFunctions; + * import com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMMember; + * import com.pulumi.gcp.serviceaccount.IAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var default = ComputeFunctions.getDefaultServiceAccount(); + * + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that Jane can use") + * .build()); + * + * var admin_account_iam = new IAMMember("admin-account-iam", IAMMemberArgs.builder() + * .serviceAccountId(sa.name()) + * .role("roles/iam.serviceAccountUser") + * .member("user:jane@example.com") + * .build()); + * + * // Allow SA service account use the default GCE account + * var gce_default_account_iam = new IAMMember("gce-default-account-iam", IAMMemberArgs.builder() + * .serviceAccountId(default_.name()) + * .role("roles/iam.serviceAccountUser") + * .member(sa.email().applyValue(email -> String.format("serviceAccount:%s", email))) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ### Service Account IAM Member With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMMember; + * import com.pulumi.gcp.serviceaccount.IAMMemberArgs; + * import com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that Jane can use") + * .build()); + * + * var admin_account_iam = new IAMMember("admin-account-iam", IAMMemberArgs.builder() + * .serviceAccountId(sa.name()) + * .role("roles/iam.serviceAccountUser") + * .member("user:jane@example.com") + * .condition(IAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing with conditions: @@ -320,9 +563,31 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -347,15 +612,6 @@ public Output role() { /** * The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="serviceAccountId", refs={String.class}, tree="[0]") private Output serviceAccountId; @@ -363,15 +619,6 @@ public Output role() { /** * @return The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output serviceAccountId() { return this.serviceAccountId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMBindingArgs.java index ac86fa06f7..564dc64423 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMBindingArgs.java @@ -35,9 +35,31 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -64,15 +86,6 @@ public Output role() { /** * The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="serviceAccountId", required=true) private Output serviceAccountId; @@ -80,15 +93,6 @@ public Output role() { /** * @return The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output serviceAccountId() { return this.serviceAccountId; @@ -144,15 +148,54 @@ public Builder condition(IAMBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -185,15 +228,6 @@ public Builder role(String role) { /** * @param serviceAccountId The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -205,15 +239,6 @@ public Builder serviceAccountId(Output serviceAccountId) { /** * @param serviceAccountId The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMMember.java index f25148cc9f..ef9bbe9fc2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMMember.java @@ -273,6 +273,249 @@ * ``` * <!--End PulumiCodeChooser --> * + * ### Additional Examples + * + * ### Service Account IAM Policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMPolicy; + * import com.pulumi.gcp.serviceaccount.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iam.serviceAccountUser") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that only Jane can interact with") + * .build()); + * + * var admin_account_iam = new IAMPolicy("admin-account-iam", IAMPolicyArgs.builder() + * .serviceAccountId(sa.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ### Service Account IAM Binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMBinding; + * import com.pulumi.gcp.serviceaccount.IAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that only Jane can use") + * .build()); + * + * var admin_account_iam = new IAMBinding("admin-account-iam", IAMBindingArgs.builder() + * .serviceAccountId(sa.name()) + * .role("roles/iam.serviceAccountUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ### Service Account IAM Binding With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMBinding; + * import com.pulumi.gcp.serviceaccount.IAMBindingArgs; + * import com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that only Jane can use") + * .build()); + * + * var admin_account_iam = new IAMBinding("admin-account-iam", IAMBindingArgs.builder() + * .serviceAccountId(sa.name()) + * .role("roles/iam.serviceAccountUser") + * .members("user:jane@example.com") + * .condition(IAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ### Service Account IAM Member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ComputeFunctions; + * import com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMMember; + * import com.pulumi.gcp.serviceaccount.IAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var default = ComputeFunctions.getDefaultServiceAccount(); + * + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that Jane can use") + * .build()); + * + * var admin_account_iam = new IAMMember("admin-account-iam", IAMMemberArgs.builder() + * .serviceAccountId(sa.name()) + * .role("roles/iam.serviceAccountUser") + * .member("user:jane@example.com") + * .build()); + * + * // Allow SA service account use the default GCE account + * var gce_default_account_iam = new IAMMember("gce-default-account-iam", IAMMemberArgs.builder() + * .serviceAccountId(default_.name()) + * .role("roles/iam.serviceAccountUser") + * .member(sa.email().applyValue(email -> String.format("serviceAccount:%s", email))) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ### Service Account IAM Member With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMMember; + * import com.pulumi.gcp.serviceaccount.IAMMemberArgs; + * import com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that Jane can use") + * .build()); + * + * var admin_account_iam = new IAMMember("admin-account-iam", IAMMemberArgs.builder() + * .serviceAccountId(sa.name()) + * .role("roles/iam.serviceAccountUser") + * .member("user:jane@example.com") + * .condition(IAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing with conditions: @@ -320,9 +563,31 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -347,15 +612,6 @@ public Output role() { /** * The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="serviceAccountId", refs={String.class}, tree="[0]") private Output serviceAccountId; @@ -363,15 +619,6 @@ public Output role() { /** * @return The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output serviceAccountId() { return this.serviceAccountId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMMemberArgs.java index 5b2555d1df..a8ac4c2c26 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMMemberArgs.java @@ -34,9 +34,31 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -63,15 +85,6 @@ public Output role() { /** * The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="serviceAccountId", required=true) private Output serviceAccountId; @@ -79,15 +92,6 @@ public Output role() { /** * @return The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output serviceAccountId() { return this.serviceAccountId; @@ -143,11 +147,37 @@ public Builder condition(IAMMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -180,15 +210,6 @@ public Builder role(String role) { /** * @param serviceAccountId The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -200,15 +221,6 @@ public Builder serviceAccountId(Output serviceAccountId) { /** * @param serviceAccountId The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMPolicy.java index 86441f1dca..29dd58af62 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMPolicy.java @@ -271,6 +271,249 @@ * ``` * <!--End PulumiCodeChooser --> * + * ### Additional Examples + * + * ### Service Account IAM Policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMPolicy; + * import com.pulumi.gcp.serviceaccount.IAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/iam.serviceAccountUser") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that only Jane can interact with") + * .build()); + * + * var admin_account_iam = new IAMPolicy("admin-account-iam", IAMPolicyArgs.builder() + * .serviceAccountId(sa.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ### Service Account IAM Binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMBinding; + * import com.pulumi.gcp.serviceaccount.IAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that only Jane can use") + * .build()); + * + * var admin_account_iam = new IAMBinding("admin-account-iam", IAMBindingArgs.builder() + * .serviceAccountId(sa.name()) + * .role("roles/iam.serviceAccountUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ### Service Account IAM Binding With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMBinding; + * import com.pulumi.gcp.serviceaccount.IAMBindingArgs; + * import com.pulumi.gcp.serviceaccount.inputs.IAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that only Jane can use") + * .build()); + * + * var admin_account_iam = new IAMBinding("admin-account-iam", IAMBindingArgs.builder() + * .serviceAccountId(sa.name()) + * .role("roles/iam.serviceAccountUser") + * .members("user:jane@example.com") + * .condition(IAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ### Service Account IAM Member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.compute.ComputeFunctions; + * import com.pulumi.gcp.compute.inputs.GetDefaultServiceAccountArgs; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMMember; + * import com.pulumi.gcp.serviceaccount.IAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var default = ComputeFunctions.getDefaultServiceAccount(); + * + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that Jane can use") + * .build()); + * + * var admin_account_iam = new IAMMember("admin-account-iam", IAMMemberArgs.builder() + * .serviceAccountId(sa.name()) + * .role("roles/iam.serviceAccountUser") + * .member("user:jane@example.com") + * .build()); + * + * // Allow SA service account use the default GCE account + * var gce_default_account_iam = new IAMMember("gce-default-account-iam", IAMMemberArgs.builder() + * .serviceAccountId(default_.name()) + * .role("roles/iam.serviceAccountUser") + * .member(sa.email().applyValue(email -> String.format("serviceAccount:%s", email))) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ### Service Account IAM Member With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.serviceaccount.Account; + * import com.pulumi.gcp.serviceaccount.AccountArgs; + * import com.pulumi.gcp.serviceaccount.IAMMember; + * import com.pulumi.gcp.serviceaccount.IAMMemberArgs; + * import com.pulumi.gcp.serviceaccount.inputs.IAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var sa = new Account("sa", AccountArgs.builder() + * .accountId("my-service-account") + * .displayName("A service account that Jane can use") + * .build()); + * + * var admin_account_iam = new IAMMember("admin-account-iam", IAMMemberArgs.builder() + * .serviceAccountId(sa.name()) + * .role("roles/iam.serviceAccountUser") + * .member("user:jane@example.com") + * .condition(IAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing with conditions: @@ -321,15 +564,6 @@ public Output policyData() { /** * The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="serviceAccountId", refs={String.class}, tree="[0]") private Output serviceAccountId; @@ -337,15 +571,6 @@ public Output policyData() { /** * @return The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output serviceAccountId() { return this.serviceAccountId; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMPolicyArgs.java index c9b8df9995..00465a00e3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/IAMPolicyArgs.java @@ -34,15 +34,6 @@ public Output policyData() { /** * The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="serviceAccountId", required=true) private Output serviceAccountId; @@ -50,15 +41,6 @@ public Output policyData() { /** * @return The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output serviceAccountId() { return this.serviceAccountId; @@ -115,15 +97,6 @@ public Builder policyData(String policyData) { /** * @param serviceAccountId The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -135,15 +108,6 @@ public Builder serviceAccountId(Output serviceAccountId) { /** * @param serviceAccountId The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/inputs/IAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/inputs/IAMBindingState.java index ba28ab54f6..0a2b43e980 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/inputs/IAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/inputs/IAMBindingState.java @@ -49,9 +49,31 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -78,15 +100,6 @@ public Optional> role() { /** * The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="serviceAccountId") private @Nullable Output serviceAccountId; @@ -94,15 +107,6 @@ public Optional> role() { /** * @return The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> serviceAccountId() { return Optional.ofNullable(this.serviceAccountId); @@ -180,15 +184,54 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -221,15 +264,6 @@ public Builder role(String role) { /** * @param serviceAccountId The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -241,15 +275,6 @@ public Builder serviceAccountId(@Nullable Output serviceAccountId) { /** * @param serviceAccountId The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/inputs/IAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/inputs/IAMMemberState.java index 7c2c9d9799..349fddce87 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/inputs/IAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/inputs/IAMMemberState.java @@ -48,9 +48,31 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -77,15 +99,6 @@ public Optional> role() { /** * The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="serviceAccountId") private @Nullable Output serviceAccountId; @@ -93,15 +106,6 @@ public Optional> role() { /** * @return The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> serviceAccountId() { return Optional.ofNullable(this.serviceAccountId); @@ -179,11 +183,37 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -216,15 +246,6 @@ public Builder role(String role) { /** * @param serviceAccountId The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -236,15 +257,6 @@ public Builder serviceAccountId(@Nullable Output serviceAccountId) { /** * @param serviceAccountId The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/inputs/IAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/inputs/IAMPolicyState.java index 3bb1995aa4..f5b6905076 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/inputs/IAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/serviceaccount/inputs/IAMPolicyState.java @@ -50,15 +50,6 @@ public Optional> policyData() { /** * The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="serviceAccountId") private @Nullable Output serviceAccountId; @@ -66,15 +57,6 @@ public Optional> policyData() { /** * @return The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> serviceAccountId() { return Optional.ofNullable(this.serviceAccountId); @@ -153,15 +135,6 @@ public Builder policyData(String policyData) { /** * @param serviceAccountId The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -173,15 +146,6 @@ public Builder serviceAccountId(@Nullable Output serviceAccountId) { /** * @param serviceAccountId The fully-qualified name of the service account to apply policy to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamBinding.java index e49a7e73f7..327eb25024 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamBinding.java @@ -144,6 +144,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_service\_directory\_namespace\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.servicedirectory.NamespaceIamPolicy; + * import com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new NamespaceIamPolicy("policy", NamespaceIamPolicyArgs.builder() + * .name(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_service\_directory\_namespace\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.servicedirectory.NamespaceIamBinding; + * import com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new NamespaceIamBinding("binding", NamespaceIamBindingArgs.builder() + * .name(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_service\_directory\_namespace\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.servicedirectory.NamespaceIamMember; + * import com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new NamespaceIamMember("member", NamespaceIamMemberArgs.builder() + * .name(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -203,17 +316,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -225,14 +330,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="name", refs={String.class}, tree="[0]") - private Output name; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,6 +347,20 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Output name() { return this.name; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamBindingArgs.java index dfdc7fd833..8dcc73d870 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamBindingArgs.java @@ -25,18 +25,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -48,14 +39,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="name") - private @Nullable Output name; + @Import(name="members", required=true) + private Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -67,6 +56,21 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> name() { return Optional.ofNullable(this.name); } @@ -126,24 +130,30 @@ public Builder condition(NamespaceIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -157,16 +167,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder name(@Nullable Output name) { - $.name = name; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -180,6 +187,27 @@ public Builder name(@Nullable Output name) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder name(String name) { return name(Output.of(name)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamMember.java index e3a20919b2..10d63acb7d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamMember.java @@ -143,6 +143,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_service\_directory\_namespace\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.servicedirectory.NamespaceIamPolicy; + * import com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new NamespaceIamPolicy("policy", NamespaceIamPolicyArgs.builder() + * .name(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_service\_directory\_namespace\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.servicedirectory.NamespaceIamBinding; + * import com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new NamespaceIamBinding("binding", NamespaceIamBindingArgs.builder() + * .name(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_service\_directory\_namespace\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.servicedirectory.NamespaceIamMember; + * import com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new NamespaceIamMember("member", NamespaceIamMemberArgs.builder() + * .name(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -202,17 +315,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -224,14 +329,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="name", refs={String.class}, tree="[0]") - private Output name; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -243,6 +346,20 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Output name() { return this.name; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamMemberArgs.java index 50db42609c..37a2699469 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamMemberArgs.java @@ -24,18 +24,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -47,14 +38,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="name") - private @Nullable Output name; + @Import(name="member", required=true) + private Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -66,6 +55,21 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> name() { return Optional.ofNullable(this.name); } @@ -125,20 +129,9 @@ public Builder condition(NamespaceIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -152,16 +145,14 @@ public Builder member(String member) { * @return builder * */ - public Builder name(@Nullable Output name) { - $.name = name; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -175,6 +166,27 @@ public Builder name(@Nullable Output name) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder name(String name) { return name(Output.of(name)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamPolicy.java index 36f8e0b9a8..cd69928fd4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamPolicy.java @@ -141,6 +141,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_service\_directory\_namespace\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.servicedirectory.NamespaceIamPolicy; + * import com.pulumi.gcp.servicedirectory.NamespaceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new NamespaceIamPolicy("policy", NamespaceIamPolicyArgs.builder() + * .name(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_service\_directory\_namespace\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.servicedirectory.NamespaceIamBinding; + * import com.pulumi.gcp.servicedirectory.NamespaceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new NamespaceIamBinding("binding", NamespaceIamBindingArgs.builder() + * .name(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_service\_directory\_namespace\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.servicedirectory.NamespaceIamMember; + * import com.pulumi.gcp.servicedirectory.NamespaceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new NamespaceIamMember("member", NamespaceIamMemberArgs.builder() + * .name(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -197,18 +310,6 @@ public Output etag() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; @@ -216,18 +317,6 @@ public Output etag() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output name() { return this.name; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamPolicyArgs.java index 2833925a01..ebf6e5a034 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/NamespaceIamPolicyArgs.java @@ -19,18 +19,6 @@ public final class NamespaceIamPolicyArgs extends com.pulumi.resources.ResourceA /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="name") private @Nullable Output name; @@ -38,18 +26,6 @@ public final class NamespaceIamPolicyArgs extends com.pulumi.resources.ResourceA /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> name() { return Optional.ofNullable(this.name); @@ -100,18 +76,6 @@ public Builder(NamespaceIamPolicyArgs defaults) { /** * @param name Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -123,18 +87,6 @@ public Builder name(@Nullable Output name) { /** * @param name Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamBinding.java index e937cb358d..144b0e8c2d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamBinding.java @@ -144,6 +144,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_service\_directory\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.servicedirectory.ServiceIamPolicy; + * import com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ServiceIamPolicy("policy", ServiceIamPolicyArgs.builder() + * .name(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_service\_directory\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.servicedirectory.ServiceIamBinding; + * import com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ServiceIamBinding("binding", ServiceIamBindingArgs.builder() + * .name(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_service\_directory\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.servicedirectory.ServiceIamMember; + * import com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ServiceIamMember("member", ServiceIamMemberArgs.builder() + * .name(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -203,17 +316,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -225,14 +330,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="name", refs={String.class}, tree="[0]") - private Output name; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,6 +347,20 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Output name() { return this.name; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamBindingArgs.java index e1b1af7d7d..52b9abe66f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamBindingArgs.java @@ -25,18 +25,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -48,14 +39,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="name") - private @Nullable Output name; + @Import(name="members", required=true) + private Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -67,6 +56,21 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> name() { return Optional.ofNullable(this.name); } @@ -126,24 +130,30 @@ public Builder condition(ServiceIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -157,16 +167,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder name(@Nullable Output name) { - $.name = name; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -180,6 +187,27 @@ public Builder name(@Nullable Output name) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder name(String name) { return name(Output.of(name)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamMember.java index 84e90b34ef..42f0db90cd 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamMember.java @@ -143,6 +143,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_service\_directory\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.servicedirectory.ServiceIamPolicy; + * import com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ServiceIamPolicy("policy", ServiceIamPolicyArgs.builder() + * .name(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_service\_directory\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.servicedirectory.ServiceIamBinding; + * import com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ServiceIamBinding("binding", ServiceIamBindingArgs.builder() + * .name(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_service\_directory\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.servicedirectory.ServiceIamMember; + * import com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ServiceIamMember("member", ServiceIamMemberArgs.builder() + * .name(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -202,17 +315,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -224,14 +329,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="name", refs={String.class}, tree="[0]") - private Output name; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -243,6 +346,20 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Export(name="name", refs={String.class}, tree="[0]") + private Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Output name() { return this.name; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamMemberArgs.java index 90192f3feb..28b0edf1f9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamMemberArgs.java @@ -24,18 +24,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -47,14 +38,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="name") - private @Nullable Output name; + @Import(name="member", required=true) + private Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -66,6 +55,21 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> name() { return Optional.ofNullable(this.name); } @@ -125,20 +129,9 @@ public Builder condition(ServiceIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -152,16 +145,14 @@ public Builder member(String member) { * @return builder * */ - public Builder name(@Nullable Output name) { - $.name = name; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -175,6 +166,27 @@ public Builder name(@Nullable Output name) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder name(String name) { return name(Output.of(name)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamPolicy.java index 9a47cf55bf..cd1a4b4192 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamPolicy.java @@ -141,6 +141,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_service\_directory\_service\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.servicedirectory.ServiceIamPolicy; + * import com.pulumi.gcp.servicedirectory.ServiceIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new ServiceIamPolicy("policy", ServiceIamPolicyArgs.builder() + * .name(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_service\_directory\_service\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.servicedirectory.ServiceIamBinding; + * import com.pulumi.gcp.servicedirectory.ServiceIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new ServiceIamBinding("binding", ServiceIamBindingArgs.builder() + * .name(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_service\_directory\_service\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.servicedirectory.ServiceIamMember; + * import com.pulumi.gcp.servicedirectory.ServiceIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new ServiceIamMember("member", ServiceIamMemberArgs.builder() + * .name(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -197,18 +310,6 @@ public Output etag() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="name", refs={String.class}, tree="[0]") private Output name; @@ -216,18 +317,6 @@ public Output etag() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output name() { return this.name; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamPolicyArgs.java index ca325ab2fc..394ccfd409 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/ServiceIamPolicyArgs.java @@ -19,18 +19,6 @@ public final class ServiceIamPolicyArgs extends com.pulumi.resources.ResourceArg /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="name") private @Nullable Output name; @@ -38,18 +26,6 @@ public final class ServiceIamPolicyArgs extends com.pulumi.resources.ResourceArg /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> name() { return Optional.ofNullable(this.name); @@ -100,18 +76,6 @@ public Builder(ServiceIamPolicyArgs defaults) { /** * @param name Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -123,18 +87,6 @@ public Builder name(@Nullable Output name) { /** * @param name Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/NamespaceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/NamespaceIamBindingState.java index 81dc9a5169..0318f06731 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/NamespaceIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/NamespaceIamBindingState.java @@ -39,18 +39,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -62,14 +53,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="name") - private @Nullable Output name; + @Import(name="members") + private @Nullable Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -81,6 +70,21 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> name() { return Optional.ofNullable(this.name); } @@ -162,24 +166,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -193,16 +203,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder name(@Nullable Output name) { - $.name = name; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,6 +223,27 @@ public Builder name(@Nullable Output name) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder name(String name) { return name(Output.of(name)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/NamespaceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/NamespaceIamMemberState.java index 0f8c2e3bf8..1c781f2a15 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/NamespaceIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/NamespaceIamMemberState.java @@ -38,18 +38,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -61,14 +52,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="name") - private @Nullable Output name; + @Import(name="member") + private @Nullable Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -80,6 +69,21 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> name() { return Optional.ofNullable(this.name); } @@ -161,20 +165,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -188,16 +181,14 @@ public Builder member(String member) { * @return builder * */ - public Builder name(@Nullable Output name) { - $.name = name; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -211,6 +202,27 @@ public Builder name(@Nullable Output name) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder name(String name) { return name(Output.of(name)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/NamespaceIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/NamespaceIamPolicyState.java index afc807bf15..0d6f0a9a96 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/NamespaceIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/NamespaceIamPolicyState.java @@ -33,18 +33,6 @@ public Optional> etag() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="name") private @Nullable Output name; @@ -52,18 +40,6 @@ public Optional> etag() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> name() { return Optional.ofNullable(this.name); @@ -136,18 +112,6 @@ public Builder etag(String etag) { /** * @param name Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -159,18 +123,6 @@ public Builder name(@Nullable Output name) { /** * @param name Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/ServiceIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/ServiceIamBindingState.java index a84e655446..a905c33a74 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/ServiceIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/ServiceIamBindingState.java @@ -39,18 +39,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -62,14 +53,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="name") - private @Nullable Output name; + @Import(name="members") + private @Nullable Output> members; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -81,6 +70,21 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> name() { return Optional.ofNullable(this.name); } @@ -162,24 +166,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -193,16 +203,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder name(@Nullable Output name) { - $.name = name; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,6 +223,27 @@ public Builder name(@Nullable Output name) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder name(String name) { return name(Output.of(name)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/ServiceIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/ServiceIamMemberState.java index 29668ad5c6..ba33d13580 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/ServiceIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/ServiceIamMemberState.java @@ -38,18 +38,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -61,14 +52,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="name") - private @Nullable Output name; + @Import(name="member") + private @Nullable Output member; /** - * @return Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -80,6 +69,21 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * Used to find the parent resource to bind the IAM policy to + * + */ + @Import(name="name") + private @Nullable Output name; + + /** + * @return Used to find the parent resource to bind the IAM policy to + * + */ public Optional> name() { return Optional.ofNullable(this.name); } @@ -161,20 +165,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -188,16 +181,14 @@ public Builder member(String member) { * @return builder * */ - public Builder name(@Nullable Output name) { - $.name = name; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param name Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -211,6 +202,27 @@ public Builder name(@Nullable Output name) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder name(@Nullable Output name) { + $.name = name; + return this; + } + + /** + * @param name Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ public Builder name(String name) { return name(Output.of(name)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/ServiceIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/ServiceIamPolicyState.java index 170681cb06..4ab2ad7c72 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/ServiceIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/servicedirectory/inputs/ServiceIamPolicyState.java @@ -33,18 +33,6 @@ public Optional> etag() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="name") private @Nullable Output name; @@ -52,18 +40,6 @@ public Optional> etag() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> name() { return Optional.ofNullable(this.name); @@ -136,18 +112,6 @@ public Builder etag(String etag) { /** * @param name Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -159,18 +123,6 @@ public Builder name(@Nullable Output name) { /** * @param name Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamBinding.java index 8a126fa222..22624a33a9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamBinding.java @@ -147,6 +147,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_pubsub\_topic\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.pubsub.TopicIAMPolicy; + * import com.pulumi.gcp.pubsub.TopicIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TopicIAMPolicy("policy", TopicIAMPolicyArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_topic\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.TopicIAMBinding; + * import com.pulumi.gcp.pubsub.TopicIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TopicIAMBinding("binding", TopicIAMBindingArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_topic\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.TopicIAMMember; + * import com.pulumi.gcp.pubsub.TopicIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TopicIAMMember("member", TopicIAMMemberArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -206,18 +322,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -229,15 +336,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,6 +353,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamBindingArgs.java index 58c6efda3d..0ef92e5d2f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamBindingArgs.java @@ -25,19 +25,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -49,15 +39,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -69,6 +56,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -136,25 +140,30 @@ public Builder condition(RepositoryIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -168,17 +177,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -192,6 +197,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamMember.java index 57e7e2de73..333ffb6767 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamMember.java @@ -146,6 +146,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_pubsub\_topic\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.pubsub.TopicIAMPolicy; + * import com.pulumi.gcp.pubsub.TopicIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TopicIAMPolicy("policy", TopicIAMPolicyArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_topic\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.TopicIAMBinding; + * import com.pulumi.gcp.pubsub.TopicIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TopicIAMBinding("binding", TopicIAMBindingArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_topic\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.TopicIAMMember; + * import com.pulumi.gcp.pubsub.TopicIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TopicIAMMember("member", TopicIAMMemberArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -205,18 +321,9 @@ public Output> condition() { public Output etag() { return this.etag; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,15 +335,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,6 +352,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamMemberArgs.java index 02211d7b5d..2d386fcd2f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamMemberArgs.java @@ -24,19 +24,9 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -48,15 +38,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -68,6 +55,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -135,21 +139,9 @@ public Builder condition(RepositoryIamMemberConditionArgs condition) { return condition(Output.of(condition)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -163,17 +155,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -187,6 +176,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamPolicy.java index 4a04f11806..998f54c7b6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamPolicy.java @@ -144,6 +144,122 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_pubsub\_topic\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.pubsub.TopicIAMPolicy; + * import com.pulumi.gcp.pubsub.TopicIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TopicIAMPolicy("policy", TopicIAMPolicyArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_topic\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.TopicIAMBinding; + * import com.pulumi.gcp.pubsub.TopicIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TopicIAMBinding("binding", TopicIAMBindingArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_pubsub\_topic\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.pubsub.TopicIAMMember; + * import com.pulumi.gcp.pubsub.TopicIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TopicIAMMember("member", TopicIAMMemberArgs.builder() + * .project(example.project()) + * .topic(example.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -217,18 +333,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -237,18 +341,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamPolicyArgs.java index 0f91a2ad74..a1adf71673 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/RepositoryIamPolicyArgs.java @@ -37,18 +37,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -57,18 +45,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -134,18 +110,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -158,18 +122,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/inputs/RepositoryIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/inputs/RepositoryIamBindingState.java index 046f84969f..fa403b7786 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/inputs/RepositoryIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/inputs/RepositoryIamBindingState.java @@ -39,19 +39,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -172,25 +176,30 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -204,17 +213,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -228,6 +233,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/inputs/RepositoryIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/inputs/RepositoryIamMemberState.java index 18f8cc4c90..1b456b0051 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/inputs/RepositoryIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/inputs/RepositoryIamMemberState.java @@ -38,19 +38,9 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -62,15 +52,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -82,6 +69,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -171,21 +175,9 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -199,17 +191,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -223,6 +212,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/inputs/RepositoryIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/inputs/RepositoryIamPolicyState.java index 59d6533bb7..43e638ed41 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/inputs/RepositoryIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/sourcerepo/inputs/RepositoryIamPolicyState.java @@ -51,18 +51,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -71,18 +59,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -170,18 +146,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -194,18 +158,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMBinding.java index 07bb0b46dd..1d32b01e1e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMBinding.java @@ -279,6 +279,255 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_spanner\_database\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.spanner.DatabaseIAMPolicy; + * import com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var database = new DatabaseIAMPolicy("database", DatabaseIAMPolicyArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.spanner.DatabaseIAMPolicy; + * import com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("My Role") + * .description("Grant permissions on my_role") + * .expression("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))") + * .build()) + * .build()) + * .build()); + * + * var database = new DatabaseIAMPolicy("database", DatabaseIAMPolicyArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_spanner\_database\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.DatabaseIAMBinding; + * import com.pulumi.gcp.spanner.DatabaseIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var database = new DatabaseIAMBinding("database", DatabaseIAMBindingArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.DatabaseIAMBinding; + * import com.pulumi.gcp.spanner.DatabaseIAMBindingArgs; + * import com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var database = new DatabaseIAMBinding("database", DatabaseIAMBindingArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .condition(DatabaseIAMBindingConditionArgs.builder() + * .title("My Role") + * .description("Grant permissions on my_role") + * .expression("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_spanner\_database\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.DatabaseIAMMember; + * import com.pulumi.gcp.spanner.DatabaseIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var database = new DatabaseIAMMember("database", DatabaseIAMMemberArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .role("roles/compute.networkUser") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.DatabaseIAMMember; + * import com.pulumi.gcp.spanner.DatabaseIAMMemberArgs; + * import com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var database = new DatabaseIAMMember("database", DatabaseIAMMemberArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .role("roles/compute.networkUser") + * .member("user:jane@example.com") + * .condition(DatabaseIAMMemberConditionArgs.builder() + * .title("My Role") + * .description("Grant permissions on my_role") + * .expression("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -355,15 +604,6 @@ public Output etag() { /** * The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="instance", refs={String.class}, tree="[0]") private Output instance; @@ -371,8 +611,13 @@ public Output etag() { /** * @return The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output instance() { + return this.instance; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -381,12 +626,20 @@ public Output etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output instance() { - return this.instance; - } @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMBindingArgs.java index 92ec52e766..2f6e39d921 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMBindingArgs.java @@ -53,15 +53,6 @@ public Output database() { /** * The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance", required=true) private Output instance; @@ -69,8 +60,14 @@ public Output database() { /** * @return The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output instance() { + return this.instance; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,13 +76,20 @@ public Output database() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output instance() { - return this.instance; - } - @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -202,15 +206,6 @@ public Builder database(String database) { /** * @param instance The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -222,8 +217,16 @@ public Builder instance(Output instance) { /** * @param instance The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder instance(String instance) { + return instance(Output.of(instance)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -234,19 +237,41 @@ public Builder instance(Output instance) { * @return builder * */ - public Builder instance(String instance) { - return instance(Output.of(instance)); - } - public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMMember.java index 3d349136f4..f6d42861c0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMMember.java @@ -278,6 +278,255 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_spanner\_database\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.spanner.DatabaseIAMPolicy; + * import com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var database = new DatabaseIAMPolicy("database", DatabaseIAMPolicyArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.spanner.DatabaseIAMPolicy; + * import com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("My Role") + * .description("Grant permissions on my_role") + * .expression("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))") + * .build()) + * .build()) + * .build()); + * + * var database = new DatabaseIAMPolicy("database", DatabaseIAMPolicyArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_spanner\_database\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.DatabaseIAMBinding; + * import com.pulumi.gcp.spanner.DatabaseIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var database = new DatabaseIAMBinding("database", DatabaseIAMBindingArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.DatabaseIAMBinding; + * import com.pulumi.gcp.spanner.DatabaseIAMBindingArgs; + * import com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var database = new DatabaseIAMBinding("database", DatabaseIAMBindingArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .condition(DatabaseIAMBindingConditionArgs.builder() + * .title("My Role") + * .description("Grant permissions on my_role") + * .expression("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_spanner\_database\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.DatabaseIAMMember; + * import com.pulumi.gcp.spanner.DatabaseIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var database = new DatabaseIAMMember("database", DatabaseIAMMemberArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .role("roles/compute.networkUser") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.DatabaseIAMMember; + * import com.pulumi.gcp.spanner.DatabaseIAMMemberArgs; + * import com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var database = new DatabaseIAMMember("database", DatabaseIAMMemberArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .role("roles/compute.networkUser") + * .member("user:jane@example.com") + * .condition(DatabaseIAMMemberConditionArgs.builder() + * .title("My Role") + * .description("Grant permissions on my_role") + * .expression("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -354,15 +603,6 @@ public Output etag() { /** * The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="instance", refs={String.class}, tree="[0]") private Output instance; @@ -370,8 +610,13 @@ public Output etag() { /** * @return The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output instance() { + return this.instance; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -380,12 +625,20 @@ public Output etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output instance() { - return this.instance; - } @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMMemberArgs.java index e76cb43eb8..6fab790355 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMMemberArgs.java @@ -52,15 +52,6 @@ public Output database() { /** * The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance", required=true) private Output instance; @@ -68,8 +59,14 @@ public Output database() { /** * @return The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output instance() { + return this.instance; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,13 +75,20 @@ public Output database() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output instance() { - return this.instance; - } - @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -201,15 +205,6 @@ public Builder database(String database) { /** * @param instance The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -221,8 +216,16 @@ public Builder instance(Output instance) { /** * @param instance The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder instance(String instance) { + return instance(Output.of(instance)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -233,15 +236,24 @@ public Builder instance(Output instance) { * @return builder * */ - public Builder instance(String instance) { - return instance(Output.of(instance)); - } - public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMPolicy.java index 44e5b75eb9..b21de7f77a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMPolicy.java @@ -276,6 +276,255 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_spanner\_database\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.spanner.DatabaseIAMPolicy; + * import com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var database = new DatabaseIAMPolicy("database", DatabaseIAMPolicyArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.spanner.DatabaseIAMPolicy; + * import com.pulumi.gcp.spanner.DatabaseIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("My Role") + * .description("Grant permissions on my_role") + * .expression("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))") + * .build()) + * .build()) + * .build()); + * + * var database = new DatabaseIAMPolicy("database", DatabaseIAMPolicyArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_spanner\_database\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.DatabaseIAMBinding; + * import com.pulumi.gcp.spanner.DatabaseIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var database = new DatabaseIAMBinding("database", DatabaseIAMBindingArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.DatabaseIAMBinding; + * import com.pulumi.gcp.spanner.DatabaseIAMBindingArgs; + * import com.pulumi.gcp.spanner.inputs.DatabaseIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var database = new DatabaseIAMBinding("database", DatabaseIAMBindingArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .role("roles/compute.networkUser") + * .members("user:jane@example.com") + * .condition(DatabaseIAMBindingConditionArgs.builder() + * .title("My Role") + * .description("Grant permissions on my_role") + * .expression("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_spanner\_database\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.DatabaseIAMMember; + * import com.pulumi.gcp.spanner.DatabaseIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var database = new DatabaseIAMMember("database", DatabaseIAMMemberArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .role("roles/compute.networkUser") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.DatabaseIAMMember; + * import com.pulumi.gcp.spanner.DatabaseIAMMemberArgs; + * import com.pulumi.gcp.spanner.inputs.DatabaseIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var database = new DatabaseIAMMember("database", DatabaseIAMMemberArgs.builder() + * .instance("your-instance-name") + * .database("your-database-name") + * .role("roles/compute.networkUser") + * .member("user:jane@example.com") + * .condition(DatabaseIAMMemberConditionArgs.builder() + * .title("My Role") + * .description("Grant permissions on my_role") + * .expression("(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -336,15 +585,6 @@ public Output etag() { /** * The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="instance", refs={String.class}, tree="[0]") private Output instance; @@ -352,15 +592,6 @@ public Output etag() { /** * @return The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output instance() { return this.instance; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMPolicyArgs.java index 2b8d86bc51..3768a79d42 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/DatabaseIAMPolicyArgs.java @@ -34,15 +34,6 @@ public Output database() { /** * The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance", required=true) private Output instance; @@ -50,15 +41,6 @@ public Output database() { /** * @return The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output instance() { return this.instance; @@ -149,15 +131,6 @@ public Builder database(String database) { /** * @param instance The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -169,15 +142,6 @@ public Builder instance(Output instance) { /** * @param instance The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMBinding.java index f670ac4678..1400fe041d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMBinding.java @@ -143,6 +143,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_spanner\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.spanner.InstanceIAMPolicy; + * import com.pulumi.gcp.spanner.InstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var instance = new InstanceIAMPolicy("instance", InstanceIAMPolicyArgs.builder() + * .instance("your-instance-name") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_spanner\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.InstanceIAMBinding; + * import com.pulumi.gcp.spanner.InstanceIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var instance = new InstanceIAMBinding("instance", InstanceIAMBindingArgs.builder() + * .instance("your-instance-name") + * .role("roles/spanner.databaseAdmin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_spanner\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.InstanceIAMMember; + * import com.pulumi.gcp.spanner.InstanceIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var instance = new InstanceIAMMember("instance", InstanceIAMMemberArgs.builder() + * .instance("your-instance-name") + * .role("roles/spanner.databaseAdmin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -195,15 +308,6 @@ public Output etag() { /** * The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="instance", refs={String.class}, tree="[0]") private Output instance; @@ -211,8 +315,13 @@ public Output etag() { /** * @return The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output instance() { + return this.instance; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -221,12 +330,20 @@ public Output etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output instance() { - return this.instance; - } @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMBindingArgs.java index a36192b1c8..6ece7cf188 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMBindingArgs.java @@ -28,15 +28,6 @@ public Optional> condition() { /** * The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance", required=true) private Output instance; @@ -44,8 +35,14 @@ public Optional> condition() { /** * @return The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output instance() { + return this.instance; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -54,13 +51,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output instance() { - return this.instance; - } - @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output> members() { return this.members; } @@ -141,15 +145,6 @@ public Builder condition(InstanceIAMBindingConditionArgs condition) { /** * @param instance The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -161,8 +156,16 @@ public Builder instance(Output instance) { /** * @param instance The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder instance(String instance) { + return instance(Output.of(instance)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -173,19 +176,41 @@ public Builder instance(Output instance) { * @return builder * */ - public Builder instance(String instance) { - return instance(Output.of(instance)); - } - public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMMember.java index 5a6d7aa5f9..e0cedc42ee 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMMember.java @@ -142,6 +142,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_spanner\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.spanner.InstanceIAMPolicy; + * import com.pulumi.gcp.spanner.InstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var instance = new InstanceIAMPolicy("instance", InstanceIAMPolicyArgs.builder() + * .instance("your-instance-name") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_spanner\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.InstanceIAMBinding; + * import com.pulumi.gcp.spanner.InstanceIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var instance = new InstanceIAMBinding("instance", InstanceIAMBindingArgs.builder() + * .instance("your-instance-name") + * .role("roles/spanner.databaseAdmin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_spanner\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.InstanceIAMMember; + * import com.pulumi.gcp.spanner.InstanceIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var instance = new InstanceIAMMember("instance", InstanceIAMMemberArgs.builder() + * .instance("your-instance-name") + * .role("roles/spanner.databaseAdmin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -194,15 +307,6 @@ public Output etag() { /** * The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="instance", refs={String.class}, tree="[0]") private Output instance; @@ -210,8 +314,13 @@ public Output etag() { /** * @return The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output instance() { + return this.instance; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -220,12 +329,20 @@ public Output etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output instance() { - return this.instance; - } @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMMemberArgs.java index 166b077f10..74dc741fe4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMMemberArgs.java @@ -27,15 +27,6 @@ public Optional> condition() { /** * The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance", required=true) private Output instance; @@ -43,8 +34,14 @@ public Optional> condition() { /** * @return The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Output instance() { + return this.instance; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -53,13 +50,20 @@ public Optional> condition() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Output instance() { - return this.instance; - } - @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Output member() { return this.member; } @@ -140,15 +144,6 @@ public Builder condition(InstanceIAMMemberConditionArgs condition) { /** * @param instance The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -160,8 +155,16 @@ public Builder instance(Output instance) { /** * @param instance The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder instance(String instance) { + return instance(Output.of(instance)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -172,15 +175,24 @@ public Builder instance(Output instance) { * @return builder * */ - public Builder instance(String instance) { - return instance(Output.of(instance)); - } - public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMPolicy.java index 2260518f35..1a856049c0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMPolicy.java @@ -140,6 +140,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_spanner\_instance\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.spanner.InstanceIAMPolicy; + * import com.pulumi.gcp.spanner.InstanceIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/editor") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var instance = new InstanceIAMPolicy("instance", InstanceIAMPolicyArgs.builder() + * .instance("your-instance-name") + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_spanner\_instance\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.InstanceIAMBinding; + * import com.pulumi.gcp.spanner.InstanceIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var instance = new InstanceIAMBinding("instance", InstanceIAMBindingArgs.builder() + * .instance("your-instance-name") + * .role("roles/spanner.databaseAdmin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_spanner\_instance\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.spanner.InstanceIAMMember; + * import com.pulumi.gcp.spanner.InstanceIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var instance = new InstanceIAMMember("instance", InstanceIAMMemberArgs.builder() + * .instance("your-instance-name") + * .role("roles/spanner.databaseAdmin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * ### Importing IAM policies @@ -186,15 +299,6 @@ public Output etag() { /** * The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Export(name="instance", refs={String.class}, tree="[0]") private Output instance; @@ -202,15 +306,6 @@ public Output etag() { /** * @return The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output instance() { return this.instance; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMPolicyArgs.java index d5592c6c5c..cee80d59fd 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/InstanceIAMPolicyArgs.java @@ -19,15 +19,6 @@ public final class InstanceIAMPolicyArgs extends com.pulumi.resources.ResourceAr /** * The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance", required=true) private Output instance; @@ -35,15 +26,6 @@ public final class InstanceIAMPolicyArgs extends com.pulumi.resources.ResourceAr /** * @return The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Output instance() { return this.instance; @@ -112,15 +94,6 @@ public Builder(InstanceIAMPolicyArgs defaults) { /** * @param instance The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -132,15 +105,6 @@ public Builder instance(Output instance) { /** * @param instance The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/DatabaseIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/DatabaseIAMBindingState.java index 90ceeffb43..051e7cad8f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/DatabaseIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/DatabaseIAMBindingState.java @@ -67,15 +67,6 @@ public Optional> etag() { /** * The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance") private @Nullable Output instance; @@ -83,8 +74,14 @@ public Optional> etag() { /** * @return The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Optional> instance() { + return Optional.ofNullable(this.instance); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -93,13 +90,20 @@ public Optional> etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Optional> instance() { - return Optional.ofNullable(this.instance); - } - @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -238,15 +242,6 @@ public Builder etag(String etag) { /** * @param instance The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -258,8 +253,16 @@ public Builder instance(@Nullable Output instance) { /** * @param instance The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder instance(String instance) { + return instance(Output.of(instance)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -270,19 +273,41 @@ public Builder instance(@Nullable Output instance) { * @return builder * */ - public Builder instance(String instance) { - return instance(Output.of(instance)); - } - public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/DatabaseIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/DatabaseIAMMemberState.java index 10daa2c10f..b1711d9056 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/DatabaseIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/DatabaseIAMMemberState.java @@ -66,15 +66,6 @@ public Optional> etag() { /** * The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance") private @Nullable Output instance; @@ -82,8 +73,14 @@ public Optional> etag() { /** * @return The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Optional> instance() { + return Optional.ofNullable(this.instance); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -92,13 +89,20 @@ public Optional> etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Optional> instance() { - return Optional.ofNullable(this.instance); - } - @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -237,15 +241,6 @@ public Builder etag(String etag) { /** * @param instance The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -257,8 +252,16 @@ public Builder instance(@Nullable Output instance) { /** * @param instance The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder instance(String instance) { + return instance(Output.of(instance)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -269,15 +272,24 @@ public Builder instance(@Nullable Output instance) { * @return builder * */ - public Builder instance(String instance) { - return instance(Output.of(instance)); - } - public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/DatabaseIAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/DatabaseIAMPolicyState.java index 1791eed55c..86bf274715 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/DatabaseIAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/DatabaseIAMPolicyState.java @@ -48,15 +48,6 @@ public Optional> etag() { /** * The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance") private @Nullable Output instance; @@ -64,15 +55,6 @@ public Optional> etag() { /** * @return The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> instance() { return Optional.ofNullable(this.instance); @@ -185,15 +167,6 @@ public Builder etag(String etag) { /** * @param instance The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -205,15 +178,6 @@ public Builder instance(@Nullable Output instance) { /** * @param instance The name of the Spanner instance the database belongs to. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceIAMBindingState.java index 8630e07919..9b5681d415 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceIAMBindingState.java @@ -42,15 +42,6 @@ public Optional> etag() { /** * The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance") private @Nullable Output instance; @@ -58,8 +49,14 @@ public Optional> etag() { /** * @return The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Optional> instance() { + return Optional.ofNullable(this.instance); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -68,13 +65,20 @@ public Optional> etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Optional> instance() { - return Optional.ofNullable(this.instance); - } - @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -177,15 +181,6 @@ public Builder etag(String etag) { /** * @param instance The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -197,8 +192,16 @@ public Builder instance(@Nullable Output instance) { /** * @param instance The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder instance(String instance) { + return instance(Output.of(instance)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -209,19 +212,41 @@ public Builder instance(@Nullable Output instance) { * @return builder * */ - public Builder instance(String instance) { - return instance(Output.of(instance)); - } - public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceIAMMemberState.java index ca4140beb4..85b98e3904 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceIAMMemberState.java @@ -41,15 +41,6 @@ public Optional> etag() { /** * The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance") private @Nullable Output instance; @@ -57,8 +48,14 @@ public Optional> etag() { /** * @return The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + public Optional> instance() { + return Optional.ofNullable(this.instance); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -67,13 +64,20 @@ public Optional> etag() { * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * */ - public Optional> instance() { - return Optional.ofNullable(this.instance); - } - @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -176,15 +180,6 @@ public Builder etag(String etag) { /** * @param instance The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -196,8 +191,16 @@ public Builder instance(@Nullable Output instance) { /** * @param instance The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder instance(String instance) { + return instance(Output.of(instance)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -208,15 +211,24 @@ public Builder instance(@Nullable Output instance) { * @return builder * */ - public Builder instance(String instance) { - return instance(Output.of(instance)); - } - public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceIAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceIAMPolicyState.java index 726bbd5575..6ec99b599f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceIAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/spanner/inputs/InstanceIAMPolicyState.java @@ -33,15 +33,6 @@ public Optional> etag() { /** * The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ @Import(name="instance") private @Nullable Output instance; @@ -49,15 +40,6 @@ public Optional> etag() { /** * @return The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * */ public Optional> instance() { return Optional.ofNullable(this.instance); @@ -148,15 +130,6 @@ public Builder etag(String etag) { /** * @param instance The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ @@ -168,15 +141,6 @@ public Builder instance(@Nullable Output instance) { /** * @param instance The name of the instance. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMBinding.java index 3097548376..ec5c2f1102 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMBinding.java @@ -274,6 +274,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_storage\_bucket\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.storage.BucketIAMPolicy; + * import com.pulumi.gcp.storage.BucketIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/storage.admin") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new BucketIAMPolicy("policy", BucketIAMPolicyArgs.builder() + * .bucket(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.storage.BucketIAMPolicy; + * import com.pulumi.gcp.storage.BucketIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/storage.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new BucketIAMPolicy("policy", BucketIAMPolicyArgs.builder() + * .bucket(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_storage\_bucket\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.storage.BucketIAMBinding; + * import com.pulumi.gcp.storage.BucketIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new BucketIAMBinding("binding", BucketIAMBindingArgs.builder() + * .bucket(default_.name()) + * .role("roles/storage.admin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.storage.BucketIAMBinding; + * import com.pulumi.gcp.storage.BucketIAMBindingArgs; + * import com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new BucketIAMBinding("binding", BucketIAMBindingArgs.builder() + * .bucket(default_.name()) + * .role("roles/storage.admin") + * .members("user:jane@example.com") + * .condition(BucketIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_storage\_bucket\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.storage.BucketIAMMember; + * import com.pulumi.gcp.storage.BucketIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new BucketIAMMember("member", BucketIAMMemberArgs.builder() + * .bucket(default_.name()) + * .role("roles/storage.admin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.storage.BucketIAMMember; + * import com.pulumi.gcp.storage.BucketIAMMemberArgs; + * import com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new BucketIAMMember("member", BucketIAMMemberArgs.builder() + * .bucket(default_.name()) + * .role("roles/storage.admin") + * .member("user:jane@example.com") + * .condition(BucketIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -314,18 +555,6 @@ public class BucketIAMBinding extends com.pulumi.resources.CustomResource { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="bucket", refs={String.class}, tree="[0]") private Output bucket; @@ -333,18 +562,6 @@ public class BucketIAMBinding extends com.pulumi.resources.CustomResource { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output bucket() { return this.bucket; @@ -379,9 +596,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMBindingArgs.java index 443b72113d..c93e4e4fa5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMBindingArgs.java @@ -21,18 +21,6 @@ public final class BucketIAMBindingArgs extends com.pulumi.resources.ResourceArg /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="bucket", required=true) private Output bucket; @@ -40,18 +28,6 @@ public final class BucketIAMBindingArgs extends com.pulumi.resources.ResourceArg /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output bucket() { return this.bucket; @@ -74,9 +50,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -130,18 +134,6 @@ public Builder(BucketIAMBindingArgs defaults) { /** * @param bucket Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -153,18 +145,6 @@ public Builder bucket(Output bucket) { /** * @param bucket Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -195,15 +175,63 @@ public Builder condition(BucketIAMBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMMember.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMMember.java index 9b58c9d407..180ad0c0eb 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMMember.java @@ -273,6 +273,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_storage\_bucket\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.storage.BucketIAMPolicy; + * import com.pulumi.gcp.storage.BucketIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/storage.admin") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new BucketIAMPolicy("policy", BucketIAMPolicyArgs.builder() + * .bucket(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.storage.BucketIAMPolicy; + * import com.pulumi.gcp.storage.BucketIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/storage.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new BucketIAMPolicy("policy", BucketIAMPolicyArgs.builder() + * .bucket(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_storage\_bucket\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.storage.BucketIAMBinding; + * import com.pulumi.gcp.storage.BucketIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new BucketIAMBinding("binding", BucketIAMBindingArgs.builder() + * .bucket(default_.name()) + * .role("roles/storage.admin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.storage.BucketIAMBinding; + * import com.pulumi.gcp.storage.BucketIAMBindingArgs; + * import com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new BucketIAMBinding("binding", BucketIAMBindingArgs.builder() + * .bucket(default_.name()) + * .role("roles/storage.admin") + * .members("user:jane@example.com") + * .condition(BucketIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_storage\_bucket\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.storage.BucketIAMMember; + * import com.pulumi.gcp.storage.BucketIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new BucketIAMMember("member", BucketIAMMemberArgs.builder() + * .bucket(default_.name()) + * .role("roles/storage.admin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.storage.BucketIAMMember; + * import com.pulumi.gcp.storage.BucketIAMMemberArgs; + * import com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new BucketIAMMember("member", BucketIAMMemberArgs.builder() + * .bucket(default_.name()) + * .role("roles/storage.admin") + * .member("user:jane@example.com") + * .condition(BucketIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -313,18 +554,6 @@ public class BucketIAMMember extends com.pulumi.resources.CustomResource { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="bucket", refs={String.class}, tree="[0]") private Output bucket; @@ -332,18 +561,6 @@ public class BucketIAMMember extends com.pulumi.resources.CustomResource { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output bucket() { return this.bucket; @@ -378,9 +595,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMMemberArgs.java index 590d6571a9..a4e44c681d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMMemberArgs.java @@ -20,18 +20,6 @@ public final class BucketIAMMemberArgs extends com.pulumi.resources.ResourceArgs /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="bucket", required=true) private Output bucket; @@ -39,18 +27,6 @@ public final class BucketIAMMemberArgs extends com.pulumi.resources.ResourceArgs /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output bucket() { return this.bucket; @@ -73,9 +49,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -129,18 +133,6 @@ public Builder(BucketIAMMemberArgs defaults) { /** * @param bucket Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -152,18 +144,6 @@ public Builder bucket(Output bucket) { /** * @param bucket Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -194,11 +174,43 @@ public Builder condition(BucketIAMMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMPolicy.java index 4bac2d121a..2dc7516b5e 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMPolicy.java @@ -271,6 +271,247 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_storage\_bucket\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.storage.BucketIAMPolicy; + * import com.pulumi.gcp.storage.BucketIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/storage.admin") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new BucketIAMPolicy("policy", BucketIAMPolicyArgs.builder() + * .bucket(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.storage.BucketIAMPolicy; + * import com.pulumi.gcp.storage.BucketIAMPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/storage.admin") + * .members("user:jane@example.com") + * .condition(GetIAMPolicyBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()) + * .build()); + * + * var policy = new BucketIAMPolicy("policy", BucketIAMPolicyArgs.builder() + * .bucket(default_.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_storage\_bucket\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.storage.BucketIAMBinding; + * import com.pulumi.gcp.storage.BucketIAMBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new BucketIAMBinding("binding", BucketIAMBindingArgs.builder() + * .bucket(default_.name()) + * .role("roles/storage.admin") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.storage.BucketIAMBinding; + * import com.pulumi.gcp.storage.BucketIAMBindingArgs; + * import com.pulumi.gcp.storage.inputs.BucketIAMBindingConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new BucketIAMBinding("binding", BucketIAMBindingArgs.builder() + * .bucket(default_.name()) + * .role("roles/storage.admin") + * .members("user:jane@example.com") + * .condition(BucketIAMBindingConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * ## google\_storage\_bucket\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.storage.BucketIAMMember; + * import com.pulumi.gcp.storage.BucketIAMMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new BucketIAMMember("member", BucketIAMMemberArgs.builder() + * .bucket(default_.name()) + * .role("roles/storage.admin") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * With IAM Conditions: + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.storage.BucketIAMMember; + * import com.pulumi.gcp.storage.BucketIAMMemberArgs; + * import com.pulumi.gcp.storage.inputs.BucketIAMMemberConditionArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new BucketIAMMember("member", BucketIAMMemberArgs.builder() + * .bucket(default_.name()) + * .role("roles/storage.admin") + * .member("user:jane@example.com") + * .condition(BucketIAMMemberConditionArgs.builder() + * .title("expires_after_2019_12_31") + * .description("Expiring at midnight of 2019-12-31") + * .expression("request.time < timestamp(\"2020-01-01T00:00:00Z\")") + * .build()) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -311,18 +552,6 @@ public class BucketIAMPolicy extends com.pulumi.resources.CustomResource { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="bucket", refs={String.class}, tree="[0]") private Output bucket; @@ -330,18 +559,6 @@ public class BucketIAMPolicy extends com.pulumi.resources.CustomResource { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output bucket() { return this.bucket; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMPolicyArgs.java index 72492dd175..3b3727e256 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/BucketIAMPolicyArgs.java @@ -17,18 +17,6 @@ public final class BucketIAMPolicyArgs extends com.pulumi.resources.ResourceArgs /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="bucket", required=true) private Output bucket; @@ -36,18 +24,6 @@ public final class BucketIAMPolicyArgs extends com.pulumi.resources.ResourceArgs /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output bucket() { return this.bucket; @@ -98,18 +74,6 @@ public Builder(BucketIAMPolicyArgs defaults) { /** * @param bucket Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -121,18 +85,6 @@ public Builder bucket(Output bucket) { /** * @param bucket Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketIAMBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketIAMBindingState.java index 385d661fc6..2dacf36aa1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketIAMBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketIAMBindingState.java @@ -20,18 +20,6 @@ public final class BucketIAMBindingState extends com.pulumi.resources.ResourceAr /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="bucket") private @Nullable Output bucket; @@ -39,18 +27,6 @@ public final class BucketIAMBindingState extends com.pulumi.resources.ResourceAr /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> bucket() { return Optional.ofNullable(this.bucket); @@ -88,9 +64,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -145,18 +149,6 @@ public Builder(BucketIAMBindingState defaults) { /** * @param bucket Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -168,18 +160,6 @@ public Builder bucket(@Nullable Output bucket) { /** * @param bucket Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -231,15 +211,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketIAMMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketIAMMemberState.java index 3e627c12c4..d5afc9f814 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketIAMMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketIAMMemberState.java @@ -19,18 +19,6 @@ public final class BucketIAMMemberState extends com.pulumi.resources.ResourceArg /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="bucket") private @Nullable Output bucket; @@ -38,18 +26,6 @@ public final class BucketIAMMemberState extends com.pulumi.resources.ResourceArg /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> bucket() { return Optional.ofNullable(this.bucket); @@ -87,9 +63,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -144,18 +148,6 @@ public Builder(BucketIAMMemberState defaults) { /** * @param bucket Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -167,18 +159,6 @@ public Builder bucket(@Nullable Output bucket) { /** * @param bucket Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -230,11 +210,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketIAMPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketIAMPolicyState.java index f5728845d0..fbb5a357cc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketIAMPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/storage/inputs/BucketIAMPolicyState.java @@ -18,18 +18,6 @@ public final class BucketIAMPolicyState extends com.pulumi.resources.ResourceArg /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="bucket") private @Nullable Output bucket; @@ -37,18 +25,6 @@ public final class BucketIAMPolicyState extends com.pulumi.resources.ResourceArg /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> bucket() { return Optional.ofNullable(this.bucket); @@ -115,18 +91,6 @@ public Builder(BucketIAMPolicyState defaults) { /** * @param bucket Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -138,18 +102,6 @@ public Builder bucket(@Nullable Output bucket) { /** * @param bucket Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamBinding.java index dbb08eddf5..4ef4ff42a2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamBinding.java @@ -144,6 +144,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_tags\_tag\_key\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.tags.TagKeyIamPolicy; + * import com.pulumi.gcp.tags.TagKeyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TagKeyIamPolicy("policy", TagKeyIamPolicyArgs.builder() + * .tagKey(key.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_tags\_tag\_key\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.tags.TagKeyIamBinding; + * import com.pulumi.gcp.tags.TagKeyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TagKeyIamBinding("binding", TagKeyIamBindingArgs.builder() + * .tagKey(key.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_tags\_tag\_key\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.tags.TagKeyIamMember; + * import com.pulumi.gcp.tags.TagKeyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TagKeyIamMember("member", TagKeyIamMemberArgs.builder() + * .tagKey(key.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -201,9 +314,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -228,18 +369,6 @@ public Output role() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="tagKey", refs={String.class}, tree="[0]") private Output tagKey; @@ -247,18 +376,6 @@ public Output role() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output tagKey() { return this.tagKey; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamBindingArgs.java index e619aedcb9..185ca1cb7a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamBindingArgs.java @@ -25,9 +25,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -54,18 +82,6 @@ public Output role() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="tagKey", required=true) private Output tagKey; @@ -73,18 +89,6 @@ public Output role() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output tagKey() { return this.tagKey; @@ -126,15 +130,63 @@ public Builder condition(TagKeyIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -167,18 +219,6 @@ public Builder role(String role) { /** * @param tagKey Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -190,18 +230,6 @@ public Builder tagKey(Output tagKey) { /** * @param tagKey Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamMember.java index d34979d69f..6aa641346a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamMember.java @@ -143,6 +143,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_tags\_tag\_key\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.tags.TagKeyIamPolicy; + * import com.pulumi.gcp.tags.TagKeyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TagKeyIamPolicy("policy", TagKeyIamPolicyArgs.builder() + * .tagKey(key.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_tags\_tag\_key\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.tags.TagKeyIamBinding; + * import com.pulumi.gcp.tags.TagKeyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TagKeyIamBinding("binding", TagKeyIamBindingArgs.builder() + * .tagKey(key.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_tags\_tag\_key\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.tags.TagKeyIamMember; + * import com.pulumi.gcp.tags.TagKeyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TagKeyIamMember("member", TagKeyIamMemberArgs.builder() + * .tagKey(key.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -200,9 +313,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -227,18 +368,6 @@ public Output role() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="tagKey", refs={String.class}, tree="[0]") private Output tagKey; @@ -246,18 +375,6 @@ public Output role() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output tagKey() { return this.tagKey; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamMemberArgs.java index 005bda42e9..0cf483d3f0 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamMemberArgs.java @@ -24,9 +24,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -53,18 +81,6 @@ public Output role() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="tagKey", required=true) private Output tagKey; @@ -72,18 +88,6 @@ public Output role() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output tagKey() { return this.tagKey; @@ -125,11 +129,43 @@ public Builder condition(TagKeyIamMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -162,18 +198,6 @@ public Builder role(String role) { /** * @param tagKey Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -185,18 +209,6 @@ public Builder tagKey(Output tagKey) { /** * @param tagKey Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamPolicy.java index e1aeff2fed..a4b4b191f1 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamPolicy.java @@ -141,6 +141,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_tags\_tag\_key\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.tags.TagKeyIamPolicy; + * import com.pulumi.gcp.tags.TagKeyIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TagKeyIamPolicy("policy", TagKeyIamPolicyArgs.builder() + * .tagKey(key.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_tags\_tag\_key\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.tags.TagKeyIamBinding; + * import com.pulumi.gcp.tags.TagKeyIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TagKeyIamBinding("binding", TagKeyIamBindingArgs.builder() + * .tagKey(key.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_tags\_tag\_key\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.tags.TagKeyIamMember; + * import com.pulumi.gcp.tags.TagKeyIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TagKeyIamMember("member", TagKeyIamMemberArgs.builder() + * .tagKey(key.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -211,18 +324,6 @@ public Output policyData() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="tagKey", refs={String.class}, tree="[0]") private Output tagKey; @@ -230,18 +331,6 @@ public Output policyData() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output tagKey() { return this.tagKey; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamPolicyArgs.java index 4feafc8409..e8d6896061 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagKeyIamPolicyArgs.java @@ -34,18 +34,6 @@ public Output policyData() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="tagKey", required=true) private Output tagKey; @@ -53,18 +41,6 @@ public Output policyData() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output tagKey() { return this.tagKey; @@ -121,18 +97,6 @@ public Builder policyData(String policyData) { /** * @param tagKey Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -144,18 +108,6 @@ public Builder tagKey(Output tagKey) { /** * @param tagKey Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamBinding.java index 23a7d96177..8d47e18965 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamBinding.java @@ -144,6 +144,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_tags\_tag\_value\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.tags.TagValueIamPolicy; + * import com.pulumi.gcp.tags.TagValueIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TagValueIamPolicy("policy", TagValueIamPolicyArgs.builder() + * .tagValue(value.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_tags\_tag\_value\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.tags.TagValueIamBinding; + * import com.pulumi.gcp.tags.TagValueIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TagValueIamBinding("binding", TagValueIamBindingArgs.builder() + * .tagValue(value.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_tags\_tag\_value\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.tags.TagValueIamMember; + * import com.pulumi.gcp.tags.TagValueIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TagValueIamMember("member", TagValueIamMemberArgs.builder() + * .tagValue(value.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -201,9 +314,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="members", refs={List.class,String.class}, tree="[0,1]") private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -228,18 +369,6 @@ public Output role() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="tagValue", refs={String.class}, tree="[0]") private Output tagValue; @@ -247,18 +376,6 @@ public Output role() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output tagValue() { return this.tagValue; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamBindingArgs.java index f316c71e0c..aa17f2f9a3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamBindingArgs.java @@ -25,9 +25,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members", required=true) private Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output> members() { return this.members; } @@ -54,18 +82,6 @@ public Output role() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="tagValue", required=true) private Output tagValue; @@ -73,18 +89,6 @@ public Output role() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output tagValue() { return this.tagValue; @@ -126,15 +130,63 @@ public Builder condition(TagValueIamBindingConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -167,18 +219,6 @@ public Builder role(String role) { /** * @param tagValue Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -190,18 +230,6 @@ public Builder tagValue(Output tagValue) { /** * @param tagValue Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamMember.java index 8e22d9d900..306dfc0a33 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamMember.java @@ -143,6 +143,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_tags\_tag\_value\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.tags.TagValueIamPolicy; + * import com.pulumi.gcp.tags.TagValueIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TagValueIamPolicy("policy", TagValueIamPolicyArgs.builder() + * .tagValue(value.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_tags\_tag\_value\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.tags.TagValueIamBinding; + * import com.pulumi.gcp.tags.TagValueIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TagValueIamBinding("binding", TagValueIamBindingArgs.builder() + * .tagValue(value.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_tags\_tag\_value\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.tags.TagValueIamMember; + * import com.pulumi.gcp.tags.TagValueIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TagValueIamMember("member", TagValueIamMemberArgs.builder() + * .tagValue(value.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -200,9 +313,37 @@ public Output> condition() { public Output etag() { return this.etag; } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Export(name="member", refs={String.class}, tree="[0]") private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -227,18 +368,6 @@ public Output role() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="tagValue", refs={String.class}, tree="[0]") private Output tagValue; @@ -246,18 +375,6 @@ public Output role() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output tagValue() { return this.tagValue; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamMemberArgs.java index adc77a5a24..f5d2ce227d 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamMemberArgs.java @@ -24,9 +24,37 @@ public Optional> condition() { return Optional.ofNullable(this.condition); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member", required=true) private Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Output member() { return this.member; } @@ -53,18 +81,6 @@ public Output role() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="tagValue", required=true) private Output tagValue; @@ -72,18 +88,6 @@ public Output role() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output tagValue() { return this.tagValue; @@ -125,11 +129,43 @@ public Builder condition(TagValueIamMemberConditionArgs condition) { return condition(Output.of(condition)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -162,18 +198,6 @@ public Builder role(String role) { /** * @param tagValue Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -185,18 +209,6 @@ public Builder tagValue(Output tagValue) { /** * @param tagValue Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamPolicy.java index f10bd9c45d..4e15ef8616 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamPolicy.java @@ -141,6 +141,119 @@ * ``` * <!--End PulumiCodeChooser --> * + * ## google\_tags\_tag\_value\_iam\_policy + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.organizations.OrganizationsFunctions; + * import com.pulumi.gcp.organizations.inputs.GetIAMPolicyArgs; + * import com.pulumi.gcp.tags.TagValueIamPolicy; + * import com.pulumi.gcp.tags.TagValueIamPolicyArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * final var admin = OrganizationsFunctions.getIAMPolicy(GetIAMPolicyArgs.builder() + * .bindings(GetIAMPolicyBindingArgs.builder() + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()) + * .build()); + * + * var policy = new TagValueIamPolicy("policy", TagValueIamPolicyArgs.builder() + * .tagValue(value.name()) + * .policyData(admin.applyValue(getIAMPolicyResult -> getIAMPolicyResult.policyData())) + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_tags\_tag\_value\_iam\_binding + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.tags.TagValueIamBinding; + * import com.pulumi.gcp.tags.TagValueIamBindingArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var binding = new TagValueIamBinding("binding", TagValueIamBindingArgs.builder() + * .tagValue(value.name()) + * .role("roles/viewer") + * .members("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * + * ## google\_tags\_tag\_value\_iam\_member + * + * <!--Start PulumiCodeChooser --> + * ```java + * package generated_program; + * + * import com.pulumi.Context; + * import com.pulumi.Pulumi; + * import com.pulumi.core.Output; + * import com.pulumi.gcp.tags.TagValueIamMember; + * import com.pulumi.gcp.tags.TagValueIamMemberArgs; + * import java.util.List; + * import java.util.ArrayList; + * import java.util.Map; + * import java.io.File; + * import java.nio.file.Files; + * import java.nio.file.Paths; + * + * public class App { + * public static void main(String[] args) { + * Pulumi.run(App::stack); + * } + * + * public static void stack(Context ctx) { + * var member = new TagValueIamMember("member", TagValueIamMemberArgs.builder() + * .tagValue(value.name()) + * .role("roles/viewer") + * .member("user:jane@example.com") + * .build()); + * + * } + * } + * ``` + * <!--End PulumiCodeChooser --> + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -211,18 +324,6 @@ public Output policyData() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="tagValue", refs={String.class}, tree="[0]") private Output tagValue; @@ -230,18 +331,6 @@ public Output policyData() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output tagValue() { return this.tagValue; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamPolicyArgs.java index 3f973f6baf..4d402118d2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/TagValueIamPolicyArgs.java @@ -34,18 +34,6 @@ public Output policyData() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="tagValue", required=true) private Output tagValue; @@ -53,18 +41,6 @@ public Output policyData() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output tagValue() { return this.tagValue; @@ -121,18 +97,6 @@ public Builder policyData(String policyData) { /** * @param tagValue Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -144,18 +108,6 @@ public Builder tagValue(Output tagValue) { /** * @param tagValue Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagKeyIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagKeyIamBindingState.java index 06e6f31358..3ec7a3ce14 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagKeyIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagKeyIamBindingState.java @@ -39,9 +39,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -68,18 +96,6 @@ public Optional> role() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="tagKey") private @Nullable Output tagKey; @@ -87,18 +103,6 @@ public Optional> role() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> tagKey() { return Optional.ofNullable(this.tagKey); @@ -162,15 +166,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -203,18 +255,6 @@ public Builder role(String role) { /** * @param tagKey Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -226,18 +266,6 @@ public Builder tagKey(@Nullable Output tagKey) { /** * @param tagKey Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagKeyIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagKeyIamMemberState.java index 79797df07f..e2fe7d64b6 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagKeyIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagKeyIamMemberState.java @@ -38,9 +38,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -67,18 +95,6 @@ public Optional> role() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="tagKey") private @Nullable Output tagKey; @@ -86,18 +102,6 @@ public Optional> role() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> tagKey() { return Optional.ofNullable(this.tagKey); @@ -161,11 +165,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -198,18 +234,6 @@ public Builder role(String role) { /** * @param tagKey Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -221,18 +245,6 @@ public Builder tagKey(@Nullable Output tagKey) { /** * @param tagKey Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagKeyIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagKeyIamPolicyState.java index b75c495323..9b954859a4 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagKeyIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagKeyIamPolicyState.java @@ -50,18 +50,6 @@ public Optional> policyData() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="tagKey") private @Nullable Output tagKey; @@ -69,18 +57,6 @@ public Optional> policyData() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> tagKey() { return Optional.ofNullable(this.tagKey); @@ -159,18 +135,6 @@ public Builder policyData(String policyData) { /** * @param tagKey Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -182,18 +146,6 @@ public Builder tagKey(@Nullable Output tagKey) { /** * @param tagKey Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagValueIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagValueIamBindingState.java index ff6074dcf9..3047033a9c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagValueIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagValueIamBindingState.java @@ -39,9 +39,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="members") private @Nullable Output> members; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional>> members() { return Optional.ofNullable(this.members); } @@ -68,18 +96,6 @@ public Optional> role() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="tagValue") private @Nullable Output tagValue; @@ -87,18 +103,6 @@ public Optional> role() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> tagValue() { return Optional.ofNullable(this.tagValue); @@ -162,15 +166,63 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } @@ -203,18 +255,6 @@ public Builder role(String role) { /** * @param tagValue Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -226,18 +266,6 @@ public Builder tagValue(@Nullable Output tagValue) { /** * @param tagValue Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagValueIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagValueIamMemberState.java index 9c8035c9f8..4c13a0db0a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagValueIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagValueIamMemberState.java @@ -38,9 +38,37 @@ public Optional> etag() { return Optional.ofNullable(this.etag); } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ @Import(name="member") private @Nullable Output member; + /** + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + */ public Optional> member() { return Optional.ofNullable(this.member); } @@ -67,18 +95,6 @@ public Optional> role() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="tagValue") private @Nullable Output tagValue; @@ -86,18 +102,6 @@ public Optional> role() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> tagValue() { return Optional.ofNullable(this.tagValue); @@ -161,11 +165,43 @@ public Builder etag(String etag) { return etag(Output.of(etag)); } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(@Nullable Output member) { $.member = member; return this; } + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder member(String member) { return member(Output.of(member)); } @@ -198,18 +234,6 @@ public Builder role(String role) { /** * @param tagValue Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -221,18 +245,6 @@ public Builder tagValue(@Nullable Output tagValue) { /** * @param tagValue Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagValueIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagValueIamPolicyState.java index fd5ffe1489..38aa9bda30 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagValueIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/tags/inputs/TagValueIamPolicyState.java @@ -50,18 +50,6 @@ public Optional> policyData() { /** * Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="tagValue") private @Nullable Output tagValue; @@ -69,18 +57,6 @@ public Optional> policyData() { /** * @return Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> tagValue() { return Optional.ofNullable(this.tagValue); @@ -159,18 +135,6 @@ public Builder policyData(String policyData) { /** * @param tagValue Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -182,18 +146,6 @@ public Builder tagValue(@Nullable Output tagValue) { /** * @param tagValue Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamBinding.java index dda30a274d..6b181e8dad 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamBinding.java @@ -91,8 +91,20 @@ public Output etag() { /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + @Export(name="featurestore", refs={String.class}, tree="[0]") + private Output featurestore; + + /** + * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + * + */ + public Output featurestore() { + return this.featurestore; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -104,14 +116,12 @@ public Output etag() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="featurestore", refs={String.class}, tree="[0]") - private Output featurestore; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -123,12 +133,6 @@ public Output etag() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - public Output featurestore() { - return this.featurestore; - } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - public Output> members() { return this.members; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamBindingArgs.java index bbaabd3467..83079a20a5 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamBindingArgs.java @@ -43,8 +43,21 @@ public Output entitytype() { /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + @Import(name="featurestore", required=true) + private Output featurestore; + + /** + * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + * + */ + public Output featurestore() { + return this.featurestore; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -56,14 +69,12 @@ public Output entitytype() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="featurestore", required=true) - private Output featurestore; + @Import(name="members", required=true) + private Output> members; /** - * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -75,13 +86,6 @@ public Output entitytype() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - public Output featurestore() { - return this.featurestore; - } - - @Import(name="members", required=true) - private Output> members; - public Output> members() { return this.members; } @@ -166,8 +170,27 @@ public Builder entitytype(String entitytype) { /** * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder featurestore(Output featurestore) { + $.featurestore = featurestore; + return this; + } + + /** + * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder featurestore(String featurestore) { + return featurestore(Output.of(featurestore)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -181,16 +204,14 @@ public Builder entitytype(String entitytype) { * @return builder * */ - public Builder featurestore(Output featurestore) { - $.featurestore = featurestore; + public Builder members(Output> members) { + $.members = members; return this; } /** - * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -204,19 +225,26 @@ public Builder featurestore(Output featurestore) { * @return builder * */ - public Builder featurestore(String featurestore) { - return featurestore(Output.of(featurestore)); - } - - public Builder members(Output> members) { - $.members = members; - return this; - } - public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamMember.java index fb4c51cf66..6fa73c1859 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamMember.java @@ -90,8 +90,20 @@ public Output etag() { /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + @Export(name="featurestore", refs={String.class}, tree="[0]") + private Output featurestore; + + /** + * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + * + */ + public Output featurestore() { + return this.featurestore; + } + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -103,14 +115,12 @@ public Output etag() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="featurestore", refs={String.class}, tree="[0]") - private Output featurestore; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -122,12 +132,6 @@ public Output etag() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - public Output featurestore() { - return this.featurestore; - } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - public Output member() { return this.member; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamMemberArgs.java index 4aa41052d1..a1a2d1f254 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamMemberArgs.java @@ -42,8 +42,21 @@ public Output entitytype() { /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + @Import(name="featurestore", required=true) + private Output featurestore; + + /** + * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + * + */ + public Output featurestore() { + return this.featurestore; + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -55,14 +68,12 @@ public Output entitytype() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="featurestore", required=true) - private Output featurestore; + @Import(name="member", required=true) + private Output member; /** - * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -74,13 +85,6 @@ public Output entitytype() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - public Output featurestore() { - return this.featurestore; - } - - @Import(name="member", required=true) - private Output member; - public Output member() { return this.member; } @@ -165,8 +169,27 @@ public Builder entitytype(String entitytype) { /** * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder featurestore(Output featurestore) { + $.featurestore = featurestore; + return this; + } + + /** + * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder featurestore(String featurestore) { + return featurestore(Output.of(featurestore)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -180,16 +203,14 @@ public Builder entitytype(String entitytype) { * @return builder * */ - public Builder featurestore(Output featurestore) { - $.featurestore = featurestore; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -203,15 +224,6 @@ public Builder featurestore(Output featurestore) { * @return builder * */ - public Builder featurestore(String featurestore) { - return featurestore(Output.of(featurestore)); - } - - public Builder member(Output member) { - $.member = member; - return this; - } - public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamPolicy.java index 69ef3f7110..f27d27db22 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamPolicy.java @@ -82,18 +82,6 @@ public Output etag() { /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="featurestore", refs={String.class}, tree="[0]") private Output featurestore; @@ -101,18 +89,6 @@ public Output etag() { /** * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output featurestore() { return this.featurestore; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamPolicyArgs.java index bc68d28545..16a41b740a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreEntityTypeIamPolicyArgs.java @@ -32,18 +32,6 @@ public Output entitytype() { /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="featurestore", required=true) private Output featurestore; @@ -51,18 +39,6 @@ public Output entitytype() { /** * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output featurestore() { return this.featurestore; @@ -135,18 +111,6 @@ public Builder entitytype(String entitytype) { /** * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -158,18 +122,6 @@ public Builder featurestore(Output featurestore) { /** * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamBinding.java index ee905d50a9..2262221042 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamBinding.java @@ -92,18 +92,9 @@ public Output etag() { public Output featurestore() { return this.featurestore; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -115,15 +106,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -135,6 +123,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamBindingArgs.java index fc30ee8a85..04606d84da 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamBindingArgs.java @@ -40,19 +40,9 @@ public Output featurestore() { return this.featurestore; } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -64,15 +54,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -84,6 +71,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -185,25 +189,30 @@ public Builder featurestore(String featurestore) { return featurestore(Output.of(featurestore)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -217,17 +226,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -241,6 +246,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamMember.java index 9c0c71df55..f9f4eb4867 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamMember.java @@ -91,18 +91,9 @@ public Output etag() { public Output featurestore() { return this.featurestore; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -114,15 +105,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -134,6 +122,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamMemberArgs.java index 1df872fea0..c550274562 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamMemberArgs.java @@ -39,19 +39,9 @@ public Output featurestore() { return this.featurestore; } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -63,15 +53,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -83,6 +70,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -184,21 +188,9 @@ public Builder featurestore(String featurestore) { return featurestore(Output.of(featurestore)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -212,17 +204,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -236,6 +225,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamPolicy.java index 1631863dfd..ebb467e19c 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamPolicy.java @@ -103,18 +103,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -123,18 +111,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamPolicyArgs.java index 86832aa5a8..3851282aef 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/AiFeatureStoreIamPolicyArgs.java @@ -52,18 +52,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -72,18 +60,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -183,18 +159,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -207,18 +171,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreEntityTypeIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreEntityTypeIamBindingState.java index 6e736f3161..dc73a5b276 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreEntityTypeIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreEntityTypeIamBindingState.java @@ -57,8 +57,21 @@ public Optional> etag() { /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + @Import(name="featurestore") + private @Nullable Output featurestore; + + /** + * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + * + */ + public Optional> featurestore() { + return Optional.ofNullable(this.featurestore); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -70,14 +83,12 @@ public Optional> etag() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="featurestore") - private @Nullable Output featurestore; + @Import(name="members") + private @Nullable Output> members; /** - * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -89,13 +100,6 @@ public Optional> etag() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - public Optional> featurestore() { - return Optional.ofNullable(this.featurestore); - } - - @Import(name="members") - private @Nullable Output> members; - public Optional>> members() { return Optional.ofNullable(this.members); } @@ -202,8 +206,27 @@ public Builder etag(String etag) { /** * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder featurestore(@Nullable Output featurestore) { + $.featurestore = featurestore; + return this; + } + + /** + * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder featurestore(String featurestore) { + return featurestore(Output.of(featurestore)); + } + + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -217,16 +240,14 @@ public Builder etag(String etag) { * @return builder * */ - public Builder featurestore(@Nullable Output featurestore) { - $.featurestore = featurestore; + public Builder members(@Nullable Output> members) { + $.members = members; return this; } /** - * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -240,19 +261,26 @@ public Builder featurestore(@Nullable Output featurestore) { * @return builder * */ - public Builder featurestore(String featurestore) { - return featurestore(Output.of(featurestore)); - } - - public Builder members(@Nullable Output> members) { - $.members = members; - return this; - } - public Builder members(List members) { return members(Output.of(members)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(String... members) { return members(List.of(members)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreEntityTypeIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreEntityTypeIamMemberState.java index fdb4d41563..439af8208a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreEntityTypeIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreEntityTypeIamMemberState.java @@ -56,8 +56,21 @@ public Optional> etag() { /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + */ + @Import(name="featurestore") + private @Nullable Output featurestore; + + /** + * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + * + */ + public Optional> featurestore() { + return Optional.ofNullable(this.featurestore); + } + + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -69,14 +82,12 @@ public Optional> etag() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="featurestore") - private @Nullable Output featurestore; + @Import(name="member") + private @Nullable Output member; /** - * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -88,13 +99,6 @@ public Optional> etag() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - public Optional> featurestore() { - return Optional.ofNullable(this.featurestore); - } - - @Import(name="member") - private @Nullable Output member; - public Optional> member() { return Optional.ofNullable(this.member); } @@ -201,8 +205,27 @@ public Builder etag(String etag) { /** * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return builder + * + */ + public Builder featurestore(@Nullable Output featurestore) { + $.featurestore = featurestore; + return this; + } + + /** + * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + * + * @return builder + * + */ + public Builder featurestore(String featurestore) { + return featurestore(Output.of(featurestore)); + } + + /** + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -216,16 +239,14 @@ public Builder etag(String etag) { * @return builder * */ - public Builder featurestore(@Nullable Output featurestore) { - $.featurestore = featurestore; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -239,15 +260,6 @@ public Builder featurestore(@Nullable Output featurestore) { * @return builder * */ - public Builder featurestore(String featurestore) { - return featurestore(Output.of(featurestore)); - } - - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - public Builder member(String member) { return member(Output.of(member)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreEntityTypeIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreEntityTypeIamPolicyState.java index 3f29dc7e66..4a1e5c0244 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreEntityTypeIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreEntityTypeIamPolicyState.java @@ -48,18 +48,6 @@ public Optional> etag() { /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="featurestore") private @Nullable Output featurestore; @@ -67,18 +55,6 @@ public Optional> etag() { /** * @return The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> featurestore() { return Optional.ofNullable(this.featurestore); @@ -173,18 +149,6 @@ public Builder etag(String etag) { /** * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -196,18 +160,6 @@ public Builder featurestore(@Nullable Output featurestore) { /** * @param featurestore The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreIamBindingState.java index f3718ff41a..09d9f5b120 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreIamBindingState.java @@ -54,19 +54,9 @@ public Optional> featurestore() { return Optional.ofNullable(this.featurestore); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -78,15 +68,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -98,6 +85,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -221,25 +225,30 @@ public Builder featurestore(String featurestore) { return featurestore(Output.of(featurestore)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -253,17 +262,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -277,6 +282,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreIamMemberState.java index 4d42fbeeb0..97cf72d492 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreIamMemberState.java @@ -53,19 +53,9 @@ public Optional> featurestore() { return Optional.ofNullable(this.featurestore); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -77,15 +67,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -97,6 +84,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -220,21 +224,9 @@ public Builder featurestore(String featurestore) { return featurestore(Output.of(featurestore)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,17 +240,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -272,6 +261,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreIamPolicyState.java index 2edf53a40f..fae12baa38 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/vertex/inputs/AiFeatureStoreIamPolicyState.java @@ -66,18 +66,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -86,18 +74,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -219,18 +195,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -243,18 +207,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamBinding.java index dd7490dbf9..794cf633c3 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamBinding.java @@ -94,18 +94,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -117,15 +108,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -137,6 +125,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamBindingArgs.java index 035321dd2e..c221928bb7 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamBindingArgs.java @@ -42,19 +42,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -66,15 +56,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -86,6 +73,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -185,25 +189,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -217,17 +226,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -241,6 +246,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamMember.java index efe703ebd8..739af116ba 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamMember.java @@ -93,18 +93,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -116,15 +107,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -136,6 +124,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamMemberArgs.java index c080e2a8ab..f912fdb490 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamMemberArgs.java @@ -41,19 +41,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -65,15 +55,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -85,6 +72,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -184,21 +188,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -212,17 +204,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -236,6 +225,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamPolicy.java index 551c942d3f..33c5233190 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamPolicy.java @@ -105,18 +105,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -125,18 +113,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamPolicyArgs.java index 7accce0784..c263b27838 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationConfigIamPolicyArgs.java @@ -54,18 +54,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -74,18 +62,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -183,18 +159,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -207,18 +171,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamBinding.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamBinding.java index 8ddaf9cf1c..7e48ad1285 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamBinding.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamBinding.java @@ -94,18 +94,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="members", refs={List.class,String.class}, tree="[0,1]") - private Output> members; - - public Output> members() { - return this.members; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -117,15 +108,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="members", refs={List.class,String.class}, tree="[0,1]") + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -137,6 +125,22 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamBindingArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamBindingArgs.java index c3b9449866..ce8c5cc8c9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamBindingArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamBindingArgs.java @@ -42,19 +42,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members", required=true) - private Output> members; - - public Output> members() { - return this.members; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -66,15 +56,12 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members", required=true) + private Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -86,6 +73,23 @@ public Output> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output> members() { + return this.members; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -193,25 +197,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -225,17 +234,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -249,6 +254,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamMember.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamMember.java index 86360420a8..a78cae079a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamMember.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamMember.java @@ -93,18 +93,9 @@ public Output etag() { public Output location() { return this.location; } - @Export(name="member", refs={String.class}, tree="[0]") - private Output member; - - public Output member() { - return this.member; - } /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -116,15 +107,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Export(name="project", refs={String.class}, tree="[0]") - private Output project; + @Export(name="member", refs={String.class}, tree="[0]") + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -136,6 +124,22 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Export(name="project", refs={String.class}, tree="[0]") + private Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Output project() { return this.project; } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamMemberArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamMemberArgs.java index a736d7c3ff..329c4562db 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamMemberArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamMemberArgs.java @@ -41,19 +41,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member", required=true) - private Output member; - - public Output member() { - return this.member; - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -65,15 +55,12 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member", required=true) + private Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -85,6 +72,23 @@ public Output member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Output member() { + return this.member; + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -192,21 +196,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -220,17 +212,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -244,6 +233,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamPolicy.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamPolicy.java index 345cf3909d..4715929ba9 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamPolicy.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamPolicy.java @@ -105,18 +105,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Export(name="project", refs={String.class}, tree="[0]") private Output project; @@ -125,18 +113,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Output project() { return this.project; diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamPolicyArgs.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamPolicyArgs.java index cee5bacf73..36628f936f 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamPolicyArgs.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/WorkstationIamPolicyArgs.java @@ -54,18 +54,6 @@ public Output policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -74,18 +62,6 @@ public Output policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -191,18 +167,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -215,18 +179,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationConfigIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationConfigIamBindingState.java index 3ebef04e89..1c31757636 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationConfigIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationConfigIamBindingState.java @@ -56,19 +56,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -80,15 +70,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -100,6 +87,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -221,25 +225,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -253,17 +262,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -277,6 +282,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationConfigIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationConfigIamMemberState.java index d062b2d4c5..58f00c97e2 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationConfigIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationConfigIamMemberState.java @@ -55,19 +55,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,15 +69,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -99,6 +86,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -220,21 +224,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -248,17 +240,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -272,6 +261,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationConfigIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationConfigIamPolicyState.java index 9b7da7b913..f1fd0aed2a 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationConfigIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationConfigIamPolicyState.java @@ -68,18 +68,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -88,18 +76,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -219,18 +195,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -243,18 +207,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationIamBindingState.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationIamBindingState.java index 21a96fd55c..94e21f28bc 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationIamBindingState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationIamBindingState.java @@ -56,19 +56,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="members") - private @Nullable Output> members; - - public Optional>> members() { - return Optional.ofNullable(this.members); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -80,15 +70,12 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="members") + private @Nullable Output> members; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -100,6 +87,23 @@ public Optional>> members() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional>> members() { + return Optional.ofNullable(this.members); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -229,25 +233,30 @@ public Builder location(String location) { return location(Output.of(location)); } + /** + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + * + * @return builder + * + */ public Builder members(@Nullable Output> members) { $.members = members; return this; } - public Builder members(List members) { - return members(Output.of(members)); - } - - public Builder members(String... members) { - return members(List.of(members)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -261,17 +270,13 @@ public Builder members(String... members) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; - return this; + public Builder members(List members) { + return members(Output.of(members)); } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param members Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -285,6 +290,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder members(String... members) { + return members(List.of(members)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationIamMemberState.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationIamMemberState.java index 271785b12d..db268e87ac 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationIamMemberState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationIamMemberState.java @@ -55,19 +55,9 @@ public Optional> location() { return Optional.ofNullable(this.location); } - @Import(name="member") - private @Nullable Output member; - - public Optional> member() { - return Optional.ofNullable(this.member); - } - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -79,15 +69,12 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ - @Import(name="project") - private @Nullable Output project; + @Import(name="member") + private @Nullable Output member; /** - * @return The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @return Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -99,6 +86,23 @@ public Optional> member() { * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" * */ + public Optional> member() { + return Optional.ofNullable(this.member); + } + + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ + @Import(name="project") + private @Nullable Output project; + + /** + * @return The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + */ public Optional> project() { return Optional.ofNullable(this.project); } @@ -228,21 +232,9 @@ public Builder location(String location) { return location(Output.of(location)); } - public Builder member(@Nullable Output member) { - $.member = member; - return this; - } - - public Builder member(String member) { - return member(Output.of(member)); - } - /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -256,17 +248,14 @@ public Builder member(String member) { * @return builder * */ - public Builder project(@Nullable Output project) { - $.project = project; + public Builder member(@Nullable Output member) { + $.member = member; return this; } /** - * @param project The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: + * @param member Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. @@ -280,6 +269,29 @@ public Builder project(@Nullable Output project) { * @return builder * */ + public Builder member(String member) { + return member(Output.of(member)); + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ + public Builder project(@Nullable Output project) { + $.project = project; + return this; + } + + /** + * @param project The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + * + * @return builder + * + */ public Builder project(String project) { return project(Output.of(project)); } diff --git a/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationIamPolicyState.java b/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationIamPolicyState.java index 865c09bd16..d72d2ee2da 100644 --- a/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationIamPolicyState.java +++ b/sdk/java/src/main/java/com/pulumi/gcp/workstations/inputs/WorkstationIamPolicyState.java @@ -68,18 +68,6 @@ public Optional> policyData() { * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ @Import(name="project") private @Nullable Output project; @@ -88,18 +76,6 @@ public Optional> policyData() { * @return The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * */ public Optional> project() { return Optional.ofNullable(this.project); @@ -227,18 +203,6 @@ public Builder policyData(String policyData) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ @@ -251,18 +215,6 @@ public Builder project(@Nullable Output project) { * @param project The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - * * @return builder * */ diff --git a/sdk/nodejs/accesscontextmanager/accessPolicyIamBinding.ts b/sdk/nodejs/accesscontextmanager/accessPolicyIamBinding.ts index f9bcd451c8..1643934160 100644 --- a/sdk/nodejs/accesscontextmanager/accessPolicyIamBinding.ts +++ b/sdk/nodejs/accesscontextmanager/accessPolicyIamBinding.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_access\_context\_manager\_access\_policy\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/accesscontextmanager.policyAdmin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy("policy", { + * name: access_policy.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_access\_context\_manager\_access\_policy\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.accesscontextmanager.AccessPolicyIamBinding("binding", { + * name: access_policy.name, + * role: "roles/accesscontextmanager.policyAdmin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_access\_context\_manager\_access\_policy\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.accesscontextmanager.AccessPolicyIamMember("member", { + * name: access_policy.name, + * role: "roles/accesscontextmanager.policyAdmin", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -138,11 +188,8 @@ export class AccessPolicyIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -154,6 +201,10 @@ export class AccessPolicyIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ public readonly name!: pulumi.Output; /** * The role that should be applied. Only one @@ -208,11 +259,8 @@ export interface AccessPolicyIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -224,6 +272,10 @@ export interface AccessPolicyIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ name?: pulumi.Input; /** * The role that should be applied. Only one @@ -238,11 +290,8 @@ export interface AccessPolicyIamBindingState { */ export interface AccessPolicyIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -254,6 +303,10 @@ export interface AccessPolicyIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ name?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/accesscontextmanager/accessPolicyIamMember.ts b/sdk/nodejs/accesscontextmanager/accessPolicyIamMember.ts index f0f4f4560a..7527911fa8 100644 --- a/sdk/nodejs/accesscontextmanager/accessPolicyIamMember.ts +++ b/sdk/nodejs/accesscontextmanager/accessPolicyIamMember.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_access\_context\_manager\_access\_policy\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/accesscontextmanager.policyAdmin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy("policy", { + * name: access_policy.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_access\_context\_manager\_access\_policy\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.accesscontextmanager.AccessPolicyIamBinding("binding", { + * name: access_policy.name, + * role: "roles/accesscontextmanager.policyAdmin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_access\_context\_manager\_access\_policy\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.accesscontextmanager.AccessPolicyIamMember("member", { + * name: access_policy.name, + * role: "roles/accesscontextmanager.policyAdmin", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -138,11 +188,8 @@ export class AccessPolicyIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -154,6 +201,10 @@ export class AccessPolicyIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ public readonly name!: pulumi.Output; /** * The role that should be applied. Only one @@ -208,11 +259,8 @@ export interface AccessPolicyIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -224,6 +272,10 @@ export interface AccessPolicyIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ name?: pulumi.Input; /** * The role that should be applied. Only one @@ -238,11 +290,8 @@ export interface AccessPolicyIamMemberState { */ export interface AccessPolicyIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -254,6 +303,10 @@ export interface AccessPolicyIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ name?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/accesscontextmanager/accessPolicyIamPolicy.ts b/sdk/nodejs/accesscontextmanager/accessPolicyIamPolicy.ts index 23c736e09e..c6045190f9 100644 --- a/sdk/nodejs/accesscontextmanager/accessPolicyIamPolicy.ts +++ b/sdk/nodejs/accesscontextmanager/accessPolicyIamPolicy.ts @@ -69,6 +69,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_access\_context\_manager\_access\_policy\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/accesscontextmanager.policyAdmin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.accesscontextmanager.AccessPolicyIamPolicy("policy", { + * name: access_policy.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_access\_context\_manager\_access\_policy\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.accesscontextmanager.AccessPolicyIamBinding("binding", { + * name: access_policy.name, + * role: "roles/accesscontextmanager.policyAdmin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_access\_context\_manager\_access\_policy\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.accesscontextmanager.AccessPolicyIamMember("member", { + * name: access_policy.name, + * role: "roles/accesscontextmanager.policyAdmin", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -137,18 +187,6 @@ export class AccessPolicyIamPolicy extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly name!: pulumi.Output; /** @@ -197,18 +235,6 @@ export interface AccessPolicyIamPolicyState { etag?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ name?: pulumi.Input; /** @@ -224,18 +250,6 @@ export interface AccessPolicyIamPolicyState { export interface AccessPolicyIamPolicyArgs { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ name?: pulumi.Input; /** diff --git a/sdk/nodejs/apigateway/apiConfigIamBinding.ts b/sdk/nodejs/apigateway/apiConfigIamBinding.ts index 5c6589bf76..c1cf93fc77 100644 --- a/sdk/nodejs/apigateway/apiConfigIamBinding.ts +++ b/sdk/nodejs/apigateway/apiConfigIamBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_api\_gateway\_api\_config\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.apigateway.ApiConfigIamPolicy("policy", { + * api: apiCfg.api, + * apiConfig: apiCfg.apiConfigId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_api\_gateway\_api\_config\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.apigateway.ApiConfigIamBinding("binding", { + * api: apiCfg.api, + * apiConfig: apiCfg.apiConfigId, + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_api\_gateway\_api\_config\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.apigateway.ApiConfigIamMember("member", { + * api: apiCfg.api, + * apiConfig: apiCfg.apiConfigId, + * role: "roles/apigateway.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -151,12 +204,8 @@ export class ApiConfigIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +217,11 @@ export class ApiConfigIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -238,12 +292,8 @@ export interface ApiConfigIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -255,6 +305,11 @@ export interface ApiConfigIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -275,12 +330,8 @@ export interface ApiConfigIamBindingArgs { api: pulumi.Input; apiConfig: pulumi.Input; condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -292,6 +343,11 @@ export interface ApiConfigIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/apigateway/apiConfigIamMember.ts b/sdk/nodejs/apigateway/apiConfigIamMember.ts index b28a8f9468..5db64c03b6 100644 --- a/sdk/nodejs/apigateway/apiConfigIamMember.ts +++ b/sdk/nodejs/apigateway/apiConfigIamMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_api\_gateway\_api\_config\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.apigateway.ApiConfigIamPolicy("policy", { + * api: apiCfg.api, + * apiConfig: apiCfg.apiConfigId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_api\_gateway\_api\_config\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.apigateway.ApiConfigIamBinding("binding", { + * api: apiCfg.api, + * apiConfig: apiCfg.apiConfigId, + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_api\_gateway\_api\_config\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.apigateway.ApiConfigIamMember("member", { + * api: apiCfg.api, + * apiConfig: apiCfg.apiConfigId, + * role: "roles/apigateway.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -151,12 +204,8 @@ export class ApiConfigIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +217,11 @@ export class ApiConfigIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -238,12 +292,8 @@ export interface ApiConfigIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -255,6 +305,11 @@ export interface ApiConfigIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -275,12 +330,8 @@ export interface ApiConfigIamMemberArgs { api: pulumi.Input; apiConfig: pulumi.Input; condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -292,6 +343,11 @@ export interface ApiConfigIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/apigateway/apiConfigIamPolicy.ts b/sdk/nodejs/apigateway/apiConfigIamPolicy.ts index 706e9eedec..1186fde20c 100644 --- a/sdk/nodejs/apigateway/apiConfigIamPolicy.ts +++ b/sdk/nodejs/apigateway/apiConfigIamPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_api\_gateway\_api\_config\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.apigateway.ApiConfigIamPolicy("policy", { + * api: apiCfg.api, + * apiConfig: apiCfg.apiConfigId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_api\_gateway\_api\_config\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.apigateway.ApiConfigIamBinding("binding", { + * api: apiCfg.api, + * apiConfig: apiCfg.apiConfigId, + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_api\_gateway\_api\_config\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.apigateway.ApiConfigIamMember("member", { + * api: apiCfg.api, + * apiConfig: apiCfg.apiConfigId, + * role: "roles/apigateway.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -156,18 +209,6 @@ export class ApiConfigIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -233,18 +274,6 @@ export interface ApiConfigIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -267,18 +296,6 @@ export interface ApiConfigIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/apigateway/apiIamBinding.ts b/sdk/nodejs/apigateway/apiIamBinding.ts index d35b3f7ab7..b2f41c4de8 100644 --- a/sdk/nodejs/apigateway/apiIamBinding.ts +++ b/sdk/nodejs/apigateway/apiIamBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_api\_gateway\_api\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.apigateway.ApiIamPolicy("policy", { + * project: api.project, + * api: api.apiId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_api\_gateway\_api\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.apigateway.ApiIamBinding("binding", { + * project: api.project, + * api: api.apiId, + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_api\_gateway\_api\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.apigateway.ApiIamMember("member", { + * project: api.project, + * api: api.apiId, + * role: "roles/apigateway.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -144,12 +197,8 @@ export class ApiIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -161,6 +210,11 @@ export class ApiIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -221,12 +275,8 @@ export interface ApiIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -238,6 +288,11 @@ export interface ApiIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -253,12 +308,8 @@ export interface ApiIamBindingState { export interface ApiIamBindingArgs { api: pulumi.Input; condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -270,6 +321,11 @@ export interface ApiIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/apigateway/apiIamMember.ts b/sdk/nodejs/apigateway/apiIamMember.ts index cbe67e52c8..42689496fa 100644 --- a/sdk/nodejs/apigateway/apiIamMember.ts +++ b/sdk/nodejs/apigateway/apiIamMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_api\_gateway\_api\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.apigateway.ApiIamPolicy("policy", { + * project: api.project, + * api: api.apiId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_api\_gateway\_api\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.apigateway.ApiIamBinding("binding", { + * project: api.project, + * api: api.apiId, + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_api\_gateway\_api\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.apigateway.ApiIamMember("member", { + * project: api.project, + * api: api.apiId, + * role: "roles/apigateway.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -144,12 +197,8 @@ export class ApiIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -161,6 +210,11 @@ export class ApiIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -221,12 +275,8 @@ export interface ApiIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -238,6 +288,11 @@ export interface ApiIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -253,12 +308,8 @@ export interface ApiIamMemberState { export interface ApiIamMemberArgs { api: pulumi.Input; condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -270,6 +321,11 @@ export interface ApiIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/apigateway/apiIamPolicy.ts b/sdk/nodejs/apigateway/apiIamPolicy.ts index 0b63851d50..ff8831c264 100644 --- a/sdk/nodejs/apigateway/apiIamPolicy.ts +++ b/sdk/nodejs/apigateway/apiIamPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_api\_gateway\_api\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.apigateway.ApiIamPolicy("policy", { + * project: api.project, + * api: api.apiId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_api\_gateway\_api\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.apigateway.ApiIamBinding("binding", { + * project: api.project, + * api: api.apiId, + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_api\_gateway\_api\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.apigateway.ApiIamMember("member", { + * project: api.project, + * api: api.apiId, + * role: "roles/apigateway.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -149,18 +202,6 @@ export class ApiIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -216,18 +257,6 @@ export interface ApiIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -245,18 +274,6 @@ export interface ApiIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/apigateway/gatewayIamBinding.ts b/sdk/nodejs/apigateway/gatewayIamBinding.ts index acc3cc7ff6..eff2b9929a 100644 --- a/sdk/nodejs/apigateway/gatewayIamBinding.ts +++ b/sdk/nodejs/apigateway/gatewayIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_api\_gateway\_gateway\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.apigateway.GatewayIamPolicy("policy", { + * project: apiGw.project, + * region: apiGw.region, + * gateway: apiGw.gatewayId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_api\_gateway\_gateway\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.apigateway.GatewayIamBinding("binding", { + * project: apiGw.project, + * region: apiGw.region, + * gateway: apiGw.gatewayId, + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_api\_gateway\_gateway\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.apigateway.GatewayIamMember("member", { + * project: apiGw.project, + * region: apiGw.region, + * gateway: apiGw.gatewayId, + * role: "roles/apigateway.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -149,12 +205,8 @@ export class GatewayIamBinding extends pulumi.CustomResource { */ public /*out*/ readonly etag!: pulumi.Output; public readonly gateway!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +218,11 @@ export class GatewayIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The region of the gateway for the API. @@ -235,12 +292,8 @@ export interface GatewayIamBindingState { */ etag?: pulumi.Input; gateway?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -252,6 +305,11 @@ export interface GatewayIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The region of the gateway for the API. @@ -274,12 +332,8 @@ export interface GatewayIamBindingState { export interface GatewayIamBindingArgs { condition?: pulumi.Input; gateway: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -291,6 +345,11 @@ export interface GatewayIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The region of the gateway for the API. diff --git a/sdk/nodejs/apigateway/gatewayIamMember.ts b/sdk/nodejs/apigateway/gatewayIamMember.ts index a36481166e..503731f041 100644 --- a/sdk/nodejs/apigateway/gatewayIamMember.ts +++ b/sdk/nodejs/apigateway/gatewayIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_api\_gateway\_gateway\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.apigateway.GatewayIamPolicy("policy", { + * project: apiGw.project, + * region: apiGw.region, + * gateway: apiGw.gatewayId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_api\_gateway\_gateway\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.apigateway.GatewayIamBinding("binding", { + * project: apiGw.project, + * region: apiGw.region, + * gateway: apiGw.gatewayId, + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_api\_gateway\_gateway\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.apigateway.GatewayIamMember("member", { + * project: apiGw.project, + * region: apiGw.region, + * gateway: apiGw.gatewayId, + * role: "roles/apigateway.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -149,12 +205,8 @@ export class GatewayIamMember extends pulumi.CustomResource { */ public /*out*/ readonly etag!: pulumi.Output; public readonly gateway!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +218,11 @@ export class GatewayIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The region of the gateway for the API. @@ -235,12 +292,8 @@ export interface GatewayIamMemberState { */ etag?: pulumi.Input; gateway?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -252,6 +305,11 @@ export interface GatewayIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The region of the gateway for the API. @@ -274,12 +332,8 @@ export interface GatewayIamMemberState { export interface GatewayIamMemberArgs { condition?: pulumi.Input; gateway: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -291,6 +345,11 @@ export interface GatewayIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The region of the gateway for the API. diff --git a/sdk/nodejs/apigateway/gatewayIamPolicy.ts b/sdk/nodejs/apigateway/gatewayIamPolicy.ts index cb07e39b6c..04a5c7e7f1 100644 --- a/sdk/nodejs/apigateway/gatewayIamPolicy.ts +++ b/sdk/nodejs/apigateway/gatewayIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_api\_gateway\_gateway\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.apigateway.GatewayIamPolicy("policy", { + * project: apiGw.project, + * region: apiGw.region, + * gateway: apiGw.gatewayId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_api\_gateway\_gateway\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.apigateway.GatewayIamBinding("binding", { + * project: apiGw.project, + * region: apiGw.region, + * gateway: apiGw.gatewayId, + * role: "roles/apigateway.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_api\_gateway\_gateway\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.apigateway.GatewayIamMember("member", { + * project: apiGw.project, + * region: apiGw.region, + * gateway: apiGw.gatewayId, + * role: "roles/apigateway.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,18 +210,6 @@ export class GatewayIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -230,18 +274,6 @@ export interface GatewayIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -266,18 +298,6 @@ export interface GatewayIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/apigee/environmentIamBinding.ts b/sdk/nodejs/apigee/environmentIamBinding.ts index a5a8a2e8f1..441b49857f 100644 --- a/sdk/nodejs/apigee/environmentIamBinding.ts +++ b/sdk/nodejs/apigee/environmentIamBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_apigee\_environment\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.apigee.EnvironmentIamPolicy("policy", { + * orgId: apigeeEnvironment.orgId, + * envId: apigeeEnvironment.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_apigee\_environment\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.apigee.EnvironmentIamBinding("binding", { + * orgId: apigeeEnvironment.orgId, + * envId: apigeeEnvironment.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_apigee\_environment\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.apigee.EnvironmentIamMember("member", { + * orgId: apigeeEnvironment.orgId, + * envId: apigeeEnvironment.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -139,8 +192,14 @@ export class EnvironmentIamBinding extends pulumi.CustomResource { public readonly condition!: pulumi.Output; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly envId!: pulumi.Output; + /** + * (Computed) The etag of the IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -152,11 +211,6 @@ export class EnvironmentIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - public readonly envId!: pulumi.Output; - /** - * (Computed) The etag of the IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly members!: pulumi.Output; public readonly orgId!: pulumi.Output; /** @@ -218,8 +272,14 @@ export interface EnvironmentIamBindingState { condition?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + envId?: pulumi.Input; + /** + * (Computed) The etag of the IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -231,11 +291,6 @@ export interface EnvironmentIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - envId?: pulumi.Input; - /** - * (Computed) The etag of the IAM policy. - */ - etag?: pulumi.Input; members?: pulumi.Input[]>; orgId?: pulumi.Input; /** @@ -253,8 +308,10 @@ export interface EnvironmentIamBindingArgs { condition?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + envId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -266,7 +323,6 @@ export interface EnvironmentIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - envId: pulumi.Input; members: pulumi.Input[]>; orgId: pulumi.Input; /** diff --git a/sdk/nodejs/apigee/environmentIamMember.ts b/sdk/nodejs/apigee/environmentIamMember.ts index 25b3be5058..2910aa4fe2 100644 --- a/sdk/nodejs/apigee/environmentIamMember.ts +++ b/sdk/nodejs/apigee/environmentIamMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_apigee\_environment\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.apigee.EnvironmentIamPolicy("policy", { + * orgId: apigeeEnvironment.orgId, + * envId: apigeeEnvironment.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_apigee\_environment\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.apigee.EnvironmentIamBinding("binding", { + * orgId: apigeeEnvironment.orgId, + * envId: apigeeEnvironment.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_apigee\_environment\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.apigee.EnvironmentIamMember("member", { + * orgId: apigeeEnvironment.orgId, + * envId: apigeeEnvironment.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -139,8 +192,14 @@ export class EnvironmentIamMember extends pulumi.CustomResource { public readonly condition!: pulumi.Output; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly envId!: pulumi.Output; + /** + * (Computed) The etag of the IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -152,11 +211,6 @@ export class EnvironmentIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - public readonly envId!: pulumi.Output; - /** - * (Computed) The etag of the IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly member!: pulumi.Output; public readonly orgId!: pulumi.Output; /** @@ -218,8 +272,14 @@ export interface EnvironmentIamMemberState { condition?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + envId?: pulumi.Input; + /** + * (Computed) The etag of the IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -231,11 +291,6 @@ export interface EnvironmentIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - envId?: pulumi.Input; - /** - * (Computed) The etag of the IAM policy. - */ - etag?: pulumi.Input; member?: pulumi.Input; orgId?: pulumi.Input; /** @@ -253,8 +308,10 @@ export interface EnvironmentIamMemberArgs { condition?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + envId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -266,7 +323,6 @@ export interface EnvironmentIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - envId: pulumi.Input; member: pulumi.Input; orgId: pulumi.Input; /** diff --git a/sdk/nodejs/apigee/environmentIamPolicy.ts b/sdk/nodejs/apigee/environmentIamPolicy.ts index 59b38f3497..fd7996c494 100644 --- a/sdk/nodejs/apigee/environmentIamPolicy.ts +++ b/sdk/nodejs/apigee/environmentIamPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_apigee\_environment\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.apigee.EnvironmentIamPolicy("policy", { + * orgId: apigeeEnvironment.orgId, + * envId: apigeeEnvironment.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_apigee\_environment\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.apigee.EnvironmentIamBinding("binding", { + * orgId: apigeeEnvironment.orgId, + * envId: apigeeEnvironment.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_apigee\_environment\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.apigee.EnvironmentIamMember("member", { + * orgId: apigeeEnvironment.orgId, + * envId: apigeeEnvironment.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -136,18 +189,6 @@ export class EnvironmentIamPolicy extends pulumi.CustomResource { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly envId!: pulumi.Output; /** @@ -205,18 +246,6 @@ export class EnvironmentIamPolicy extends pulumi.CustomResource { export interface EnvironmentIamPolicyState { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ envId?: pulumi.Input; /** @@ -237,18 +266,6 @@ export interface EnvironmentIamPolicyState { export interface EnvironmentIamPolicyArgs { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ envId: pulumi.Input; orgId: pulumi.Input; diff --git a/sdk/nodejs/artifactregistry/repositoryIamBinding.ts b/sdk/nodejs/artifactregistry/repositoryIamBinding.ts index fad635ad63..46ab8b30c8 100644 --- a/sdk/nodejs/artifactregistry/repositoryIamBinding.ts +++ b/sdk/nodejs/artifactregistry/repositoryIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_artifact\_registry\_repository\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/artifactregistry.reader", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.artifactregistry.RepositoryIamPolicy("policy", { + * project: my_repo.project, + * location: my_repo.location, + * repository: my_repo.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_artifact\_registry\_repository\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.artifactregistry.RepositoryIamBinding("binding", { + * project: my_repo.project, + * location: my_repo.location, + * repository: my_repo.name, + * role: "roles/artifactregistry.reader", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_artifact\_registry\_repository\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.artifactregistry.RepositoryIamMember("member", { + * project: my_repo.project, + * location: my_repo.location, + * repository: my_repo.name, + * role: "roles/artifactregistry.reader", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,12 +209,8 @@ export class RepositoryIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -170,6 +222,11 @@ export class RepositoryIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * Used to find the parent resource to bind the IAM policy to @@ -240,12 +297,8 @@ export interface RepositoryIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -257,6 +310,11 @@ export interface RepositoryIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to @@ -280,12 +338,8 @@ export interface RepositoryIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -297,6 +351,11 @@ export interface RepositoryIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to diff --git a/sdk/nodejs/artifactregistry/repositoryIamMember.ts b/sdk/nodejs/artifactregistry/repositoryIamMember.ts index a66f1cdeb4..5d6a55c106 100644 --- a/sdk/nodejs/artifactregistry/repositoryIamMember.ts +++ b/sdk/nodejs/artifactregistry/repositoryIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_artifact\_registry\_repository\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/artifactregistry.reader", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.artifactregistry.RepositoryIamPolicy("policy", { + * project: my_repo.project, + * location: my_repo.location, + * repository: my_repo.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_artifact\_registry\_repository\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.artifactregistry.RepositoryIamBinding("binding", { + * project: my_repo.project, + * location: my_repo.location, + * repository: my_repo.name, + * role: "roles/artifactregistry.reader", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_artifact\_registry\_repository\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.artifactregistry.RepositoryIamMember("member", { + * project: my_repo.project, + * location: my_repo.location, + * repository: my_repo.name, + * role: "roles/artifactregistry.reader", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,12 +209,8 @@ export class RepositoryIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -170,6 +222,11 @@ export class RepositoryIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * Used to find the parent resource to bind the IAM policy to @@ -240,12 +297,8 @@ export interface RepositoryIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -257,6 +310,11 @@ export interface RepositoryIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to @@ -280,12 +338,8 @@ export interface RepositoryIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -297,6 +351,11 @@ export interface RepositoryIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to diff --git a/sdk/nodejs/artifactregistry/repositoryIamPolicy.ts b/sdk/nodejs/artifactregistry/repositoryIamPolicy.ts index bf5a4a7082..a9ee91f3a3 100644 --- a/sdk/nodejs/artifactregistry/repositoryIamPolicy.ts +++ b/sdk/nodejs/artifactregistry/repositoryIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_artifact\_registry\_repository\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/artifactregistry.reader", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.artifactregistry.RepositoryIamPolicy("policy", { + * project: my_repo.project, + * location: my_repo.location, + * repository: my_repo.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_artifact\_registry\_repository\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.artifactregistry.RepositoryIamBinding("binding", { + * project: my_repo.project, + * location: my_repo.location, + * repository: my_repo.name, + * role: "roles/artifactregistry.reader", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_artifact\_registry\_repository\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.artifactregistry.RepositoryIamMember("member", { + * project: my_repo.project, + * location: my_repo.location, + * repository: my_repo.name, + * role: "roles/artifactregistry.reader", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,18 +214,6 @@ export class RepositoryIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -235,18 +279,6 @@ export interface RepositoryIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -272,18 +304,6 @@ export interface RepositoryIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/bigquery/connectionIamBinding.ts b/sdk/nodejs/bigquery/connectionIamBinding.ts index f329a5ee22..9c027f4927 100644 --- a/sdk/nodejs/bigquery/connectionIamBinding.ts +++ b/sdk/nodejs/bigquery/connectionIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_connection\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigquery.ConnectionIamPolicy("policy", { + * project: connection.project, + * location: connection.location, + * connectionId: connection.connectionId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_connection\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigquery.ConnectionIamBinding("binding", { + * project: connection.project, + * location: connection.location, + * connectionId: connection.connectionId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_connection\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigquery.ConnectionIamMember("member", { + * project: connection.project, + * location: connection.location, + * connectionId: connection.connectionId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -163,12 +219,8 @@ export class ConnectionIamBinding extends pulumi.CustomResource { * Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -180,6 +232,11 @@ export class ConnectionIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -256,12 +313,8 @@ export interface ConnectionIamBindingState { * Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -273,6 +326,11 @@ export interface ConnectionIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -302,12 +360,8 @@ export interface ConnectionIamBindingArgs { * Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -319,6 +373,11 @@ export interface ConnectionIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/bigquery/connectionIamMember.ts b/sdk/nodejs/bigquery/connectionIamMember.ts index 4dd3668663..e992f35179 100644 --- a/sdk/nodejs/bigquery/connectionIamMember.ts +++ b/sdk/nodejs/bigquery/connectionIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_connection\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigquery.ConnectionIamPolicy("policy", { + * project: connection.project, + * location: connection.location, + * connectionId: connection.connectionId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_connection\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigquery.ConnectionIamBinding("binding", { + * project: connection.project, + * location: connection.location, + * connectionId: connection.connectionId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_connection\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigquery.ConnectionIamMember("member", { + * project: connection.project, + * location: connection.location, + * connectionId: connection.connectionId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -163,12 +219,8 @@ export class ConnectionIamMember extends pulumi.CustomResource { * Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -180,6 +232,11 @@ export class ConnectionIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -256,12 +313,8 @@ export interface ConnectionIamMemberState { * Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -273,6 +326,11 @@ export interface ConnectionIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -302,12 +360,8 @@ export interface ConnectionIamMemberArgs { * Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -319,6 +373,11 @@ export interface ConnectionIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/bigquery/connectionIamPolicy.ts b/sdk/nodejs/bigquery/connectionIamPolicy.ts index 9c860e59e6..c73b66ef67 100644 --- a/sdk/nodejs/bigquery/connectionIamPolicy.ts +++ b/sdk/nodejs/bigquery/connectionIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_connection\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigquery.ConnectionIamPolicy("policy", { + * project: connection.project, + * location: connection.location, + * connectionId: connection.connectionId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_connection\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigquery.ConnectionIamBinding("binding", { + * project: connection.project, + * location: connection.location, + * connectionId: connection.connectionId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_connection\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigquery.ConnectionIamMember("member", { + * project: connection.project, + * location: connection.location, + * connectionId: connection.connectionId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -168,18 +224,6 @@ export class ConnectionIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -251,18 +295,6 @@ export interface ConnectionIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -294,18 +326,6 @@ export interface ConnectionIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/bigquery/datasetIamBinding.ts b/sdk/nodejs/bigquery/datasetIamBinding.ts index 13d161a6c2..f1aeb90ab7 100644 --- a/sdk/nodejs/bigquery/datasetIamBinding.ts +++ b/sdk/nodejs/bigquery/datasetIamBinding.ts @@ -78,6 +78,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_dataset\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const owner = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * }], + * }); + * const datasetDataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"}); + * const dataset = new gcp.bigquery.DatasetIamPolicy("dataset", { + * datasetId: datasetDataset.datasetId, + * policyData: owner.then(owner => owner.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_dataset\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"}); + * const reader = new gcp.bigquery.DatasetIamBinding("reader", { + * datasetId: dataset.datasetId, + * role: "roles/bigquery.dataViewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_dataset\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"}); + * const editor = new gcp.bigquery.DatasetIamMember("editor", { + * datasetId: dataset.datasetId, + * role: "roles/bigquery.dataEditor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -135,8 +188,14 @@ export class DatasetIamBinding extends pulumi.CustomResource { public readonly condition!: pulumi.Output; /** * The dataset ID. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly datasetId!: pulumi.Output; + /** + * (Computed) The etag of the dataset's IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -146,11 +205,6 @@ export class DatasetIamBinding extends pulumi.CustomResource { * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. */ - public readonly datasetId!: pulumi.Output; - /** - * (Computed) The etag of the dataset's IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly members!: pulumi.Output; /** * The ID of the project in which the resource belongs. @@ -213,8 +267,14 @@ export interface DatasetIamBindingState { condition?: pulumi.Input; /** * The dataset ID. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + datasetId?: pulumi.Input; + /** + * (Computed) The etag of the dataset's IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -224,11 +284,6 @@ export interface DatasetIamBindingState { * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. */ - datasetId?: pulumi.Input; - /** - * (Computed) The etag of the dataset's IAM policy. - */ - etag?: pulumi.Input; members?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. @@ -250,8 +305,10 @@ export interface DatasetIamBindingArgs { condition?: pulumi.Input; /** * The dataset ID. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + datasetId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -261,7 +318,6 @@ export interface DatasetIamBindingArgs { * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. */ - datasetId: pulumi.Input; members: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. diff --git a/sdk/nodejs/bigquery/datasetIamMember.ts b/sdk/nodejs/bigquery/datasetIamMember.ts index 3c33026973..d444cb5564 100644 --- a/sdk/nodejs/bigquery/datasetIamMember.ts +++ b/sdk/nodejs/bigquery/datasetIamMember.ts @@ -78,6 +78,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_dataset\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const owner = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * }], + * }); + * const datasetDataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"}); + * const dataset = new gcp.bigquery.DatasetIamPolicy("dataset", { + * datasetId: datasetDataset.datasetId, + * policyData: owner.then(owner => owner.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_dataset\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"}); + * const reader = new gcp.bigquery.DatasetIamBinding("reader", { + * datasetId: dataset.datasetId, + * role: "roles/bigquery.dataViewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_dataset\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"}); + * const editor = new gcp.bigquery.DatasetIamMember("editor", { + * datasetId: dataset.datasetId, + * role: "roles/bigquery.dataEditor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -135,8 +188,14 @@ export class DatasetIamMember extends pulumi.CustomResource { public readonly condition!: pulumi.Output; /** * The dataset ID. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly datasetId!: pulumi.Output; + /** + * (Computed) The etag of the dataset's IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -146,11 +205,6 @@ export class DatasetIamMember extends pulumi.CustomResource { * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. */ - public readonly datasetId!: pulumi.Output; - /** - * (Computed) The etag of the dataset's IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly member!: pulumi.Output; /** * The ID of the project in which the resource belongs. @@ -213,8 +267,14 @@ export interface DatasetIamMemberState { condition?: pulumi.Input; /** * The dataset ID. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + datasetId?: pulumi.Input; + /** + * (Computed) The etag of the dataset's IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -224,11 +284,6 @@ export interface DatasetIamMemberState { * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. */ - datasetId?: pulumi.Input; - /** - * (Computed) The etag of the dataset's IAM policy. - */ - etag?: pulumi.Input; member?: pulumi.Input; /** * The ID of the project in which the resource belongs. @@ -250,8 +305,10 @@ export interface DatasetIamMemberArgs { condition?: pulumi.Input; /** * The dataset ID. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + datasetId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -261,7 +318,6 @@ export interface DatasetIamMemberArgs { * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. */ - datasetId: pulumi.Input; member: pulumi.Input; /** * The ID of the project in which the resource belongs. diff --git a/sdk/nodejs/bigquery/datasetIamPolicy.ts b/sdk/nodejs/bigquery/datasetIamPolicy.ts index 9b5202cea6..1f7f132c04 100644 --- a/sdk/nodejs/bigquery/datasetIamPolicy.ts +++ b/sdk/nodejs/bigquery/datasetIamPolicy.ts @@ -76,6 +76,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_dataset\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const owner = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * }], + * }); + * const datasetDataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"}); + * const dataset = new gcp.bigquery.DatasetIamPolicy("dataset", { + * datasetId: datasetDataset.datasetId, + * policyData: owner.then(owner => owner.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_dataset\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"}); + * const reader = new gcp.bigquery.DatasetIamBinding("reader", { + * datasetId: dataset.datasetId, + * role: "roles/bigquery.dataViewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_dataset\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dataset = new gcp.bigquery.Dataset("dataset", {datasetId: "example_dataset"}); + * const editor = new gcp.bigquery.DatasetIamMember("editor", { + * datasetId: dataset.datasetId, + * role: "roles/bigquery.dataEditor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -132,16 +185,6 @@ export class DatasetIamPolicy extends pulumi.CustomResource { /** * The dataset ID. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. */ public readonly datasetId!: pulumi.Output; /** @@ -200,16 +243,6 @@ export class DatasetIamPolicy extends pulumi.CustomResource { export interface DatasetIamPolicyState { /** * The dataset ID. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. */ datasetId?: pulumi.Input; /** @@ -234,16 +267,6 @@ export interface DatasetIamPolicyState { export interface DatasetIamPolicyArgs { /** * The dataset ID. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. */ datasetId: pulumi.Input; /** diff --git a/sdk/nodejs/bigquery/iamBinding.ts b/sdk/nodejs/bigquery/iamBinding.ts index f848094e4e..e95b17e48d 100644 --- a/sdk/nodejs/bigquery/iamBinding.ts +++ b/sdk/nodejs/bigquery/iamBinding.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_table\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigquery.IamPolicy("policy", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.bigquery.IamPolicy("policy", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_bigquery\_table\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigquery.IamBinding("binding", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigquery.IamBinding("binding", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_bigquery\_table\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigquery.IamMember("member", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * role: "roles/bigquery.dataOwner", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigquery.IamMember("member", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * role: "roles/bigquery.dataOwner", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -224,12 +349,8 @@ export class IamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -241,6 +362,11 @@ export class IamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -311,12 +437,8 @@ export interface IamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -328,6 +450,11 @@ export interface IamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -348,12 +475,8 @@ export interface IamBindingArgs { */ condition?: pulumi.Input; datasetId: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -365,6 +488,11 @@ export interface IamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/bigquery/iamMember.ts b/sdk/nodejs/bigquery/iamMember.ts index 4eb710b6cb..40ebf7ff26 100644 --- a/sdk/nodejs/bigquery/iamMember.ts +++ b/sdk/nodejs/bigquery/iamMember.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_table\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigquery.IamPolicy("policy", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.bigquery.IamPolicy("policy", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_bigquery\_table\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigquery.IamBinding("binding", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigquery.IamBinding("binding", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_bigquery\_table\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigquery.IamMember("member", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * role: "roles/bigquery.dataOwner", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigquery.IamMember("member", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * role: "roles/bigquery.dataOwner", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -224,12 +349,8 @@ export class IamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -241,6 +362,11 @@ export class IamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -311,12 +437,8 @@ export interface IamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -328,6 +450,11 @@ export interface IamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -348,12 +475,8 @@ export interface IamMemberArgs { */ condition?: pulumi.Input; datasetId: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -365,6 +488,11 @@ export interface IamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/bigquery/iamPolicy.ts b/sdk/nodejs/bigquery/iamPolicy.ts index 1ca8e2c805..5b78c7b389 100644 --- a/sdk/nodejs/bigquery/iamPolicy.ts +++ b/sdk/nodejs/bigquery/iamPolicy.ts @@ -146,6 +146,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_table\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigquery.IamPolicy("policy", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.bigquery.IamPolicy("policy", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_bigquery\_table\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigquery.IamBinding("binding", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigquery.IamBinding("binding", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * role: "roles/bigquery.dataOwner", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_bigquery\_table\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigquery.IamMember("member", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * role: "roles/bigquery.dataOwner", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigquery.IamMember("member", { + * project: test.project, + * datasetId: test.datasetId, + * tableId: test.tableId, + * role: "roles/bigquery.dataOwner", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -225,18 +350,6 @@ export class IamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly tableId!: pulumi.Output; @@ -298,18 +411,6 @@ export interface IamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; tableId?: pulumi.Input; @@ -328,18 +429,6 @@ export interface IamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; tableId: pulumi.Input; diff --git a/sdk/nodejs/bigqueryanalyticshub/dataExchangeIamBinding.ts b/sdk/nodejs/bigqueryanalyticshub/dataExchangeIamBinding.ts index 762297da55..853295cfe7 100644 --- a/sdk/nodejs/bigqueryanalyticshub/dataExchangeIamBinding.ts +++ b/sdk/nodejs/bigqueryanalyticshub/dataExchangeIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy("policy", { + * project: dataExchange.project, + * location: dataExchange.location, + * dataExchangeId: dataExchange.dataExchangeId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding("binding", { + * project: dataExchange.project, + * location: dataExchange.location, + * dataExchangeId: dataExchange.dataExchangeId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigqueryanalyticshub.DataExchangeIamMember("member", { + * project: dataExchange.project, + * location: dataExchange.location, + * dataExchangeId: dataExchange.dataExchangeId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,12 +213,8 @@ export class DataExchangeIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -174,6 +226,11 @@ export class DataExchangeIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -244,12 +301,8 @@ export interface DataExchangeIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -261,6 +314,11 @@ export interface DataExchangeIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -284,12 +342,8 @@ export interface DataExchangeIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -301,6 +355,11 @@ export interface DataExchangeIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/bigqueryanalyticshub/dataExchangeIamMember.ts b/sdk/nodejs/bigqueryanalyticshub/dataExchangeIamMember.ts index c0fe6857de..240d0541a0 100644 --- a/sdk/nodejs/bigqueryanalyticshub/dataExchangeIamMember.ts +++ b/sdk/nodejs/bigqueryanalyticshub/dataExchangeIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy("policy", { + * project: dataExchange.project, + * location: dataExchange.location, + * dataExchangeId: dataExchange.dataExchangeId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding("binding", { + * project: dataExchange.project, + * location: dataExchange.location, + * dataExchangeId: dataExchange.dataExchangeId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigqueryanalyticshub.DataExchangeIamMember("member", { + * project: dataExchange.project, + * location: dataExchange.location, + * dataExchangeId: dataExchange.dataExchangeId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,12 +213,8 @@ export class DataExchangeIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -174,6 +226,11 @@ export class DataExchangeIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -244,12 +301,8 @@ export interface DataExchangeIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -261,6 +314,11 @@ export interface DataExchangeIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -284,12 +342,8 @@ export interface DataExchangeIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -301,6 +355,11 @@ export interface DataExchangeIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/bigqueryanalyticshub/dataExchangeIamPolicy.ts b/sdk/nodejs/bigqueryanalyticshub/dataExchangeIamPolicy.ts index 16b70961d9..da57bbcbfa 100644 --- a/sdk/nodejs/bigqueryanalyticshub/dataExchangeIamPolicy.ts +++ b/sdk/nodejs/bigqueryanalyticshub/dataExchangeIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigqueryanalyticshub.DataExchangeIamPolicy("policy", { + * project: dataExchange.project, + * location: dataExchange.location, + * dataExchangeId: dataExchange.dataExchangeId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigqueryanalyticshub.DataExchangeIamBinding("binding", { + * project: dataExchange.project, + * location: dataExchange.location, + * dataExchangeId: dataExchange.dataExchangeId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_analytics\_hub\_data\_exchange\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigqueryanalyticshub.DataExchangeIamMember("member", { + * project: dataExchange.project, + * location: dataExchange.location, + * dataExchangeId: dataExchange.dataExchangeId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -162,18 +218,6 @@ export class DataExchangeIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -239,18 +283,6 @@ export interface DataExchangeIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -276,18 +308,6 @@ export interface DataExchangeIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/bigqueryanalyticshub/listingIamBinding.ts b/sdk/nodejs/bigqueryanalyticshub/listingIamBinding.ts index fe5f477ea0..ac1978da13 100644 --- a/sdk/nodejs/bigqueryanalyticshub/listingIamBinding.ts +++ b/sdk/nodejs/bigqueryanalyticshub/listingIamBinding.ts @@ -80,6 +80,65 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigqueryanalyticshub.ListingIamPolicy("policy", { + * project: listing.project, + * location: listing.location, + * dataExchangeId: listing.dataExchangeId, + * listingId: listing.listingId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigqueryanalyticshub.ListingIamBinding("binding", { + * project: listing.project, + * location: listing.location, + * dataExchangeId: listing.dataExchangeId, + * listingId: listing.listingId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigqueryanalyticshub.ListingIamMember("member", { + * project: listing.project, + * location: listing.location, + * dataExchangeId: listing.dataExchangeId, + * listingId: listing.listingId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -164,12 +223,8 @@ export class ListingIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -181,6 +236,11 @@ export class ListingIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -260,12 +320,8 @@ export interface ListingIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -277,6 +333,11 @@ export interface ListingIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -304,12 +365,8 @@ export interface ListingIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -321,6 +378,11 @@ export interface ListingIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/bigqueryanalyticshub/listingIamMember.ts b/sdk/nodejs/bigqueryanalyticshub/listingIamMember.ts index f0142d5367..0bc053e059 100644 --- a/sdk/nodejs/bigqueryanalyticshub/listingIamMember.ts +++ b/sdk/nodejs/bigqueryanalyticshub/listingIamMember.ts @@ -80,6 +80,65 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigqueryanalyticshub.ListingIamPolicy("policy", { + * project: listing.project, + * location: listing.location, + * dataExchangeId: listing.dataExchangeId, + * listingId: listing.listingId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigqueryanalyticshub.ListingIamBinding("binding", { + * project: listing.project, + * location: listing.location, + * dataExchangeId: listing.dataExchangeId, + * listingId: listing.listingId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigqueryanalyticshub.ListingIamMember("member", { + * project: listing.project, + * location: listing.location, + * dataExchangeId: listing.dataExchangeId, + * listingId: listing.listingId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -164,12 +223,8 @@ export class ListingIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -181,6 +236,11 @@ export class ListingIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -260,12 +320,8 @@ export interface ListingIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -277,6 +333,11 @@ export interface ListingIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -304,12 +365,8 @@ export interface ListingIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -321,6 +378,11 @@ export interface ListingIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/bigqueryanalyticshub/listingIamPolicy.ts b/sdk/nodejs/bigqueryanalyticshub/listingIamPolicy.ts index f1cef76d15..4d785838d3 100644 --- a/sdk/nodejs/bigqueryanalyticshub/listingIamPolicy.ts +++ b/sdk/nodejs/bigqueryanalyticshub/listingIamPolicy.ts @@ -78,6 +78,65 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigqueryanalyticshub.ListingIamPolicy("policy", { + * project: listing.project, + * location: listing.location, + * dataExchangeId: listing.dataExchangeId, + * listingId: listing.listingId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigqueryanalyticshub.ListingIamBinding("binding", { + * project: listing.project, + * location: listing.location, + * dataExchangeId: listing.dataExchangeId, + * listingId: listing.listingId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_analytics\_hub\_listing\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigqueryanalyticshub.ListingIamMember("member", { + * project: listing.project, + * location: listing.location, + * dataExchangeId: listing.dataExchangeId, + * listingId: listing.listingId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -169,18 +228,6 @@ export class ListingIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -255,18 +302,6 @@ export interface ListingIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -296,18 +331,6 @@ export interface ListingIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/bigquerydatapolicy/dataPolicyIamBinding.ts b/sdk/nodejs/bigquerydatapolicy/dataPolicyIamBinding.ts index b920230db8..d2cd2685b7 100644 --- a/sdk/nodejs/bigquerydatapolicy/dataPolicyIamBinding.ts +++ b/sdk/nodejs/bigquerydatapolicy/dataPolicyIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy("policy", { + * project: dataPolicy.project, + * location: dataPolicy.location, + * dataPolicyId: dataPolicy.dataPolicyId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding("binding", { + * project: dataPolicy.project, + * location: dataPolicy.location, + * dataPolicyId: dataPolicy.dataPolicyId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigquerydatapolicy.DataPolicyIamMember("member", { + * project: dataPolicy.project, + * location: dataPolicy.location, + * dataPolicyId: dataPolicy.dataPolicyId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,12 +210,8 @@ export class DataPolicyIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -171,6 +223,11 @@ export class DataPolicyIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -238,12 +295,8 @@ export interface DataPolicyIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -255,6 +308,11 @@ export interface DataPolicyIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -275,12 +333,8 @@ export interface DataPolicyIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -292,6 +346,11 @@ export interface DataPolicyIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/bigquerydatapolicy/dataPolicyIamMember.ts b/sdk/nodejs/bigquerydatapolicy/dataPolicyIamMember.ts index e618a3ad19..e785a3d755 100644 --- a/sdk/nodejs/bigquerydatapolicy/dataPolicyIamMember.ts +++ b/sdk/nodejs/bigquerydatapolicy/dataPolicyIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy("policy", { + * project: dataPolicy.project, + * location: dataPolicy.location, + * dataPolicyId: dataPolicy.dataPolicyId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding("binding", { + * project: dataPolicy.project, + * location: dataPolicy.location, + * dataPolicyId: dataPolicy.dataPolicyId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigquerydatapolicy.DataPolicyIamMember("member", { + * project: dataPolicy.project, + * location: dataPolicy.location, + * dataPolicyId: dataPolicy.dataPolicyId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,12 +210,8 @@ export class DataPolicyIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -171,6 +223,11 @@ export class DataPolicyIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -238,12 +295,8 @@ export interface DataPolicyIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -255,6 +308,11 @@ export interface DataPolicyIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -275,12 +333,8 @@ export interface DataPolicyIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -292,6 +346,11 @@ export interface DataPolicyIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/bigquerydatapolicy/dataPolicyIamPolicy.ts b/sdk/nodejs/bigquerydatapolicy/dataPolicyIamPolicy.ts index 6d039a4657..31d538366a 100644 --- a/sdk/nodejs/bigquerydatapolicy/dataPolicyIamPolicy.ts +++ b/sdk/nodejs/bigquerydatapolicy/dataPolicyIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.bigquerydatapolicy.DataPolicyIamPolicy("policy", { + * project: dataPolicy.project, + * location: dataPolicy.location, + * dataPolicyId: dataPolicy.dataPolicyId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.bigquerydatapolicy.DataPolicyIamBinding("binding", { + * project: dataPolicy.project, + * location: dataPolicy.location, + * dataPolicyId: dataPolicy.dataPolicyId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigquery\_datapolicy\_data\_policy\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.bigquerydatapolicy.DataPolicyIamMember("member", { + * project: dataPolicy.project, + * location: dataPolicy.location, + * dataPolicyId: dataPolicy.dataPolicyId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -159,18 +215,6 @@ export class DataPolicyIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -233,18 +277,6 @@ export interface DataPolicyIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -267,18 +299,6 @@ export interface DataPolicyIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/bigtable/instanceIamBinding.ts b/sdk/nodejs/bigtable/instanceIamBinding.ts index f42c75d7cf..3d3e30ac8b 100644 --- a/sdk/nodejs/bigtable/instanceIamBinding.ts +++ b/sdk/nodejs/bigtable/instanceIamBinding.ts @@ -68,6 +68,57 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigtable\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigtable.user", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.bigtable.InstanceIamPolicy("editor", { + * project: "your-project", + * instance: "your-bigtable-instance", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigtable\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.bigtable.InstanceIamBinding("editor", { + * instance: "your-bigtable-instance", + * role: "roles/bigtable.user", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigtable\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.bigtable.InstanceIamMember("editor", { + * instance: "your-bigtable-instance", + * role: "roles/bigtable.user", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -131,8 +182,10 @@ export class InstanceIamBinding extends pulumi.CustomResource { * The name or relative resource id of the instance to manage IAM policies for. * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly instance!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -141,7 +194,6 @@ export class InstanceIamBinding extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly instance!: pulumi.Output; public readonly members!: pulumi.Output; /** * The project in which the instance belongs. If it @@ -212,8 +264,10 @@ export interface InstanceIamBindingState { * The name or relative resource id of the instance to manage IAM policies for. * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + instance?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -222,7 +276,6 @@ export interface InstanceIamBindingState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - instance?: pulumi.Input; members?: pulumi.Input[]>; /** * The project in which the instance belongs. If it @@ -248,8 +301,10 @@ export interface InstanceIamBindingArgs { * The name or relative resource id of the instance to manage IAM policies for. * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + instance: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -258,7 +313,6 @@ export interface InstanceIamBindingArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - instance: pulumi.Input; members: pulumi.Input[]>; /** * The project in which the instance belongs. If it diff --git a/sdk/nodejs/bigtable/instanceIamMember.ts b/sdk/nodejs/bigtable/instanceIamMember.ts index 1e3c2e26f7..f367f21db4 100644 --- a/sdk/nodejs/bigtable/instanceIamMember.ts +++ b/sdk/nodejs/bigtable/instanceIamMember.ts @@ -68,6 +68,57 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigtable\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigtable.user", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.bigtable.InstanceIamPolicy("editor", { + * project: "your-project", + * instance: "your-bigtable-instance", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigtable\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.bigtable.InstanceIamBinding("editor", { + * instance: "your-bigtable-instance", + * role: "roles/bigtable.user", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigtable\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.bigtable.InstanceIamMember("editor", { + * instance: "your-bigtable-instance", + * role: "roles/bigtable.user", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -131,8 +182,10 @@ export class InstanceIamMember extends pulumi.CustomResource { * The name or relative resource id of the instance to manage IAM policies for. * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly instance!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -141,7 +194,6 @@ export class InstanceIamMember extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly instance!: pulumi.Output; public readonly member!: pulumi.Output; /** * The project in which the instance belongs. If it @@ -212,8 +264,10 @@ export interface InstanceIamMemberState { * The name or relative resource id of the instance to manage IAM policies for. * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + instance?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -222,7 +276,6 @@ export interface InstanceIamMemberState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - instance?: pulumi.Input; member?: pulumi.Input; /** * The project in which the instance belongs. If it @@ -248,8 +301,10 @@ export interface InstanceIamMemberArgs { * The name or relative resource id of the instance to manage IAM policies for. * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + instance: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -258,7 +313,6 @@ export interface InstanceIamMemberArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - instance: pulumi.Input; member: pulumi.Input; /** * The project in which the instance belongs. If it diff --git a/sdk/nodejs/bigtable/instanceIamPolicy.ts b/sdk/nodejs/bigtable/instanceIamPolicy.ts index 3b5cc96010..ff2f418b29 100644 --- a/sdk/nodejs/bigtable/instanceIamPolicy.ts +++ b/sdk/nodejs/bigtable/instanceIamPolicy.ts @@ -66,6 +66,57 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigtable\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigtable.user", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.bigtable.InstanceIamPolicy("editor", { + * project: "your-project", + * instance: "your-bigtable-instance", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigtable\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.bigtable.InstanceIamBinding("editor", { + * instance: "your-bigtable-instance", + * role: "roles/bigtable.user", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigtable\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.bigtable.InstanceIamMember("editor", { + * instance: "your-bigtable-instance", + * role: "roles/bigtable.user", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -128,15 +179,6 @@ export class InstanceIamPolicy extends pulumi.CustomResource { * The name or relative resource id of the instance to manage IAM policies for. * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly instance!: pulumi.Output; /** @@ -198,15 +240,6 @@ export interface InstanceIamPolicyState { * The name or relative resource id of the instance to manage IAM policies for. * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ instance?: pulumi.Input; /** @@ -230,15 +263,6 @@ export interface InstanceIamPolicyArgs { * The name or relative resource id of the instance to manage IAM policies for. * * For `gcp.bigtable.InstanceIamMember` or `gcp.bigtable.InstanceIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ instance: pulumi.Input; /** diff --git a/sdk/nodejs/bigtable/tableIamBinding.ts b/sdk/nodejs/bigtable/tableIamBinding.ts index 3b3c04d580..ed486e99d5 100644 --- a/sdk/nodejs/bigtable/tableIamBinding.ts +++ b/sdk/nodejs/bigtable/tableIamBinding.ts @@ -71,6 +71,60 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigtable\_table\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigtable.user", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.bigtable.TableIamPolicy("editor", { + * project: "your-project", + * instance: "your-bigtable-instance", + * table: "your-bigtable-table", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigtable\_table\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.bigtable.TableIamBinding("editor", { + * table: "your-bigtable-table", + * instance: "your-bigtable-instance", + * role: "roles/bigtable.user", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigtable\_table\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.bigtable.TableIamMember("editor", { + * table: "your-bigtable-table", + * instance: "your-bigtable-instance", + * role: "roles/bigtable.user", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -134,6 +188,16 @@ export class TableIamBinding extends pulumi.CustomResource { * The name or relative resource id of the instance that owns the table. */ public readonly instance!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly members!: pulumi.Output; /** * The project in which the table belongs. If it @@ -152,15 +216,6 @@ export class TableIamBinding extends pulumi.CustomResource { * The name or relative resource id of the table to manage IAM policies for. * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly table!: pulumi.Output; @@ -224,6 +279,16 @@ export interface TableIamBindingState { * The name or relative resource id of the instance that owns the table. */ instance?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ members?: pulumi.Input[]>; /** * The project in which the table belongs. If it @@ -242,15 +307,6 @@ export interface TableIamBindingState { * The name or relative resource id of the table to manage IAM policies for. * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ table?: pulumi.Input; } @@ -264,6 +320,16 @@ export interface TableIamBindingArgs { * The name or relative resource id of the instance that owns the table. */ instance: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ members: pulumi.Input[]>; /** * The project in which the table belongs. If it @@ -282,15 +348,6 @@ export interface TableIamBindingArgs { * The name or relative resource id of the table to manage IAM policies for. * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ table: pulumi.Input; } diff --git a/sdk/nodejs/bigtable/tableIamMember.ts b/sdk/nodejs/bigtable/tableIamMember.ts index 3b7e51f9ba..41199ca643 100644 --- a/sdk/nodejs/bigtable/tableIamMember.ts +++ b/sdk/nodejs/bigtable/tableIamMember.ts @@ -71,6 +71,60 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigtable\_table\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigtable.user", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.bigtable.TableIamPolicy("editor", { + * project: "your-project", + * instance: "your-bigtable-instance", + * table: "your-bigtable-table", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigtable\_table\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.bigtable.TableIamBinding("editor", { + * table: "your-bigtable-table", + * instance: "your-bigtable-instance", + * role: "roles/bigtable.user", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigtable\_table\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.bigtable.TableIamMember("editor", { + * table: "your-bigtable-table", + * instance: "your-bigtable-instance", + * role: "roles/bigtable.user", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -134,6 +188,16 @@ export class TableIamMember extends pulumi.CustomResource { * The name or relative resource id of the instance that owns the table. */ public readonly instance!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly member!: pulumi.Output; /** * The project in which the table belongs. If it @@ -152,15 +216,6 @@ export class TableIamMember extends pulumi.CustomResource { * The name or relative resource id of the table to manage IAM policies for. * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly table!: pulumi.Output; @@ -224,6 +279,16 @@ export interface TableIamMemberState { * The name or relative resource id of the instance that owns the table. */ instance?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member?: pulumi.Input; /** * The project in which the table belongs. If it @@ -242,15 +307,6 @@ export interface TableIamMemberState { * The name or relative resource id of the table to manage IAM policies for. * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ table?: pulumi.Input; } @@ -264,6 +320,16 @@ export interface TableIamMemberArgs { * The name or relative resource id of the instance that owns the table. */ instance: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member: pulumi.Input; /** * The project in which the table belongs. If it @@ -282,15 +348,6 @@ export interface TableIamMemberArgs { * The name or relative resource id of the table to manage IAM policies for. * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ table: pulumi.Input; } diff --git a/sdk/nodejs/bigtable/tableIamPolicy.ts b/sdk/nodejs/bigtable/tableIamPolicy.ts index e289635a57..fe5c1b558f 100644 --- a/sdk/nodejs/bigtable/tableIamPolicy.ts +++ b/sdk/nodejs/bigtable/tableIamPolicy.ts @@ -69,6 +69,60 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_bigtable\_table\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/bigtable.user", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.bigtable.TableIamPolicy("editor", { + * project: "your-project", + * instance: "your-bigtable-instance", + * table: "your-bigtable-table", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_bigtable\_table\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.bigtable.TableIamBinding("editor", { + * table: "your-bigtable-table", + * instance: "your-bigtable-instance", + * role: "roles/bigtable.user", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_bigtable\_table\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.bigtable.TableIamMember("editor", { + * table: "your-bigtable-table", + * instance: "your-bigtable-instance", + * role: "roles/bigtable.user", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -146,15 +200,6 @@ export class TableIamPolicy extends pulumi.CustomResource { * The name or relative resource id of the table to manage IAM policies for. * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly table!: pulumi.Output; @@ -225,15 +270,6 @@ export interface TableIamPolicyState { * The name or relative resource id of the table to manage IAM policies for. * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ table?: pulumi.Input; } @@ -261,15 +297,6 @@ export interface TableIamPolicyArgs { * The name or relative resource id of the table to manage IAM policies for. * * For `gcp.bigtable.TableIamMember` or `gcp.bigtable.TableIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ table: pulumi.Input; } diff --git a/sdk/nodejs/billing/accountIamBinding.ts b/sdk/nodejs/billing/accountIamBinding.ts index 23603e07a9..94c8d8307e 100644 --- a/sdk/nodejs/billing/accountIamBinding.ts +++ b/sdk/nodejs/billing/accountIamBinding.ts @@ -67,6 +67,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_billing\_account\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/billing.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.billing.AccountIamPolicy("editor", { + * billingAccountId: "00AA00-000AAA-00AA0A", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_billing\_account\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.billing.AccountIamBinding("editor", { + * billingAccountId: "00AA00-000AAA-00AA0A", + * role: "roles/billing.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_billing\_account\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.billing.AccountIamMember("editor", { + * billingAccountId: "00AA00-000AAA-00AA0A", + * role: "roles/billing.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -125,13 +175,6 @@ export class AccountIamBinding extends pulumi.CustomResource { * The billing account id. * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly billingAccountId!: pulumi.Output; public readonly condition!: pulumi.Output; @@ -139,6 +182,14 @@ export class AccountIamBinding extends pulumi.CustomResource { * (Computed) The etag of the billing account's IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly members!: pulumi.Output; /** * The role that should be applied. Only one @@ -197,13 +248,6 @@ export interface AccountIamBindingState { * The billing account id. * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ billingAccountId?: pulumi.Input; condition?: pulumi.Input; @@ -211,6 +255,14 @@ export interface AccountIamBindingState { * (Computed) The etag of the billing account's IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ members?: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -230,16 +282,17 @@ export interface AccountIamBindingArgs { * The billing account id. * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + billingAccountId: pulumi.Input; + condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - billingAccountId: pulumi.Input; - condition?: pulumi.Input; members: pulumi.Input[]>; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/billing/accountIamMember.ts b/sdk/nodejs/billing/accountIamMember.ts index 0e7622a13f..7e8075dee2 100644 --- a/sdk/nodejs/billing/accountIamMember.ts +++ b/sdk/nodejs/billing/accountIamMember.ts @@ -67,6 +67,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_billing\_account\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/billing.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.billing.AccountIamPolicy("editor", { + * billingAccountId: "00AA00-000AAA-00AA0A", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_billing\_account\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.billing.AccountIamBinding("editor", { + * billingAccountId: "00AA00-000AAA-00AA0A", + * role: "roles/billing.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_billing\_account\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.billing.AccountIamMember("editor", { + * billingAccountId: "00AA00-000AAA-00AA0A", + * role: "roles/billing.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -125,13 +175,6 @@ export class AccountIamMember extends pulumi.CustomResource { * The billing account id. * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly billingAccountId!: pulumi.Output; public readonly condition!: pulumi.Output; @@ -139,6 +182,14 @@ export class AccountIamMember extends pulumi.CustomResource { * (Computed) The etag of the billing account's IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -197,13 +248,6 @@ export interface AccountIamMemberState { * The billing account id. * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ billingAccountId?: pulumi.Input; condition?: pulumi.Input; @@ -211,6 +255,14 @@ export interface AccountIamMemberState { * (Computed) The etag of the billing account's IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member?: pulumi.Input; /** * The role that should be applied. Only one @@ -230,16 +282,17 @@ export interface AccountIamMemberArgs { * The billing account id. * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + billingAccountId: pulumi.Input; + condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - billingAccountId: pulumi.Input; - condition?: pulumi.Input; member: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/billing/accountIamPolicy.ts b/sdk/nodejs/billing/accountIamPolicy.ts index 4838a7af0e..321f80adc9 100644 --- a/sdk/nodejs/billing/accountIamPolicy.ts +++ b/sdk/nodejs/billing/accountIamPolicy.ts @@ -65,6 +65,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_billing\_account\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/billing.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.billing.AccountIamPolicy("editor", { + * billingAccountId: "00AA00-000AAA-00AA0A", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_billing\_account\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.billing.AccountIamBinding("editor", { + * billingAccountId: "00AA00-000AAA-00AA0A", + * role: "roles/billing.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_billing\_account\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.billing.AccountIamMember("editor", { + * billingAccountId: "00AA00-000AAA-00AA0A", + * role: "roles/billing.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -123,13 +173,6 @@ export class AccountIamPolicy extends pulumi.CustomResource { * The billing account id. * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly billingAccountId!: pulumi.Output; /** @@ -184,13 +227,6 @@ export interface AccountIamPolicyState { * The billing account id. * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ billingAccountId?: pulumi.Input; /** @@ -213,13 +249,6 @@ export interface AccountIamPolicyArgs { * The billing account id. * * For `gcp.billing.AccountIamMember` or `gcp.billing.AccountIamBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ billingAccountId: pulumi.Input; /** diff --git a/sdk/nodejs/binaryauthorization/attestorIamBinding.ts b/sdk/nodejs/binaryauthorization/attestorIamBinding.ts index c12b1e86c6..d27fee5e7f 100644 --- a/sdk/nodejs/binaryauthorization/attestorIamBinding.ts +++ b/sdk/nodejs/binaryauthorization/attestorIamBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_binary\_authorization\_attestor\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.binaryauthorization.AttestorIamPolicy("policy", { + * project: attestor.project, + * attestor: attestor.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_binary\_authorization\_attestor\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.binaryauthorization.AttestorIamBinding("binding", { + * project: attestor.project, + * attestor: attestor.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_binary\_authorization\_attestor\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.binaryauthorization.AttestorIamMember("member", { + * project: attestor.project, + * attestor: attestor.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -147,12 +200,8 @@ export class AttestorIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,6 +213,11 @@ export class AttestorIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -227,12 +281,8 @@ export interface AttestorIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,6 +294,11 @@ export interface AttestorIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -262,12 +317,8 @@ export interface AttestorIamBindingArgs { */ attestor: pulumi.Input; condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -279,6 +330,11 @@ export interface AttestorIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/binaryauthorization/attestorIamMember.ts b/sdk/nodejs/binaryauthorization/attestorIamMember.ts index d044499be3..03a42f2f39 100644 --- a/sdk/nodejs/binaryauthorization/attestorIamMember.ts +++ b/sdk/nodejs/binaryauthorization/attestorIamMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_binary\_authorization\_attestor\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.binaryauthorization.AttestorIamPolicy("policy", { + * project: attestor.project, + * attestor: attestor.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_binary\_authorization\_attestor\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.binaryauthorization.AttestorIamBinding("binding", { + * project: attestor.project, + * attestor: attestor.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_binary\_authorization\_attestor\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.binaryauthorization.AttestorIamMember("member", { + * project: attestor.project, + * attestor: attestor.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -147,12 +200,8 @@ export class AttestorIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,6 +213,11 @@ export class AttestorIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -227,12 +281,8 @@ export interface AttestorIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,6 +294,11 @@ export interface AttestorIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -262,12 +317,8 @@ export interface AttestorIamMemberArgs { */ attestor: pulumi.Input; condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -279,6 +330,11 @@ export interface AttestorIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/binaryauthorization/attestorIamPolicy.ts b/sdk/nodejs/binaryauthorization/attestorIamPolicy.ts index f162dc42f2..d11795d389 100644 --- a/sdk/nodejs/binaryauthorization/attestorIamPolicy.ts +++ b/sdk/nodejs/binaryauthorization/attestorIamPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_binary\_authorization\_attestor\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.binaryauthorization.AttestorIamPolicy("policy", { + * project: attestor.project, + * attestor: attestor.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_binary\_authorization\_attestor\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.binaryauthorization.AttestorIamBinding("binding", { + * project: attestor.project, + * attestor: attestor.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_binary\_authorization\_attestor\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.binaryauthorization.AttestorIamMember("member", { + * project: attestor.project, + * attestor: attestor.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,18 +205,6 @@ export class AttestorIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -222,18 +263,6 @@ export interface AttestorIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -254,18 +283,6 @@ export interface AttestorIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/certificateauthority/caPoolIamBinding.ts b/sdk/nodejs/certificateauthority/caPoolIamBinding.ts index 3266087712..1e47b48994 100644 --- a/sdk/nodejs/certificateauthority/caPoolIamBinding.ts +++ b/sdk/nodejs/certificateauthority/caPoolIamBinding.ts @@ -136,6 +136,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_privateca\_ca\_pool\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/privateca.certificateManager", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.certificateauthority.CaPoolIamPolicy("policy", { + * caPool: _default.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/privateca.certificateManager", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.certificateauthority.CaPoolIamPolicy("policy", { + * caPool: _default.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_privateca\_ca\_pool\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.certificateauthority.CaPoolIamBinding("binding", { + * caPool: _default.id, + * role: "roles/privateca.certificateManager", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.certificateauthority.CaPoolIamBinding("binding", { + * caPool: _default.id, + * role: "roles/privateca.certificateManager", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_privateca\_ca\_pool\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.certificateauthority.CaPoolIamMember("member", { + * caPool: _default.id, + * role: "roles/privateca.certificateManager", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.certificateauthority.CaPoolIamMember("member", { + * caPool: _default.id, + * role: "roles/privateca.certificateManager", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -219,12 +332,8 @@ export class CaPoolIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -236,6 +345,11 @@ export class CaPoolIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -311,12 +425,8 @@ export interface CaPoolIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -328,6 +438,11 @@ export interface CaPoolIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -356,12 +471,8 @@ export interface CaPoolIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -373,6 +484,11 @@ export interface CaPoolIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/certificateauthority/caPoolIamMember.ts b/sdk/nodejs/certificateauthority/caPoolIamMember.ts index 8374b7da61..20da418335 100644 --- a/sdk/nodejs/certificateauthority/caPoolIamMember.ts +++ b/sdk/nodejs/certificateauthority/caPoolIamMember.ts @@ -136,6 +136,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_privateca\_ca\_pool\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/privateca.certificateManager", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.certificateauthority.CaPoolIamPolicy("policy", { + * caPool: _default.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/privateca.certificateManager", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.certificateauthority.CaPoolIamPolicy("policy", { + * caPool: _default.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_privateca\_ca\_pool\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.certificateauthority.CaPoolIamBinding("binding", { + * caPool: _default.id, + * role: "roles/privateca.certificateManager", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.certificateauthority.CaPoolIamBinding("binding", { + * caPool: _default.id, + * role: "roles/privateca.certificateManager", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_privateca\_ca\_pool\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.certificateauthority.CaPoolIamMember("member", { + * caPool: _default.id, + * role: "roles/privateca.certificateManager", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.certificateauthority.CaPoolIamMember("member", { + * caPool: _default.id, + * role: "roles/privateca.certificateManager", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -219,12 +332,8 @@ export class CaPoolIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -236,6 +345,11 @@ export class CaPoolIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -311,12 +425,8 @@ export interface CaPoolIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -328,6 +438,11 @@ export interface CaPoolIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -356,12 +471,8 @@ export interface CaPoolIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -373,6 +484,11 @@ export interface CaPoolIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/certificateauthority/caPoolIamPolicy.ts b/sdk/nodejs/certificateauthority/caPoolIamPolicy.ts index 10cada2211..7ad1b1957a 100644 --- a/sdk/nodejs/certificateauthority/caPoolIamPolicy.ts +++ b/sdk/nodejs/certificateauthority/caPoolIamPolicy.ts @@ -134,6 +134,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_privateca\_ca\_pool\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/privateca.certificateManager", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.certificateauthority.CaPoolIamPolicy("policy", { + * caPool: _default.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/privateca.certificateManager", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.certificateauthority.CaPoolIamPolicy("policy", { + * caPool: _default.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_privateca\_ca\_pool\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.certificateauthority.CaPoolIamBinding("binding", { + * caPool: _default.id, + * role: "roles/privateca.certificateManager", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.certificateauthority.CaPoolIamBinding("binding", { + * caPool: _default.id, + * role: "roles/privateca.certificateManager", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_privateca\_ca\_pool\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.certificateauthority.CaPoolIamMember("member", { + * caPool: _default.id, + * role: "roles/privateca.certificateManager", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.certificateauthority.CaPoolIamMember("member", { + * caPool: _default.id, + * role: "roles/privateca.certificateManager", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -220,18 +333,6 @@ export class CaPoolIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -298,18 +399,6 @@ export interface CaPoolIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -336,18 +425,6 @@ export interface CaPoolIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/certificateauthority/certificateTemplateIamBinding.ts b/sdk/nodejs/certificateauthority/certificateTemplateIamBinding.ts index 1a03d7c510..a4cb07611c 100644 --- a/sdk/nodejs/certificateauthority/certificateTemplateIamBinding.ts +++ b/sdk/nodejs/certificateauthority/certificateTemplateIamBinding.ts @@ -136,6 +136,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_privateca\_certificate\_template\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/privateca.templateUser", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.certificateauthority.CertificateTemplateIamPolicy("policy", { + * certificateTemplate: _default.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/privateca.templateUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.certificateauthority.CertificateTemplateIamPolicy("policy", { + * certificateTemplate: _default.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_privateca\_certificate\_template\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.certificateauthority.CertificateTemplateIamBinding("binding", { + * certificateTemplate: _default.id, + * role: "roles/privateca.templateUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.certificateauthority.CertificateTemplateIamBinding("binding", { + * certificateTemplate: _default.id, + * role: "roles/privateca.templateUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_privateca\_certificate\_template\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.certificateauthority.CertificateTemplateIamMember("member", { + * certificateTemplate: _default.id, + * role: "roles/privateca.templateUser", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.certificateauthority.CertificateTemplateIamMember("member", { + * certificateTemplate: _default.id, + * role: "roles/privateca.templateUser", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -214,12 +327,8 @@ export class CertificateTemplateIamBinding extends pulumi.CustomResource { */ public /*out*/ readonly etag!: pulumi.Output; public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -231,6 +340,11 @@ export class CertificateTemplateIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -301,12 +415,8 @@ export interface CertificateTemplateIamBindingState { */ etag?: pulumi.Input; location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -318,6 +428,11 @@ export interface CertificateTemplateIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -341,12 +456,8 @@ export interface CertificateTemplateIamBindingArgs { */ condition?: pulumi.Input; location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -358,6 +469,11 @@ export interface CertificateTemplateIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/certificateauthority/certificateTemplateIamMember.ts b/sdk/nodejs/certificateauthority/certificateTemplateIamMember.ts index 1e44aa144d..cd9f85b841 100644 --- a/sdk/nodejs/certificateauthority/certificateTemplateIamMember.ts +++ b/sdk/nodejs/certificateauthority/certificateTemplateIamMember.ts @@ -136,6 +136,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_privateca\_certificate\_template\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/privateca.templateUser", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.certificateauthority.CertificateTemplateIamPolicy("policy", { + * certificateTemplate: _default.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/privateca.templateUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.certificateauthority.CertificateTemplateIamPolicy("policy", { + * certificateTemplate: _default.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_privateca\_certificate\_template\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.certificateauthority.CertificateTemplateIamBinding("binding", { + * certificateTemplate: _default.id, + * role: "roles/privateca.templateUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.certificateauthority.CertificateTemplateIamBinding("binding", { + * certificateTemplate: _default.id, + * role: "roles/privateca.templateUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_privateca\_certificate\_template\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.certificateauthority.CertificateTemplateIamMember("member", { + * certificateTemplate: _default.id, + * role: "roles/privateca.templateUser", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.certificateauthority.CertificateTemplateIamMember("member", { + * certificateTemplate: _default.id, + * role: "roles/privateca.templateUser", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -214,12 +327,8 @@ export class CertificateTemplateIamMember extends pulumi.CustomResource { */ public /*out*/ readonly etag!: pulumi.Output; public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -231,6 +340,11 @@ export class CertificateTemplateIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -301,12 +415,8 @@ export interface CertificateTemplateIamMemberState { */ etag?: pulumi.Input; location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -318,6 +428,11 @@ export interface CertificateTemplateIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -341,12 +456,8 @@ export interface CertificateTemplateIamMemberArgs { */ condition?: pulumi.Input; location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -358,6 +469,11 @@ export interface CertificateTemplateIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/certificateauthority/certificateTemplateIamPolicy.ts b/sdk/nodejs/certificateauthority/certificateTemplateIamPolicy.ts index 11298159cd..d68c9a123e 100644 --- a/sdk/nodejs/certificateauthority/certificateTemplateIamPolicy.ts +++ b/sdk/nodejs/certificateauthority/certificateTemplateIamPolicy.ts @@ -134,6 +134,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_privateca\_certificate\_template\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/privateca.templateUser", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.certificateauthority.CertificateTemplateIamPolicy("policy", { + * certificateTemplate: _default.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/privateca.templateUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.certificateauthority.CertificateTemplateIamPolicy("policy", { + * certificateTemplate: _default.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_privateca\_certificate\_template\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.certificateauthority.CertificateTemplateIamBinding("binding", { + * certificateTemplate: _default.id, + * role: "roles/privateca.templateUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.certificateauthority.CertificateTemplateIamBinding("binding", { + * certificateTemplate: _default.id, + * role: "roles/privateca.templateUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_privateca\_certificate\_template\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.certificateauthority.CertificateTemplateIamMember("member", { + * certificateTemplate: _default.id, + * role: "roles/privateca.templateUser", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.certificateauthority.CertificateTemplateIamMember("member", { + * certificateTemplate: _default.id, + * role: "roles/privateca.templateUser", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -215,18 +328,6 @@ export class CertificateTemplateIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -288,18 +389,6 @@ export interface CertificateTemplateIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -321,18 +410,6 @@ export interface CertificateTemplateIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/cloudbuildv2/connectionIAMBinding.ts b/sdk/nodejs/cloudbuildv2/connectionIAMBinding.ts index 0df9f6ddd0..93366add53 100644 --- a/sdk/nodejs/cloudbuildv2/connectionIAMBinding.ts +++ b/sdk/nodejs/cloudbuildv2/connectionIAMBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloudbuildv2\_connection\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/cloudbuild.connectionViewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudbuildv2.ConnectionIAMPolicy("policy", { + * project: my_connection.project, + * location: my_connection.location, + * name: my_connection.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloudbuildv2\_connection\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudbuildv2.ConnectionIAMBinding("binding", { + * project: my_connection.project, + * location: my_connection.location, + * name: my_connection.name, + * role: "roles/cloudbuild.connectionViewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloudbuildv2\_connection\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudbuildv2.ConnectionIAMMember("member", { + * project: my_connection.project, + * location: my_connection.location, + * name: my_connection.name, + * role: "roles/cloudbuild.connectionViewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,16 +208,8 @@ export class ConnectionIAMBinding extends pulumi.CustomResource { * The location for the resource Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +221,15 @@ export class ConnectionIAMBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -235,16 +292,8 @@ export interface ConnectionIAMBindingState { * The location for the resource Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,15 @@ export interface ConnectionIAMBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,16 +332,8 @@ export interface ConnectionIAMBindingArgs { * The location for the resource Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +345,15 @@ export interface ConnectionIAMBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/cloudbuildv2/connectionIAMMember.ts b/sdk/nodejs/cloudbuildv2/connectionIAMMember.ts index 940e65916d..3967102d6a 100644 --- a/sdk/nodejs/cloudbuildv2/connectionIAMMember.ts +++ b/sdk/nodejs/cloudbuildv2/connectionIAMMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloudbuildv2\_connection\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/cloudbuild.connectionViewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudbuildv2.ConnectionIAMPolicy("policy", { + * project: my_connection.project, + * location: my_connection.location, + * name: my_connection.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloudbuildv2\_connection\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudbuildv2.ConnectionIAMBinding("binding", { + * project: my_connection.project, + * location: my_connection.location, + * name: my_connection.name, + * role: "roles/cloudbuild.connectionViewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloudbuildv2\_connection\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudbuildv2.ConnectionIAMMember("member", { + * project: my_connection.project, + * location: my_connection.location, + * name: my_connection.name, + * role: "roles/cloudbuild.connectionViewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,16 +208,8 @@ export class ConnectionIAMMember extends pulumi.CustomResource { * The location for the resource Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +221,15 @@ export class ConnectionIAMMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -235,16 +292,8 @@ export interface ConnectionIAMMemberState { * The location for the resource Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,15 @@ export interface ConnectionIAMMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,16 +332,8 @@ export interface ConnectionIAMMemberArgs { * The location for the resource Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +345,15 @@ export interface ConnectionIAMMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/cloudbuildv2/connectionIAMPolicy.ts b/sdk/nodejs/cloudbuildv2/connectionIAMPolicy.ts index a1d829f1a1..502bee4402 100644 --- a/sdk/nodejs/cloudbuildv2/connectionIAMPolicy.ts +++ b/sdk/nodejs/cloudbuildv2/connectionIAMPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloudbuildv2\_connection\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/cloudbuild.connectionViewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudbuildv2.ConnectionIAMPolicy("policy", { + * project: my_connection.project, + * location: my_connection.location, + * name: my_connection.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloudbuildv2\_connection\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudbuildv2.ConnectionIAMBinding("binding", { + * project: my_connection.project, + * location: my_connection.location, + * name: my_connection.name, + * role: "roles/cloudbuild.connectionViewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloudbuildv2\_connection\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudbuildv2.ConnectionIAMMember("member", { + * project: my_connection.project, + * location: my_connection.location, + * name: my_connection.name, + * role: "roles/cloudbuild.connectionViewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,18 +217,6 @@ export class ConnectionIAMPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -234,18 +278,6 @@ export interface ConnectionIAMPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -270,18 +302,6 @@ export interface ConnectionIAMPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/cloudfunctions/functionIamBinding.ts b/sdk/nodejs/cloudfunctions/functionIamBinding.ts index 645878b53b..447381997a 100644 --- a/sdk/nodejs/cloudfunctions/functionIamBinding.ts +++ b/sdk/nodejs/cloudfunctions/functionIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloudfunctions\_function\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudfunctions.FunctionIamPolicy("policy", { + * project: _function.project, + * region: _function.region, + * cloudFunction: _function.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloudfunctions\_function\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudfunctions.FunctionIamBinding("binding", { + * project: _function.project, + * region: _function.region, + * cloudFunction: _function.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloudfunctions\_function\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudfunctions.FunctionIamMember("member", { + * project: _function.project, + * region: _function.region, + * cloudFunction: _function.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,12 +208,8 @@ export class FunctionIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +221,11 @@ export class FunctionIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -240,12 +297,8 @@ export interface FunctionIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -257,6 +310,11 @@ export interface FunctionIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -281,12 +339,8 @@ export interface FunctionIamBindingArgs { */ cloudFunction: pulumi.Input; condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -298,6 +352,11 @@ export interface FunctionIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, diff --git a/sdk/nodejs/cloudfunctions/functionIamMember.ts b/sdk/nodejs/cloudfunctions/functionIamMember.ts index 5609cc78eb..07c0d87f29 100644 --- a/sdk/nodejs/cloudfunctions/functionIamMember.ts +++ b/sdk/nodejs/cloudfunctions/functionIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloudfunctions\_function\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudfunctions.FunctionIamPolicy("policy", { + * project: _function.project, + * region: _function.region, + * cloudFunction: _function.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloudfunctions\_function\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudfunctions.FunctionIamBinding("binding", { + * project: _function.project, + * region: _function.region, + * cloudFunction: _function.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloudfunctions\_function\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudfunctions.FunctionIamMember("member", { + * project: _function.project, + * region: _function.region, + * cloudFunction: _function.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,12 +208,8 @@ export class FunctionIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +221,11 @@ export class FunctionIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -240,12 +297,8 @@ export interface FunctionIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -257,6 +310,11 @@ export interface FunctionIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -281,12 +339,8 @@ export interface FunctionIamMemberArgs { */ cloudFunction: pulumi.Input; condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -298,6 +352,11 @@ export interface FunctionIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, diff --git a/sdk/nodejs/cloudfunctions/functionIamPolicy.ts b/sdk/nodejs/cloudfunctions/functionIamPolicy.ts index 31e19b8fc9..90ceea526f 100644 --- a/sdk/nodejs/cloudfunctions/functionIamPolicy.ts +++ b/sdk/nodejs/cloudfunctions/functionIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloudfunctions\_function\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudfunctions.FunctionIamPolicy("policy", { + * project: _function.project, + * region: _function.region, + * cloudFunction: _function.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloudfunctions\_function\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudfunctions.FunctionIamBinding("binding", { + * project: _function.project, + * region: _function.region, + * cloudFunction: _function.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloudfunctions\_function\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudfunctions.FunctionIamMember("member", { + * project: _function.project, + * region: _function.region, + * cloudFunction: _function.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,18 +213,6 @@ export class FunctionIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -235,18 +279,6 @@ export interface FunctionIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -273,18 +305,6 @@ export interface FunctionIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/cloudfunctionsv2/functionIamBinding.ts b/sdk/nodejs/cloudfunctionsv2/functionIamBinding.ts index a9b06a399b..96f2c1fa23 100644 --- a/sdk/nodejs/cloudfunctionsv2/functionIamBinding.ts +++ b/sdk/nodejs/cloudfunctionsv2/functionIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloudfunctions2\_function\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudfunctionsv2.FunctionIamPolicy("policy", { + * project: _function.project, + * location: _function.location, + * cloudFunction: _function.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloudfunctions2\_function\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudfunctionsv2.FunctionIamBinding("binding", { + * project: _function.project, + * location: _function.location, + * cloudFunction: _function.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloudfunctions2\_function\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudfunctionsv2.FunctionIamMember("member", { + * project: _function.project, + * location: _function.location, + * cloudFunction: _function.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -156,12 +212,8 @@ export class FunctionIamBinding extends pulumi.CustomResource { * The location of this cloud function. Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +225,11 @@ export class FunctionIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -242,12 +299,8 @@ export interface FunctionIamBindingState { * The location of this cloud function. Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -259,6 +312,11 @@ export interface FunctionIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -281,12 +339,8 @@ export interface FunctionIamBindingArgs { * The location of this cloud function. Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -298,6 +352,11 @@ export interface FunctionIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/cloudfunctionsv2/functionIamMember.ts b/sdk/nodejs/cloudfunctionsv2/functionIamMember.ts index 1a942240e0..5619b44324 100644 --- a/sdk/nodejs/cloudfunctionsv2/functionIamMember.ts +++ b/sdk/nodejs/cloudfunctionsv2/functionIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloudfunctions2\_function\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudfunctionsv2.FunctionIamPolicy("policy", { + * project: _function.project, + * location: _function.location, + * cloudFunction: _function.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloudfunctions2\_function\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudfunctionsv2.FunctionIamBinding("binding", { + * project: _function.project, + * location: _function.location, + * cloudFunction: _function.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloudfunctions2\_function\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudfunctionsv2.FunctionIamMember("member", { + * project: _function.project, + * location: _function.location, + * cloudFunction: _function.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -156,12 +212,8 @@ export class FunctionIamMember extends pulumi.CustomResource { * The location of this cloud function. Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +225,11 @@ export class FunctionIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -242,12 +299,8 @@ export interface FunctionIamMemberState { * The location of this cloud function. Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -259,6 +312,11 @@ export interface FunctionIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -281,12 +339,8 @@ export interface FunctionIamMemberArgs { * The location of this cloud function. Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -298,6 +352,11 @@ export interface FunctionIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/cloudfunctionsv2/functionIamPolicy.ts b/sdk/nodejs/cloudfunctionsv2/functionIamPolicy.ts index cd311ad3f1..d4285dbc56 100644 --- a/sdk/nodejs/cloudfunctionsv2/functionIamPolicy.ts +++ b/sdk/nodejs/cloudfunctionsv2/functionIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloudfunctions2\_function\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudfunctionsv2.FunctionIamPolicy("policy", { + * project: _function.project, + * location: _function.location, + * cloudFunction: _function.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloudfunctions2\_function\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudfunctionsv2.FunctionIamBinding("binding", { + * project: _function.project, + * location: _function.location, + * cloudFunction: _function.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloudfunctions2\_function\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudfunctionsv2.FunctionIamMember("member", { + * project: _function.project, + * location: _function.location, + * cloudFunction: _function.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,18 +217,6 @@ export class FunctionIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -237,18 +281,6 @@ export interface FunctionIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -273,18 +305,6 @@ export interface FunctionIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/cloudrun/iamBinding.ts b/sdk/nodejs/cloudrun/iamBinding.ts index f8238f1065..a9f098a2b7 100644 --- a/sdk/nodejs/cloudrun/iamBinding.ts +++ b/sdk/nodejs/cloudrun/iamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloud\_run\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudrun.IamPolicy("policy", { + * location: _default.location, + * project: _default.project, + * service: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloud\_run\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudrun.IamBinding("binding", { + * location: _default.location, + * project: _default.project, + * service: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloud\_run\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudrun.IamMember("member", { + * location: _default.location, + * project: _default.project, + * service: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,12 +208,8 @@ export class IamBinding extends pulumi.CustomResource { * The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +221,11 @@ export class IamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -238,12 +295,8 @@ export interface IamBindingState { * The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -255,6 +308,11 @@ export interface IamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -277,12 +335,8 @@ export interface IamBindingArgs { * The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -294,6 +348,11 @@ export interface IamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/cloudrun/iamMember.ts b/sdk/nodejs/cloudrun/iamMember.ts index 1ed5a75afb..ed320917e1 100644 --- a/sdk/nodejs/cloudrun/iamMember.ts +++ b/sdk/nodejs/cloudrun/iamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloud\_run\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudrun.IamPolicy("policy", { + * location: _default.location, + * project: _default.project, + * service: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloud\_run\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudrun.IamBinding("binding", { + * location: _default.location, + * project: _default.project, + * service: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloud\_run\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudrun.IamMember("member", { + * location: _default.location, + * project: _default.project, + * service: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,12 +208,8 @@ export class IamMember extends pulumi.CustomResource { * The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +221,11 @@ export class IamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -238,12 +295,8 @@ export interface IamMemberState { * The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -255,6 +308,11 @@ export interface IamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -277,12 +335,8 @@ export interface IamMemberArgs { * The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -294,6 +348,11 @@ export interface IamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/cloudrun/iamPolicy.ts b/sdk/nodejs/cloudrun/iamPolicy.ts index 5a487b24ab..dfa1942cc2 100644 --- a/sdk/nodejs/cloudrun/iamPolicy.ts +++ b/sdk/nodejs/cloudrun/iamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloud\_run\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudrun.IamPolicy("policy", { + * location: _default.location, + * project: _default.project, + * service: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloud\_run\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudrun.IamBinding("binding", { + * location: _default.location, + * project: _default.project, + * service: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloud\_run\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudrun.IamMember("member", { + * location: _default.location, + * project: _default.project, + * service: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,18 +213,6 @@ export class IamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -233,18 +277,6 @@ export interface IamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -269,18 +301,6 @@ export interface IamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/cloudrunv2/jobIamBinding.ts b/sdk/nodejs/cloudrunv2/jobIamBinding.ts index ac2b2c4cd4..c5f739c4d4 100644 --- a/sdk/nodejs/cloudrunv2/jobIamBinding.ts +++ b/sdk/nodejs/cloudrunv2/jobIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloud\_run\_v2\_job\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudrunv2.JobIamPolicy("policy", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloud\_run\_v2\_job\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudrunv2.JobIamBinding("binding", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloud\_run\_v2\_job\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudrunv2.JobIamMember("member", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,16 +208,8 @@ export class JobIamBinding extends pulumi.CustomResource { * The location of the cloud run job Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +221,15 @@ export class JobIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -235,16 +292,8 @@ export interface JobIamBindingState { * The location of the cloud run job Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,15 @@ export interface JobIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,16 +332,8 @@ export interface JobIamBindingArgs { * The location of the cloud run job Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +345,15 @@ export interface JobIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/cloudrunv2/jobIamMember.ts b/sdk/nodejs/cloudrunv2/jobIamMember.ts index f77d844420..f3d6c58d20 100644 --- a/sdk/nodejs/cloudrunv2/jobIamMember.ts +++ b/sdk/nodejs/cloudrunv2/jobIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloud\_run\_v2\_job\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudrunv2.JobIamPolicy("policy", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloud\_run\_v2\_job\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudrunv2.JobIamBinding("binding", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloud\_run\_v2\_job\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudrunv2.JobIamMember("member", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,16 +208,8 @@ export class JobIamMember extends pulumi.CustomResource { * The location of the cloud run job Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +221,15 @@ export class JobIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -235,16 +292,8 @@ export interface JobIamMemberState { * The location of the cloud run job Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,15 @@ export interface JobIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,16 +332,8 @@ export interface JobIamMemberArgs { * The location of the cloud run job Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +345,15 @@ export interface JobIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/cloudrunv2/jobIamPolicy.ts b/sdk/nodejs/cloudrunv2/jobIamPolicy.ts index 4f38d1955e..8236af8158 100644 --- a/sdk/nodejs/cloudrunv2/jobIamPolicy.ts +++ b/sdk/nodejs/cloudrunv2/jobIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloud\_run\_v2\_job\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudrunv2.JobIamPolicy("policy", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloud\_run\_v2\_job\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudrunv2.JobIamBinding("binding", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloud\_run\_v2\_job\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudrunv2.JobIamMember("member", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,18 +217,6 @@ export class JobIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -234,18 +278,6 @@ export interface JobIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -270,18 +302,6 @@ export interface JobIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/cloudrunv2/serviceIamBinding.ts b/sdk/nodejs/cloudrunv2/serviceIamBinding.ts index 368962397b..6bc9841a2a 100644 --- a/sdk/nodejs/cloudrunv2/serviceIamBinding.ts +++ b/sdk/nodejs/cloudrunv2/serviceIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloud\_run\_v2\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudrunv2.ServiceIamPolicy("policy", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloud\_run\_v2\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudrunv2.ServiceIamBinding("binding", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloud\_run\_v2\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudrunv2.ServiceIamMember("member", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,16 +208,8 @@ export class ServiceIamBinding extends pulumi.CustomResource { * The location of the cloud run service Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +221,15 @@ export class ServiceIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -235,16 +292,8 @@ export interface ServiceIamBindingState { * The location of the cloud run service Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,15 @@ export interface ServiceIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,16 +332,8 @@ export interface ServiceIamBindingArgs { * The location of the cloud run service Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +345,15 @@ export interface ServiceIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/cloudrunv2/serviceIamMember.ts b/sdk/nodejs/cloudrunv2/serviceIamMember.ts index 4035b92af4..9ec232d1d4 100644 --- a/sdk/nodejs/cloudrunv2/serviceIamMember.ts +++ b/sdk/nodejs/cloudrunv2/serviceIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloud\_run\_v2\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudrunv2.ServiceIamPolicy("policy", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloud\_run\_v2\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudrunv2.ServiceIamBinding("binding", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloud\_run\_v2\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudrunv2.ServiceIamMember("member", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,16 +208,8 @@ export class ServiceIamMember extends pulumi.CustomResource { * The location of the cloud run service Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +221,15 @@ export class ServiceIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -235,16 +292,8 @@ export interface ServiceIamMemberState { * The location of the cloud run service Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,15 @@ export interface ServiceIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,16 +332,8 @@ export interface ServiceIamMemberArgs { * The location of the cloud run service Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +345,15 @@ export interface ServiceIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/cloudrunv2/serviceIamPolicy.ts b/sdk/nodejs/cloudrunv2/serviceIamPolicy.ts index 08abaa0e17..e64ecaa6c6 100644 --- a/sdk/nodejs/cloudrunv2/serviceIamPolicy.ts +++ b/sdk/nodejs/cloudrunv2/serviceIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloud\_run\_v2\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudrunv2.ServiceIamPolicy("policy", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloud\_run\_v2\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudrunv2.ServiceIamBinding("binding", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloud\_run\_v2\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudrunv2.ServiceIamMember("member", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,18 +217,6 @@ export class ServiceIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -234,18 +278,6 @@ export interface ServiceIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -270,18 +302,6 @@ export interface ServiceIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/cloudtasks/queueIamBinding.ts b/sdk/nodejs/cloudtasks/queueIamBinding.ts index 785f4f660a..6c7fe88aa5 100644 --- a/sdk/nodejs/cloudtasks/queueIamBinding.ts +++ b/sdk/nodejs/cloudtasks/queueIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloud\_tasks\_queue\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudtasks.QueueIamPolicy("policy", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloud\_tasks\_queue\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudtasks.QueueIamBinding("binding", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloud\_tasks\_queue\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudtasks.QueueIamMember("member", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,16 +208,8 @@ export class QueueIamBinding extends pulumi.CustomResource { * The location of the queue Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +221,15 @@ export class QueueIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -235,16 +292,8 @@ export interface QueueIamBindingState { * The location of the queue Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,15 @@ export interface QueueIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,16 +332,8 @@ export interface QueueIamBindingArgs { * The location of the queue Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +345,15 @@ export interface QueueIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/cloudtasks/queueIamMember.ts b/sdk/nodejs/cloudtasks/queueIamMember.ts index 8a3a3698b3..544a63bf16 100644 --- a/sdk/nodejs/cloudtasks/queueIamMember.ts +++ b/sdk/nodejs/cloudtasks/queueIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloud\_tasks\_queue\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudtasks.QueueIamPolicy("policy", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloud\_tasks\_queue\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudtasks.QueueIamBinding("binding", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloud\_tasks\_queue\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudtasks.QueueIamMember("member", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,16 +208,8 @@ export class QueueIamMember extends pulumi.CustomResource { * The location of the queue Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +221,15 @@ export class QueueIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -235,16 +292,8 @@ export interface QueueIamMemberState { * The location of the queue Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,15 @@ export interface QueueIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,16 +332,8 @@ export interface QueueIamMemberArgs { * The location of the queue Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +345,15 @@ export interface QueueIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/cloudtasks/queueIamPolicy.ts b/sdk/nodejs/cloudtasks/queueIamPolicy.ts index e6ef1b3050..3e5ffa54ed 100644 --- a/sdk/nodejs/cloudtasks/queueIamPolicy.ts +++ b/sdk/nodejs/cloudtasks/queueIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_cloud\_tasks\_queue\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.cloudtasks.QueueIamPolicy("policy", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_cloud\_tasks\_queue\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.cloudtasks.QueueIamBinding("binding", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_cloud\_tasks\_queue\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.cloudtasks.QueueIamMember("member", { + * project: _default.project, + * location: _default.location, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,18 +217,6 @@ export class QueueIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -234,18 +278,6 @@ export interface QueueIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -270,18 +302,6 @@ export interface QueueIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/compute/backendBucketIamBinding.ts b/sdk/nodejs/compute/backendBucketIamBinding.ts index 1ef6db574c..928d0166ce 100644 --- a/sdk/nodejs/compute/backendBucketIamBinding.ts +++ b/sdk/nodejs/compute/backendBucketIamBinding.ts @@ -76,16 +76,8 @@ export class BackendBucketIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -97,6 +89,15 @@ export class BackendBucketIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -153,16 +154,8 @@ export interface BackendBucketIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -174,6 +167,15 @@ export interface BackendBucketIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -188,16 +190,8 @@ export interface BackendBucketIamBindingState { */ export interface BackendBucketIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -209,6 +203,15 @@ export interface BackendBucketIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/backendBucketIamMember.ts b/sdk/nodejs/compute/backendBucketIamMember.ts index 6cd7cd988b..e36c4fd7d9 100644 --- a/sdk/nodejs/compute/backendBucketIamMember.ts +++ b/sdk/nodejs/compute/backendBucketIamMember.ts @@ -76,16 +76,8 @@ export class BackendBucketIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -97,6 +89,15 @@ export class BackendBucketIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -153,16 +154,8 @@ export interface BackendBucketIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -174,6 +167,15 @@ export interface BackendBucketIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -188,16 +190,8 @@ export interface BackendBucketIamMemberState { */ export interface BackendBucketIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -209,6 +203,15 @@ export interface BackendBucketIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/backendBucketIamPolicy.ts b/sdk/nodejs/compute/backendBucketIamPolicy.ts index b89c5a2f61..d2efca7da9 100644 --- a/sdk/nodejs/compute/backendBucketIamPolicy.ts +++ b/sdk/nodejs/compute/backendBucketIamPolicy.ts @@ -85,18 +85,6 @@ export class BackendBucketIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -152,18 +140,6 @@ export interface BackendBucketIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -184,18 +160,6 @@ export interface BackendBucketIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/compute/backendServiceIamBinding.ts b/sdk/nodejs/compute/backendServiceIamBinding.ts index f1580b219e..0eb03605dc 100644 --- a/sdk/nodejs/compute/backendServiceIamBinding.ts +++ b/sdk/nodejs/compute/backendServiceIamBinding.ts @@ -80,16 +80,8 @@ export class BackendServiceIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -101,6 +93,15 @@ export class BackendServiceIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -161,16 +162,8 @@ export interface BackendServiceIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -182,6 +175,15 @@ export interface BackendServiceIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -200,16 +202,8 @@ export interface BackendServiceIamBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -221,6 +215,15 @@ export interface BackendServiceIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/backendServiceIamMember.ts b/sdk/nodejs/compute/backendServiceIamMember.ts index 697f542a56..3f5f779237 100644 --- a/sdk/nodejs/compute/backendServiceIamMember.ts +++ b/sdk/nodejs/compute/backendServiceIamMember.ts @@ -80,16 +80,8 @@ export class BackendServiceIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -101,6 +93,15 @@ export class BackendServiceIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -161,16 +162,8 @@ export interface BackendServiceIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -182,6 +175,15 @@ export interface BackendServiceIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -200,16 +202,8 @@ export interface BackendServiceIamMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -221,6 +215,15 @@ export interface BackendServiceIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/backendServiceIamPolicy.ts b/sdk/nodejs/compute/backendServiceIamPolicy.ts index b3825dff8e..ccb4d253ed 100644 --- a/sdk/nodejs/compute/backendServiceIamPolicy.ts +++ b/sdk/nodejs/compute/backendServiceIamPolicy.ts @@ -85,18 +85,6 @@ export class BackendServiceIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -152,18 +140,6 @@ export interface BackendServiceIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -184,18 +160,6 @@ export interface BackendServiceIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/compute/diskIamBinding.ts b/sdk/nodejs/compute/diskIamBinding.ts index 76bc1be896..f04ceed4c8 100644 --- a/sdk/nodejs/compute/diskIamBinding.ts +++ b/sdk/nodejs/compute/diskIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_disk\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.DiskIamPolicy("policy", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_compute\_disk\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.DiskIamBinding("binding", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_compute\_disk\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.DiskIamMember("member", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -148,16 +204,8 @@ export class DiskIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +217,15 @@ export class DiskIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -233,16 +290,8 @@ export interface DiskIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -254,6 +303,15 @@ export interface DiskIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,16 +332,8 @@ export interface DiskIamBindingState { */ export interface DiskIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +345,15 @@ export interface DiskIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/diskIamMember.ts b/sdk/nodejs/compute/diskIamMember.ts index 34478c7407..99f7d113a7 100644 --- a/sdk/nodejs/compute/diskIamMember.ts +++ b/sdk/nodejs/compute/diskIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_disk\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.DiskIamPolicy("policy", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_compute\_disk\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.DiskIamBinding("binding", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_compute\_disk\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.DiskIamMember("member", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -148,16 +204,8 @@ export class DiskIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +217,15 @@ export class DiskIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -233,16 +290,8 @@ export interface DiskIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -254,6 +303,15 @@ export interface DiskIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,16 +332,8 @@ export interface DiskIamMemberState { */ export interface DiskIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +345,15 @@ export interface DiskIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/diskIamPolicy.ts b/sdk/nodejs/compute/diskIamPolicy.ts index 0eb050c7d2..7dd6aeb034 100644 --- a/sdk/nodejs/compute/diskIamPolicy.ts +++ b/sdk/nodejs/compute/diskIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_disk\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.DiskIamPolicy("policy", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_compute\_disk\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.DiskIamBinding("binding", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_compute\_disk\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.DiskIamMember("member", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,18 +213,6 @@ export class DiskIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -232,18 +276,6 @@ export interface DiskIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -270,18 +302,6 @@ export interface DiskIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/compute/imageIamBinding.ts b/sdk/nodejs/compute/imageIamBinding.ts index 75f2123ace..149df75d5e 100644 --- a/sdk/nodejs/compute/imageIamBinding.ts +++ b/sdk/nodejs/compute/imageIamBinding.ts @@ -142,6 +142,125 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_image\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.imageUser", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.ImageIamPolicy("policy", { + * project: example.project, + * image: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.imageUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.compute.ImageIamPolicy("policy", { + * project: example.project, + * image: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_compute\_image\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.ImageIamBinding("binding", { + * project: example.project, + * image: example.name, + * role: "roles/compute.imageUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.ImageIamBinding("binding", { + * project: example.project, + * image: example.name, + * role: "roles/compute.imageUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_compute\_image\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.ImageIamMember("member", { + * project: example.project, + * image: example.name, + * role: "roles/compute.imageUser", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.ImageIamMember("member", { + * project: example.project, + * image: example.name, + * role: "roles/compute.imageUser", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -219,12 +338,8 @@ export class ImageIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly image!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -236,6 +351,11 @@ export class ImageIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -303,12 +423,8 @@ export interface ImageIamBindingState { * Used to find the parent resource to bind the IAM policy to */ image?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -320,6 +436,11 @@ export interface ImageIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -342,12 +463,8 @@ export interface ImageIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ image: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -359,6 +476,11 @@ export interface ImageIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/imageIamMember.ts b/sdk/nodejs/compute/imageIamMember.ts index 74c28ca233..f28b269f94 100644 --- a/sdk/nodejs/compute/imageIamMember.ts +++ b/sdk/nodejs/compute/imageIamMember.ts @@ -142,6 +142,125 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_image\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.imageUser", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.ImageIamPolicy("policy", { + * project: example.project, + * image: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.imageUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.compute.ImageIamPolicy("policy", { + * project: example.project, + * image: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_compute\_image\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.ImageIamBinding("binding", { + * project: example.project, + * image: example.name, + * role: "roles/compute.imageUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.ImageIamBinding("binding", { + * project: example.project, + * image: example.name, + * role: "roles/compute.imageUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_compute\_image\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.ImageIamMember("member", { + * project: example.project, + * image: example.name, + * role: "roles/compute.imageUser", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.ImageIamMember("member", { + * project: example.project, + * image: example.name, + * role: "roles/compute.imageUser", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -219,12 +338,8 @@ export class ImageIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly image!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -236,6 +351,11 @@ export class ImageIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -303,12 +423,8 @@ export interface ImageIamMemberState { * Used to find the parent resource to bind the IAM policy to */ image?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -320,6 +436,11 @@ export interface ImageIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -342,12 +463,8 @@ export interface ImageIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ image: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -359,6 +476,11 @@ export interface ImageIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/imageIamPolicy.ts b/sdk/nodejs/compute/imageIamPolicy.ts index e9bf724c05..d15706f4e5 100644 --- a/sdk/nodejs/compute/imageIamPolicy.ts +++ b/sdk/nodejs/compute/imageIamPolicy.ts @@ -140,6 +140,125 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_image\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.imageUser", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.ImageIamPolicy("policy", { + * project: example.project, + * image: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.imageUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.compute.ImageIamPolicy("policy", { + * project: example.project, + * image: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_compute\_image\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.ImageIamBinding("binding", { + * project: example.project, + * image: example.name, + * role: "roles/compute.imageUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.ImageIamBinding("binding", { + * project: example.project, + * image: example.name, + * role: "roles/compute.imageUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_compute\_image\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.ImageIamMember("member", { + * project: example.project, + * image: example.name, + * role: "roles/compute.imageUser", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.ImageIamMember("member", { + * project: example.project, + * image: example.name, + * role: "roles/compute.imageUser", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -220,18 +339,6 @@ export class ImageIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -290,18 +397,6 @@ export interface ImageIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -322,18 +417,6 @@ export interface ImageIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/compute/instanceIAMBinding.ts b/sdk/nodejs/compute/instanceIAMBinding.ts index d050a96904..3820100e74 100644 --- a/sdk/nodejs/compute/instanceIAMBinding.ts +++ b/sdk/nodejs/compute/instanceIAMBinding.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.osLogin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.InstanceIAMPolicy("policy", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.osLogin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.compute.InstanceIAMPolicy("policy", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_compute\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.InstanceIAMBinding("binding", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * role: "roles/compute.osLogin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.InstanceIAMBinding("binding", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * role: "roles/compute.osLogin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_compute\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.InstanceIAMMember("member", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * role: "roles/compute.osLogin", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.InstanceIAMMember("member", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * role: "roles/compute.osLogin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -227,12 +352,8 @@ export class InstanceIAMBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly instanceName!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,6 +365,11 @@ export class InstanceIAMBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -319,12 +445,8 @@ export interface InstanceIAMBindingState { * Used to find the parent resource to bind the IAM policy to */ instanceName?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -336,6 +458,11 @@ export interface InstanceIAMBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -364,12 +491,8 @@ export interface InstanceIAMBindingArgs { * Used to find the parent resource to bind the IAM policy to */ instanceName: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -381,6 +504,11 @@ export interface InstanceIAMBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/instanceIAMMember.ts b/sdk/nodejs/compute/instanceIAMMember.ts index 24c8c2d793..601b81d882 100644 --- a/sdk/nodejs/compute/instanceIAMMember.ts +++ b/sdk/nodejs/compute/instanceIAMMember.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.osLogin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.InstanceIAMPolicy("policy", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.osLogin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.compute.InstanceIAMPolicy("policy", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_compute\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.InstanceIAMBinding("binding", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * role: "roles/compute.osLogin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.InstanceIAMBinding("binding", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * role: "roles/compute.osLogin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_compute\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.InstanceIAMMember("member", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * role: "roles/compute.osLogin", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.InstanceIAMMember("member", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * role: "roles/compute.osLogin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -227,12 +352,8 @@ export class InstanceIAMMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly instanceName!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,6 +365,11 @@ export class InstanceIAMMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -319,12 +445,8 @@ export interface InstanceIAMMemberState { * Used to find the parent resource to bind the IAM policy to */ instanceName?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -336,6 +458,11 @@ export interface InstanceIAMMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -364,12 +491,8 @@ export interface InstanceIAMMemberArgs { * Used to find the parent resource to bind the IAM policy to */ instanceName: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -381,6 +504,11 @@ export interface InstanceIAMMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/instanceIAMPolicy.ts b/sdk/nodejs/compute/instanceIAMPolicy.ts index 8ca630275e..81417aa994 100644 --- a/sdk/nodejs/compute/instanceIAMPolicy.ts +++ b/sdk/nodejs/compute/instanceIAMPolicy.ts @@ -146,6 +146,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.osLogin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.InstanceIAMPolicy("policy", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.osLogin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.compute.InstanceIAMPolicy("policy", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_compute\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.InstanceIAMBinding("binding", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * role: "roles/compute.osLogin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.InstanceIAMBinding("binding", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * role: "roles/compute.osLogin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_compute\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.InstanceIAMMember("member", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * role: "roles/compute.osLogin", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.InstanceIAMMember("member", { + * project: _default.project, + * zone: _default.zone, + * instanceName: _default.name, + * role: "roles/compute.osLogin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -228,18 +353,6 @@ export class InstanceIAMPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -306,18 +419,6 @@ export interface InstanceIAMPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -344,18 +445,6 @@ export interface InstanceIAMPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/compute/machineImageIamBinding.ts b/sdk/nodejs/compute/machineImageIamBinding.ts index dd5f37156a..91253f4c91 100644 --- a/sdk/nodejs/compute/machineImageIamBinding.ts +++ b/sdk/nodejs/compute/machineImageIamBinding.ts @@ -141,6 +141,125 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_machine\_image\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.MachineImageIamPolicy("policy", { + * project: image.project, + * machineImage: image.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.compute.MachineImageIamPolicy("policy", { + * project: image.project, + * machineImage: image.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_compute\_machine\_image\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.MachineImageIamBinding("binding", { + * project: image.project, + * machineImage: image.name, + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.MachineImageIamBinding("binding", { + * project: image.project, + * machineImage: image.name, + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_compute\_machine\_image\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.MachineImageIamMember("member", { + * project: image.project, + * machineImage: image.name, + * role: "roles/compute.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.MachineImageIamMember("member", { + * project: image.project, + * machineImage: image.name, + * role: "roles/compute.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -218,12 +337,8 @@ export class MachineImageIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly machineImage!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -235,6 +350,11 @@ export class MachineImageIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -302,12 +422,8 @@ export interface MachineImageIamBindingState { * Used to find the parent resource to bind the IAM policy to */ machineImage?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -319,6 +435,11 @@ export interface MachineImageIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -341,12 +462,8 @@ export interface MachineImageIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ machineImage: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -358,6 +475,11 @@ export interface MachineImageIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/machineImageIamMember.ts b/sdk/nodejs/compute/machineImageIamMember.ts index 8096f29ec6..19af0a6e0c 100644 --- a/sdk/nodejs/compute/machineImageIamMember.ts +++ b/sdk/nodejs/compute/machineImageIamMember.ts @@ -141,6 +141,125 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_machine\_image\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.MachineImageIamPolicy("policy", { + * project: image.project, + * machineImage: image.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.compute.MachineImageIamPolicy("policy", { + * project: image.project, + * machineImage: image.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_compute\_machine\_image\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.MachineImageIamBinding("binding", { + * project: image.project, + * machineImage: image.name, + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.MachineImageIamBinding("binding", { + * project: image.project, + * machineImage: image.name, + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_compute\_machine\_image\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.MachineImageIamMember("member", { + * project: image.project, + * machineImage: image.name, + * role: "roles/compute.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.MachineImageIamMember("member", { + * project: image.project, + * machineImage: image.name, + * role: "roles/compute.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -218,12 +337,8 @@ export class MachineImageIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly machineImage!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -235,6 +350,11 @@ export class MachineImageIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -302,12 +422,8 @@ export interface MachineImageIamMemberState { * Used to find the parent resource to bind the IAM policy to */ machineImage?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -319,6 +435,11 @@ export interface MachineImageIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -341,12 +462,8 @@ export interface MachineImageIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ machineImage: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -358,6 +475,11 @@ export interface MachineImageIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/machineImageIamPolicy.ts b/sdk/nodejs/compute/machineImageIamPolicy.ts index d845193b76..f742a823e9 100644 --- a/sdk/nodejs/compute/machineImageIamPolicy.ts +++ b/sdk/nodejs/compute/machineImageIamPolicy.ts @@ -139,6 +139,125 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_machine\_image\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.MachineImageIamPolicy("policy", { + * project: image.project, + * machineImage: image.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.compute.MachineImageIamPolicy("policy", { + * project: image.project, + * machineImage: image.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_compute\_machine\_image\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.MachineImageIamBinding("binding", { + * project: image.project, + * machineImage: image.name, + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.MachineImageIamBinding("binding", { + * project: image.project, + * machineImage: image.name, + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_compute\_machine\_image\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.MachineImageIamMember("member", { + * project: image.project, + * machineImage: image.name, + * role: "roles/compute.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.MachineImageIamMember("member", { + * project: image.project, + * machineImage: image.name, + * role: "roles/compute.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -219,18 +338,6 @@ export class MachineImageIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -289,18 +396,6 @@ export interface MachineImageIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -321,18 +416,6 @@ export interface MachineImageIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/compute/regionBackendServiceIamBinding.ts b/sdk/nodejs/compute/regionBackendServiceIamBinding.ts index f4cf7c2f7e..09e8e7baf3 100644 --- a/sdk/nodejs/compute/regionBackendServiceIamBinding.ts +++ b/sdk/nodejs/compute/regionBackendServiceIamBinding.ts @@ -82,16 +82,8 @@ export class RegionBackendServiceIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -103,6 +95,15 @@ export class RegionBackendServiceIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The Region in which the created backend service should reside. @@ -173,16 +174,8 @@ export interface RegionBackendServiceIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -194,6 +187,15 @@ export interface RegionBackendServiceIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The Region in which the created backend service should reside. @@ -220,16 +222,8 @@ export interface RegionBackendServiceIamBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -241,6 +235,15 @@ export interface RegionBackendServiceIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The Region in which the created backend service should reside. diff --git a/sdk/nodejs/compute/regionBackendServiceIamMember.ts b/sdk/nodejs/compute/regionBackendServiceIamMember.ts index 87fc845a2a..dda95436a4 100644 --- a/sdk/nodejs/compute/regionBackendServiceIamMember.ts +++ b/sdk/nodejs/compute/regionBackendServiceIamMember.ts @@ -82,16 +82,8 @@ export class RegionBackendServiceIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -103,6 +95,15 @@ export class RegionBackendServiceIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The Region in which the created backend service should reside. @@ -173,16 +174,8 @@ export interface RegionBackendServiceIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -194,6 +187,15 @@ export interface RegionBackendServiceIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The Region in which the created backend service should reside. @@ -220,16 +222,8 @@ export interface RegionBackendServiceIamMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -241,6 +235,15 @@ export interface RegionBackendServiceIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The Region in which the created backend service should reside. diff --git a/sdk/nodejs/compute/regionBackendServiceIamPolicy.ts b/sdk/nodejs/compute/regionBackendServiceIamPolicy.ts index af8ec6ee2b..99c95f46f6 100644 --- a/sdk/nodejs/compute/regionBackendServiceIamPolicy.ts +++ b/sdk/nodejs/compute/regionBackendServiceIamPolicy.ts @@ -87,18 +87,6 @@ export class RegionBackendServiceIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -164,18 +152,6 @@ export interface RegionBackendServiceIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -204,18 +180,6 @@ export interface RegionBackendServiceIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/compute/regionDiskIamBinding.ts b/sdk/nodejs/compute/regionDiskIamBinding.ts index 057919961f..33099ec275 100644 --- a/sdk/nodejs/compute/regionDiskIamBinding.ts +++ b/sdk/nodejs/compute/regionDiskIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_disk\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.DiskIamPolicy("policy", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_compute\_disk\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.DiskIamBinding("binding", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_compute\_disk\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.DiskIamMember("member", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -148,16 +204,8 @@ export class RegionDiskIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +217,15 @@ export class RegionDiskIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; /** @@ -228,16 +285,8 @@ export interface RegionDiskIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -249,6 +298,15 @@ export interface RegionDiskIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** @@ -264,16 +322,8 @@ export interface RegionDiskIamBindingState { */ export interface RegionDiskIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -285,6 +335,15 @@ export interface RegionDiskIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** diff --git a/sdk/nodejs/compute/regionDiskIamMember.ts b/sdk/nodejs/compute/regionDiskIamMember.ts index fb6517aec5..8c9573bd76 100644 --- a/sdk/nodejs/compute/regionDiskIamMember.ts +++ b/sdk/nodejs/compute/regionDiskIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_disk\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.DiskIamPolicy("policy", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_compute\_disk\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.DiskIamBinding("binding", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_compute\_disk\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.DiskIamMember("member", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -148,16 +204,8 @@ export class RegionDiskIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +217,15 @@ export class RegionDiskIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; /** @@ -228,16 +285,8 @@ export interface RegionDiskIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -249,6 +298,15 @@ export interface RegionDiskIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** @@ -264,16 +322,8 @@ export interface RegionDiskIamMemberState { */ export interface RegionDiskIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -285,6 +335,15 @@ export interface RegionDiskIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** diff --git a/sdk/nodejs/compute/regionDiskIamPolicy.ts b/sdk/nodejs/compute/regionDiskIamPolicy.ts index 3f80796e0c..3832d28bcf 100644 --- a/sdk/nodejs/compute/regionDiskIamPolicy.ts +++ b/sdk/nodejs/compute/regionDiskIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_disk\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.DiskIamPolicy("policy", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_compute\_disk\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.DiskIamBinding("binding", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_compute\_disk\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.DiskIamMember("member", { + * project: _default.project, + * zone: _default.zone, + * name: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,18 +213,6 @@ export class RegionDiskIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; @@ -227,18 +271,6 @@ export interface RegionDiskIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; region?: pulumi.Input; @@ -260,18 +292,6 @@ export interface RegionDiskIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; region?: pulumi.Input; diff --git a/sdk/nodejs/compute/snapshotIamBinding.ts b/sdk/nodejs/compute/snapshotIamBinding.ts index 284e60295d..762dddd041 100644 --- a/sdk/nodejs/compute/snapshotIamBinding.ts +++ b/sdk/nodejs/compute/snapshotIamBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_snapshot\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.SnapshotIamPolicy("policy", { + * project: snapshot.project, + * name: snapshot.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_compute\_snapshot\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.SnapshotIamBinding("binding", { + * project: snapshot.project, + * name: snapshot.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_compute\_snapshot\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.SnapshotIamMember("member", { + * project: snapshot.project, + * name: snapshot.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,16 +196,8 @@ export class SnapshotIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,6 +209,15 @@ export class SnapshotIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -220,16 +274,8 @@ export interface SnapshotIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -241,6 +287,15 @@ export interface SnapshotIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -255,16 +310,8 @@ export interface SnapshotIamBindingState { */ export interface SnapshotIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -276,6 +323,15 @@ export interface SnapshotIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/snapshotIamMember.ts b/sdk/nodejs/compute/snapshotIamMember.ts index a15b1fc905..fa22af8adf 100644 --- a/sdk/nodejs/compute/snapshotIamMember.ts +++ b/sdk/nodejs/compute/snapshotIamMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_snapshot\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.SnapshotIamPolicy("policy", { + * project: snapshot.project, + * name: snapshot.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_compute\_snapshot\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.SnapshotIamBinding("binding", { + * project: snapshot.project, + * name: snapshot.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_compute\_snapshot\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.SnapshotIamMember("member", { + * project: snapshot.project, + * name: snapshot.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,16 +196,8 @@ export class SnapshotIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,6 +209,15 @@ export class SnapshotIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -220,16 +274,8 @@ export interface SnapshotIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -241,6 +287,15 @@ export interface SnapshotIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -255,16 +310,8 @@ export interface SnapshotIamMemberState { */ export interface SnapshotIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -276,6 +323,15 @@ export interface SnapshotIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/compute/snapshotIamPolicy.ts b/sdk/nodejs/compute/snapshotIamPolicy.ts index 16c9ffa764..d1a03c9ee9 100644 --- a/sdk/nodejs/compute/snapshotIamPolicy.ts +++ b/sdk/nodejs/compute/snapshotIamPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_snapshot\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.SnapshotIamPolicy("policy", { + * project: snapshot.project, + * name: snapshot.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_compute\_snapshot\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.SnapshotIamBinding("binding", { + * project: snapshot.project, + * name: snapshot.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_compute\_snapshot\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.SnapshotIamMember("member", { + * project: snapshot.project, + * name: snapshot.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,18 +205,6 @@ export class SnapshotIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -219,18 +260,6 @@ export interface SnapshotIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -251,18 +280,6 @@ export interface SnapshotIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/compute/subnetworkIAMBinding.ts b/sdk/nodejs/compute/subnetworkIAMBinding.ts index 3742d35763..9cedcffbe3 100644 --- a/sdk/nodejs/compute/subnetworkIAMBinding.ts +++ b/sdk/nodejs/compute/subnetworkIAMBinding.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_subnetwork\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.SubnetworkIAMPolicy("policy", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.compute.SubnetworkIAMPolicy("policy", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_compute\_subnetwork\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.SubnetworkIAMBinding("binding", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.SubnetworkIAMBinding("binding", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_compute\_subnetwork\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.SubnetworkIAMMember("member", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * role: "roles/compute.networkUser", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.SubnetworkIAMMember("member", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * role: "roles/compute.networkUser", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -223,12 +348,8 @@ export class SubnetworkIAMBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -240,6 +361,11 @@ export class SubnetworkIAMBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The GCP region for this subnetwork. @@ -316,12 +442,8 @@ export interface SubnetworkIAMBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -333,6 +455,11 @@ export interface SubnetworkIAMBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The GCP region for this subnetwork. @@ -362,12 +489,8 @@ export interface SubnetworkIAMBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -379,6 +502,11 @@ export interface SubnetworkIAMBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The GCP region for this subnetwork. diff --git a/sdk/nodejs/compute/subnetworkIAMMember.ts b/sdk/nodejs/compute/subnetworkIAMMember.ts index fc6e304eba..faffde35d4 100644 --- a/sdk/nodejs/compute/subnetworkIAMMember.ts +++ b/sdk/nodejs/compute/subnetworkIAMMember.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_subnetwork\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.SubnetworkIAMPolicy("policy", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.compute.SubnetworkIAMPolicy("policy", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_compute\_subnetwork\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.SubnetworkIAMBinding("binding", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.SubnetworkIAMBinding("binding", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_compute\_subnetwork\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.SubnetworkIAMMember("member", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * role: "roles/compute.networkUser", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.SubnetworkIAMMember("member", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * role: "roles/compute.networkUser", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -223,12 +348,8 @@ export class SubnetworkIAMMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -240,6 +361,11 @@ export class SubnetworkIAMMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The GCP region for this subnetwork. @@ -316,12 +442,8 @@ export interface SubnetworkIAMMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -333,6 +455,11 @@ export interface SubnetworkIAMMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The GCP region for this subnetwork. @@ -362,12 +489,8 @@ export interface SubnetworkIAMMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -379,6 +502,11 @@ export interface SubnetworkIAMMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The GCP region for this subnetwork. diff --git a/sdk/nodejs/compute/subnetworkIAMPolicy.ts b/sdk/nodejs/compute/subnetworkIAMPolicy.ts index 4fc9f60993..c882299c45 100644 --- a/sdk/nodejs/compute/subnetworkIAMPolicy.ts +++ b/sdk/nodejs/compute/subnetworkIAMPolicy.ts @@ -146,6 +146,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_compute\_subnetwork\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.compute.SubnetworkIAMPolicy("policy", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.compute.SubnetworkIAMPolicy("policy", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_compute\_subnetwork\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.SubnetworkIAMBinding("binding", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.compute.SubnetworkIAMBinding("binding", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_compute\_subnetwork\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.SubnetworkIAMMember("member", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * role: "roles/compute.networkUser", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.compute.SubnetworkIAMMember("member", { + * project: network_with_private_secondary_ip_ranges.project, + * region: network_with_private_secondary_ip_ranges.region, + * subnetwork: network_with_private_secondary_ip_ranges.name, + * role: "roles/compute.networkUser", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -224,18 +349,6 @@ export class SubnetworkIAMPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -303,18 +416,6 @@ export interface SubnetworkIAMPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -342,18 +443,6 @@ export interface SubnetworkIAMPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/containeranalysis/noteIamBinding.ts b/sdk/nodejs/containeranalysis/noteIamBinding.ts index 724b0599f3..f0bcd1f23d 100644 --- a/sdk/nodejs/containeranalysis/noteIamBinding.ts +++ b/sdk/nodejs/containeranalysis/noteIamBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_container\_analysis\_note\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/containeranalysis.notes.occurrences.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.containeranalysis.NoteIamPolicy("policy", { + * project: note.project, + * note: note.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_container\_analysis\_note\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.containeranalysis.NoteIamBinding("binding", { + * project: note.project, + * note: note.name, + * role: "roles/containeranalysis.notes.occurrences.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_container\_analysis\_note\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.containeranalysis.NoteIamMember("member", { + * project: note.project, + * note: note.name, + * role: "roles/containeranalysis.notes.occurrences.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,16 +196,8 @@ export class NoteIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly note!: pulumi.Output; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,6 +209,15 @@ export class NoteIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly note!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -223,16 +277,8 @@ export interface NoteIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - note?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,6 +290,15 @@ export interface NoteIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + note?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -258,16 +313,8 @@ export interface NoteIamBindingState { */ export interface NoteIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - note: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -279,6 +326,15 @@ export interface NoteIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + note: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/containeranalysis/noteIamMember.ts b/sdk/nodejs/containeranalysis/noteIamMember.ts index ef01711c07..b1bd80d64f 100644 --- a/sdk/nodejs/containeranalysis/noteIamMember.ts +++ b/sdk/nodejs/containeranalysis/noteIamMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_container\_analysis\_note\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/containeranalysis.notes.occurrences.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.containeranalysis.NoteIamPolicy("policy", { + * project: note.project, + * note: note.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_container\_analysis\_note\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.containeranalysis.NoteIamBinding("binding", { + * project: note.project, + * note: note.name, + * role: "roles/containeranalysis.notes.occurrences.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_container\_analysis\_note\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.containeranalysis.NoteIamMember("member", { + * project: note.project, + * note: note.name, + * role: "roles/containeranalysis.notes.occurrences.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,16 +196,8 @@ export class NoteIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly note!: pulumi.Output; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,6 +209,15 @@ export class NoteIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly note!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -223,16 +277,8 @@ export interface NoteIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - note?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,6 +290,15 @@ export interface NoteIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + note?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -258,16 +313,8 @@ export interface NoteIamMemberState { */ export interface NoteIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - note: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -279,6 +326,15 @@ export interface NoteIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + note: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/containeranalysis/noteIamPolicy.ts b/sdk/nodejs/containeranalysis/noteIamPolicy.ts index eca3f7ad2d..6bcdfc8bf0 100644 --- a/sdk/nodejs/containeranalysis/noteIamPolicy.ts +++ b/sdk/nodejs/containeranalysis/noteIamPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_container\_analysis\_note\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/containeranalysis.notes.occurrences.viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.containeranalysis.NoteIamPolicy("policy", { + * project: note.project, + * note: note.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_container\_analysis\_note\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.containeranalysis.NoteIamBinding("binding", { + * project: note.project, + * note: note.name, + * role: "roles/containeranalysis.notes.occurrences.viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_container\_analysis\_note\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.containeranalysis.NoteIamMember("member", { + * project: note.project, + * note: note.name, + * role: "roles/containeranalysis.notes.occurrences.viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,18 +205,6 @@ export class NoteIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -222,18 +263,6 @@ export interface NoteIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -254,18 +283,6 @@ export interface NoteIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/datacatalog/entryGroupIamBinding.ts b/sdk/nodejs/datacatalog/entryGroupIamBinding.ts index b6a14ce55c..d695dd0ef5 100644 --- a/sdk/nodejs/datacatalog/entryGroupIamBinding.ts +++ b/sdk/nodejs/datacatalog/entryGroupIamBinding.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_data\_catalog\_entry\_group\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.datacatalog.EntryGroupIamPolicy("policy", { + * entryGroup: basicEntryGroup.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_data\_catalog\_entry\_group\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.datacatalog.EntryGroupIamBinding("binding", { + * entryGroup: basicEntryGroup.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_data\_catalog\_entry\_group\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.datacatalog.EntryGroupIamMember("member", { + * entryGroup: basicEntryGroup.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -146,12 +196,8 @@ export class EntryGroupIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -163,6 +209,11 @@ export class EntryGroupIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; /** @@ -229,12 +280,8 @@ export interface EntryGroupIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -246,6 +293,11 @@ export interface EntryGroupIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** @@ -265,12 +317,8 @@ export interface EntryGroupIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ entryGroup: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -282,6 +330,11 @@ export interface EntryGroupIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** diff --git a/sdk/nodejs/datacatalog/entryGroupIamMember.ts b/sdk/nodejs/datacatalog/entryGroupIamMember.ts index 7a773acdf4..6ce0e41b38 100644 --- a/sdk/nodejs/datacatalog/entryGroupIamMember.ts +++ b/sdk/nodejs/datacatalog/entryGroupIamMember.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_data\_catalog\_entry\_group\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.datacatalog.EntryGroupIamPolicy("policy", { + * entryGroup: basicEntryGroup.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_data\_catalog\_entry\_group\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.datacatalog.EntryGroupIamBinding("binding", { + * entryGroup: basicEntryGroup.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_data\_catalog\_entry\_group\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.datacatalog.EntryGroupIamMember("member", { + * entryGroup: basicEntryGroup.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -146,12 +196,8 @@ export class EntryGroupIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -163,6 +209,11 @@ export class EntryGroupIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; /** @@ -229,12 +280,8 @@ export interface EntryGroupIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -246,6 +293,11 @@ export interface EntryGroupIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** @@ -265,12 +317,8 @@ export interface EntryGroupIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ entryGroup: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -282,6 +330,11 @@ export interface EntryGroupIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** diff --git a/sdk/nodejs/datacatalog/entryGroupIamPolicy.ts b/sdk/nodejs/datacatalog/entryGroupIamPolicy.ts index 3c4b702151..48370fd03c 100644 --- a/sdk/nodejs/datacatalog/entryGroupIamPolicy.ts +++ b/sdk/nodejs/datacatalog/entryGroupIamPolicy.ts @@ -69,6 +69,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_data\_catalog\_entry\_group\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.datacatalog.EntryGroupIamPolicy("policy", { + * entryGroup: basicEntryGroup.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_data\_catalog\_entry\_group\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.datacatalog.EntryGroupIamBinding("binding", { + * entryGroup: basicEntryGroup.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_data\_catalog\_entry\_group\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.datacatalog.EntryGroupIamMember("member", { + * entryGroup: basicEntryGroup.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -151,18 +201,6 @@ export class EntryGroupIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; @@ -224,18 +262,6 @@ export interface EntryGroupIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; region?: pulumi.Input; @@ -257,18 +283,6 @@ export interface EntryGroupIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; region?: pulumi.Input; diff --git a/sdk/nodejs/datacatalog/policyTagIamBinding.ts b/sdk/nodejs/datacatalog/policyTagIamBinding.ts index 5cef3fd667..c7ad0331ad 100644 --- a/sdk/nodejs/datacatalog/policyTagIamBinding.ts +++ b/sdk/nodejs/datacatalog/policyTagIamBinding.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_data\_catalog\_policy\_tag\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.datacatalog.PolicyTagIamPolicy("policy", { + * policyTag: basicPolicyTag.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_data\_catalog\_policy\_tag\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.datacatalog.PolicyTagIamBinding("binding", { + * policyTag: basicPolicyTag.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_data\_catalog\_policy\_tag\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.datacatalog.PolicyTagIamMember("member", { + * policyTag: basicPolicyTag.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -136,11 +186,8 @@ export class PolicyTagIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -152,6 +199,10 @@ export class PolicyTagIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ public readonly policyTag!: pulumi.Output; /** * The role that should be applied. Only one @@ -209,11 +260,8 @@ export interface PolicyTagIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -225,6 +273,10 @@ export interface PolicyTagIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ policyTag?: pulumi.Input; /** * The role that should be applied. Only one @@ -239,11 +291,8 @@ export interface PolicyTagIamBindingState { */ export interface PolicyTagIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -255,6 +304,10 @@ export interface PolicyTagIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ policyTag: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/datacatalog/policyTagIamMember.ts b/sdk/nodejs/datacatalog/policyTagIamMember.ts index ee7e9c22d3..01a0bd5743 100644 --- a/sdk/nodejs/datacatalog/policyTagIamMember.ts +++ b/sdk/nodejs/datacatalog/policyTagIamMember.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_data\_catalog\_policy\_tag\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.datacatalog.PolicyTagIamPolicy("policy", { + * policyTag: basicPolicyTag.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_data\_catalog\_policy\_tag\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.datacatalog.PolicyTagIamBinding("binding", { + * policyTag: basicPolicyTag.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_data\_catalog\_policy\_tag\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.datacatalog.PolicyTagIamMember("member", { + * policyTag: basicPolicyTag.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -136,11 +186,8 @@ export class PolicyTagIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -152,6 +199,10 @@ export class PolicyTagIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ public readonly policyTag!: pulumi.Output; /** * The role that should be applied. Only one @@ -209,11 +260,8 @@ export interface PolicyTagIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -225,6 +273,10 @@ export interface PolicyTagIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ policyTag?: pulumi.Input; /** * The role that should be applied. Only one @@ -239,11 +291,8 @@ export interface PolicyTagIamMemberState { */ export interface PolicyTagIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -255,6 +304,10 @@ export interface PolicyTagIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ policyTag: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/datacatalog/policyTagIamPolicy.ts b/sdk/nodejs/datacatalog/policyTagIamPolicy.ts index ef7eda5dcb..fad02baf6d 100644 --- a/sdk/nodejs/datacatalog/policyTagIamPolicy.ts +++ b/sdk/nodejs/datacatalog/policyTagIamPolicy.ts @@ -69,6 +69,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_data\_catalog\_policy\_tag\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.datacatalog.PolicyTagIamPolicy("policy", { + * policyTag: basicPolicyTag.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_data\_catalog\_policy\_tag\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.datacatalog.PolicyTagIamBinding("binding", { + * policyTag: basicPolicyTag.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_data\_catalog\_policy\_tag\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.datacatalog.PolicyTagIamMember("member", { + * policyTag: basicPolicyTag.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -140,18 +190,6 @@ export class PolicyTagIamPolicy extends pulumi.CustomResource { public readonly policyData!: pulumi.Output; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly policyTag!: pulumi.Output; @@ -203,18 +241,6 @@ export interface PolicyTagIamPolicyState { policyData?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ policyTag?: pulumi.Input; } @@ -230,18 +256,6 @@ export interface PolicyTagIamPolicyArgs { policyData: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ policyTag: pulumi.Input; } diff --git a/sdk/nodejs/datacatalog/tagTemplateIamBinding.ts b/sdk/nodejs/datacatalog/tagTemplateIamBinding.ts index 8be52422ad..0d87dce6af 100644 --- a/sdk/nodejs/datacatalog/tagTemplateIamBinding.ts +++ b/sdk/nodejs/datacatalog/tagTemplateIamBinding.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_data\_catalog\_tag\_template\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.datacatalog.TagTemplateIamPolicy("policy", { + * tagTemplate: basicTagTemplate.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_data\_catalog\_tag\_template\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.datacatalog.TagTemplateIamBinding("binding", { + * tagTemplate: basicTagTemplate.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_data\_catalog\_tag\_template\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.datacatalog.TagTemplateIamMember("member", { + * tagTemplate: basicTagTemplate.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -142,12 +192,8 @@ export class TagTemplateIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -159,6 +205,11 @@ export class TagTemplateIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; /** @@ -225,12 +276,8 @@ export interface TagTemplateIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -242,6 +289,11 @@ export interface TagTemplateIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** @@ -261,12 +313,8 @@ export interface TagTemplateIamBindingState { */ export interface TagTemplateIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -278,6 +326,11 @@ export interface TagTemplateIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** diff --git a/sdk/nodejs/datacatalog/tagTemplateIamMember.ts b/sdk/nodejs/datacatalog/tagTemplateIamMember.ts index b22596b1a3..74760f5b69 100644 --- a/sdk/nodejs/datacatalog/tagTemplateIamMember.ts +++ b/sdk/nodejs/datacatalog/tagTemplateIamMember.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_data\_catalog\_tag\_template\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.datacatalog.TagTemplateIamPolicy("policy", { + * tagTemplate: basicTagTemplate.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_data\_catalog\_tag\_template\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.datacatalog.TagTemplateIamBinding("binding", { + * tagTemplate: basicTagTemplate.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_data\_catalog\_tag\_template\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.datacatalog.TagTemplateIamMember("member", { + * tagTemplate: basicTagTemplate.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -142,12 +192,8 @@ export class TagTemplateIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -159,6 +205,11 @@ export class TagTemplateIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; /** @@ -225,12 +276,8 @@ export interface TagTemplateIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -242,6 +289,11 @@ export interface TagTemplateIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** @@ -261,12 +313,8 @@ export interface TagTemplateIamMemberState { */ export interface TagTemplateIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -278,6 +326,11 @@ export interface TagTemplateIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** diff --git a/sdk/nodejs/datacatalog/tagTemplateIamPolicy.ts b/sdk/nodejs/datacatalog/tagTemplateIamPolicy.ts index 9eea4aa92d..8f04438616 100644 --- a/sdk/nodejs/datacatalog/tagTemplateIamPolicy.ts +++ b/sdk/nodejs/datacatalog/tagTemplateIamPolicy.ts @@ -69,6 +69,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_data\_catalog\_tag\_template\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.datacatalog.TagTemplateIamPolicy("policy", { + * tagTemplate: basicTagTemplate.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_data\_catalog\_tag\_template\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.datacatalog.TagTemplateIamBinding("binding", { + * tagTemplate: basicTagTemplate.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_data\_catalog\_tag\_template\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.datacatalog.TagTemplateIamMember("member", { + * tagTemplate: basicTagTemplate.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -147,18 +197,6 @@ export class TagTemplateIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; @@ -220,18 +258,6 @@ export interface TagTemplateIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; region?: pulumi.Input; @@ -253,18 +279,6 @@ export interface TagTemplateIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; region?: pulumi.Input; diff --git a/sdk/nodejs/datacatalog/taxonomyIamBinding.ts b/sdk/nodejs/datacatalog/taxonomyIamBinding.ts index dbe7d66112..e65e61bd9c 100644 --- a/sdk/nodejs/datacatalog/taxonomyIamBinding.ts +++ b/sdk/nodejs/datacatalog/taxonomyIamBinding.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_data\_catalog\_taxonomy\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.datacatalog.TaxonomyIamPolicy("policy", { + * taxonomy: basicTaxonomy.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_data\_catalog\_taxonomy\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.datacatalog.TaxonomyIamBinding("binding", { + * taxonomy: basicTaxonomy.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_data\_catalog\_taxonomy\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.datacatalog.TaxonomyIamMember("member", { + * taxonomy: basicTaxonomy.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -142,12 +192,8 @@ export class TaxonomyIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -159,6 +205,11 @@ export class TaxonomyIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; /** @@ -225,12 +276,8 @@ export interface TaxonomyIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -242,6 +289,11 @@ export interface TaxonomyIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** @@ -261,12 +313,8 @@ export interface TaxonomyIamBindingState { */ export interface TaxonomyIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -278,6 +326,11 @@ export interface TaxonomyIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** diff --git a/sdk/nodejs/datacatalog/taxonomyIamMember.ts b/sdk/nodejs/datacatalog/taxonomyIamMember.ts index 08f9b49f12..cf9f6403f3 100644 --- a/sdk/nodejs/datacatalog/taxonomyIamMember.ts +++ b/sdk/nodejs/datacatalog/taxonomyIamMember.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_data\_catalog\_taxonomy\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.datacatalog.TaxonomyIamPolicy("policy", { + * taxonomy: basicTaxonomy.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_data\_catalog\_taxonomy\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.datacatalog.TaxonomyIamBinding("binding", { + * taxonomy: basicTaxonomy.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_data\_catalog\_taxonomy\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.datacatalog.TaxonomyIamMember("member", { + * taxonomy: basicTaxonomy.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -142,12 +192,8 @@ export class TaxonomyIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -159,6 +205,11 @@ export class TaxonomyIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; /** @@ -225,12 +276,8 @@ export interface TaxonomyIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -242,6 +289,11 @@ export interface TaxonomyIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** @@ -261,12 +313,8 @@ export interface TaxonomyIamMemberState { */ export interface TaxonomyIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -278,6 +326,11 @@ export interface TaxonomyIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** diff --git a/sdk/nodejs/datacatalog/taxonomyIamPolicy.ts b/sdk/nodejs/datacatalog/taxonomyIamPolicy.ts index 204f5f3d37..63eef7ee30 100644 --- a/sdk/nodejs/datacatalog/taxonomyIamPolicy.ts +++ b/sdk/nodejs/datacatalog/taxonomyIamPolicy.ts @@ -69,6 +69,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_data\_catalog\_taxonomy\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.datacatalog.TaxonomyIamPolicy("policy", { + * taxonomy: basicTaxonomy.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_data\_catalog\_taxonomy\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.datacatalog.TaxonomyIamBinding("binding", { + * taxonomy: basicTaxonomy.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_data\_catalog\_taxonomy\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.datacatalog.TaxonomyIamMember("member", { + * taxonomy: basicTaxonomy.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -147,18 +197,6 @@ export class TaxonomyIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; @@ -220,18 +258,6 @@ export interface TaxonomyIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; region?: pulumi.Input; @@ -253,18 +279,6 @@ export interface TaxonomyIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; region?: pulumi.Input; diff --git a/sdk/nodejs/dataplex/assetIamBinding.ts b/sdk/nodejs/dataplex/assetIamBinding.ts index c3c1c9b161..325628f43f 100644 --- a/sdk/nodejs/dataplex/assetIamBinding.ts +++ b/sdk/nodejs/dataplex/assetIamBinding.ts @@ -83,6 +83,68 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_asset\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.AssetIamPolicy("policy", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.dataplexZone, + * asset: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_asset\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.AssetIamBinding("binding", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.dataplexZone, + * asset: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_asset\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.AssetIamMember("member", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.dataplexZone, + * asset: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,12 +223,8 @@ export class AssetIamBinding extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; public readonly lake!: pulumi.Output; public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -178,6 +236,11 @@ export class AssetIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -256,12 +319,8 @@ export interface AssetIamBindingState { etag?: pulumi.Input; lake?: pulumi.Input; location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -273,6 +332,11 @@ export interface AssetIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -294,12 +358,8 @@ export interface AssetIamBindingArgs { dataplexZone: pulumi.Input; lake: pulumi.Input; location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -311,6 +371,11 @@ export interface AssetIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataplex/assetIamMember.ts b/sdk/nodejs/dataplex/assetIamMember.ts index 6eefcaf362..16e52a0d02 100644 --- a/sdk/nodejs/dataplex/assetIamMember.ts +++ b/sdk/nodejs/dataplex/assetIamMember.ts @@ -83,6 +83,68 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_asset\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.AssetIamPolicy("policy", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.dataplexZone, + * asset: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_asset\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.AssetIamBinding("binding", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.dataplexZone, + * asset: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_asset\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.AssetIamMember("member", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.dataplexZone, + * asset: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,12 +223,8 @@ export class AssetIamMember extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; public readonly lake!: pulumi.Output; public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -178,6 +236,11 @@ export class AssetIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -256,12 +319,8 @@ export interface AssetIamMemberState { etag?: pulumi.Input; lake?: pulumi.Input; location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -273,6 +332,11 @@ export interface AssetIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -294,12 +358,8 @@ export interface AssetIamMemberArgs { dataplexZone: pulumi.Input; lake: pulumi.Input; location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -311,6 +371,11 @@ export interface AssetIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataplex/assetIamPolicy.ts b/sdk/nodejs/dataplex/assetIamPolicy.ts index 90f57a78d0..4507d09633 100644 --- a/sdk/nodejs/dataplex/assetIamPolicy.ts +++ b/sdk/nodejs/dataplex/assetIamPolicy.ts @@ -81,6 +81,68 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_asset\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.AssetIamPolicy("policy", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.dataplexZone, + * asset: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_asset\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.AssetIamBinding("binding", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.dataplexZone, + * asset: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_asset\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.AssetIamMember("member", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.dataplexZone, + * asset: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -166,18 +228,6 @@ export class AssetIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -251,18 +301,6 @@ export interface AssetIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -286,18 +324,6 @@ export interface AssetIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/dataplex/datascanIamBinding.ts b/sdk/nodejs/dataplex/datascanIamBinding.ts index b5d0bf0d03..53321a162c 100644 --- a/sdk/nodejs/dataplex/datascanIamBinding.ts +++ b/sdk/nodejs/dataplex/datascanIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_datascan\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.DatascanIamPolicy("policy", { + * project: basicProfile.project, + * location: basicProfile.location, + * dataScanId: basicProfile.dataScanId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_datascan\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.DatascanIamBinding("binding", { + * project: basicProfile.project, + * location: basicProfile.location, + * dataScanId: basicProfile.dataScanId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_datascan\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.DatascanIamMember("member", { + * project: basicProfile.project, + * location: basicProfile.location, + * dataScanId: basicProfile.dataScanId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,12 +210,8 @@ export class DatascanIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -171,6 +223,11 @@ export class DatascanIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -238,12 +295,8 @@ export interface DatascanIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -255,6 +308,11 @@ export interface DatascanIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -275,12 +333,8 @@ export interface DatascanIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -292,6 +346,11 @@ export interface DatascanIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataplex/datascanIamMember.ts b/sdk/nodejs/dataplex/datascanIamMember.ts index 7ec86ca949..8755e24547 100644 --- a/sdk/nodejs/dataplex/datascanIamMember.ts +++ b/sdk/nodejs/dataplex/datascanIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_datascan\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.DatascanIamPolicy("policy", { + * project: basicProfile.project, + * location: basicProfile.location, + * dataScanId: basicProfile.dataScanId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_datascan\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.DatascanIamBinding("binding", { + * project: basicProfile.project, + * location: basicProfile.location, + * dataScanId: basicProfile.dataScanId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_datascan\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.DatascanIamMember("member", { + * project: basicProfile.project, + * location: basicProfile.location, + * dataScanId: basicProfile.dataScanId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,12 +210,8 @@ export class DatascanIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -171,6 +223,11 @@ export class DatascanIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -238,12 +295,8 @@ export interface DatascanIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -255,6 +308,11 @@ export interface DatascanIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -275,12 +333,8 @@ export interface DatascanIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -292,6 +346,11 @@ export interface DatascanIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataplex/datascanIamPolicy.ts b/sdk/nodejs/dataplex/datascanIamPolicy.ts index 0e1ab6de7c..3e0791b2a5 100644 --- a/sdk/nodejs/dataplex/datascanIamPolicy.ts +++ b/sdk/nodejs/dataplex/datascanIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_datascan\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.DatascanIamPolicy("policy", { + * project: basicProfile.project, + * location: basicProfile.location, + * dataScanId: basicProfile.dataScanId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_datascan\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.DatascanIamBinding("binding", { + * project: basicProfile.project, + * location: basicProfile.location, + * dataScanId: basicProfile.dataScanId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_datascan\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.DatascanIamMember("member", { + * project: basicProfile.project, + * location: basicProfile.location, + * dataScanId: basicProfile.dataScanId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -159,18 +215,6 @@ export class DatascanIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -233,18 +277,6 @@ export interface DatascanIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -267,18 +299,6 @@ export interface DatascanIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/dataplex/lakeIamBinding.ts b/sdk/nodejs/dataplex/lakeIamBinding.ts index d07ea3b565..9d0aac758d 100644 --- a/sdk/nodejs/dataplex/lakeIamBinding.ts +++ b/sdk/nodejs/dataplex/lakeIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_lake\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.LakeIamPolicy("policy", { + * project: example.project, + * location: example.location, + * lake: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_lake\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.LakeIamBinding("binding", { + * project: example.project, + * location: example.location, + * lake: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_lake\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.LakeIamMember("member", { + * project: example.project, + * location: example.location, + * lake: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,12 +209,8 @@ export class LakeIamBinding extends pulumi.CustomResource { */ public readonly lake!: pulumi.Output; public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -170,6 +222,11 @@ export class LakeIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -236,12 +293,8 @@ export interface LakeIamBindingState { */ lake?: pulumi.Input; location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -253,6 +306,11 @@ export interface LakeIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -272,12 +330,8 @@ export interface LakeIamBindingArgs { */ lake: pulumi.Input; location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -289,6 +343,11 @@ export interface LakeIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataplex/lakeIamMember.ts b/sdk/nodejs/dataplex/lakeIamMember.ts index ba6f64ffd8..e19d823fec 100644 --- a/sdk/nodejs/dataplex/lakeIamMember.ts +++ b/sdk/nodejs/dataplex/lakeIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_lake\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.LakeIamPolicy("policy", { + * project: example.project, + * location: example.location, + * lake: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_lake\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.LakeIamBinding("binding", { + * project: example.project, + * location: example.location, + * lake: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_lake\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.LakeIamMember("member", { + * project: example.project, + * location: example.location, + * lake: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,12 +209,8 @@ export class LakeIamMember extends pulumi.CustomResource { */ public readonly lake!: pulumi.Output; public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -170,6 +222,11 @@ export class LakeIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -236,12 +293,8 @@ export interface LakeIamMemberState { */ lake?: pulumi.Input; location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -253,6 +306,11 @@ export interface LakeIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -272,12 +330,8 @@ export interface LakeIamMemberArgs { */ lake: pulumi.Input; location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -289,6 +343,11 @@ export interface LakeIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataplex/lakeIamPolicy.ts b/sdk/nodejs/dataplex/lakeIamPolicy.ts index bc49fbff22..8bbea82a70 100644 --- a/sdk/nodejs/dataplex/lakeIamPolicy.ts +++ b/sdk/nodejs/dataplex/lakeIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_lake\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.LakeIamPolicy("policy", { + * project: example.project, + * location: example.location, + * lake: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_lake\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.LakeIamBinding("binding", { + * project: example.project, + * location: example.location, + * lake: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_lake\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.LakeIamMember("member", { + * project: example.project, + * location: example.location, + * lake: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -158,18 +214,6 @@ export class LakeIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -231,18 +275,6 @@ export interface LakeIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -264,18 +296,6 @@ export interface LakeIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/dataplex/taskIamBinding.ts b/sdk/nodejs/dataplex/taskIamBinding.ts index 57ad216f02..0e31c4b183 100644 --- a/sdk/nodejs/dataplex/taskIamBinding.ts +++ b/sdk/nodejs/dataplex/taskIamBinding.ts @@ -80,6 +80,65 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_task\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.TaskIamPolicy("policy", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * taskId: example.taskId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_task\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.TaskIamBinding("binding", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * taskId: example.taskId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_task\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.TaskIamMember("member", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * taskId: example.taskId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,12 +220,8 @@ export class TaskIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -178,6 +233,11 @@ export class TaskIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -255,12 +315,8 @@ export interface TaskIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -272,6 +328,11 @@ export interface TaskIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -297,12 +358,8 @@ export interface TaskIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -314,6 +371,11 @@ export interface TaskIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataplex/taskIamMember.ts b/sdk/nodejs/dataplex/taskIamMember.ts index 1e06adbfeb..88dc70de45 100644 --- a/sdk/nodejs/dataplex/taskIamMember.ts +++ b/sdk/nodejs/dataplex/taskIamMember.ts @@ -80,6 +80,65 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_task\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.TaskIamPolicy("policy", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * taskId: example.taskId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_task\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.TaskIamBinding("binding", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * taskId: example.taskId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_task\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.TaskIamMember("member", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * taskId: example.taskId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,12 +220,8 @@ export class TaskIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -178,6 +233,11 @@ export class TaskIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -255,12 +315,8 @@ export interface TaskIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -272,6 +328,11 @@ export interface TaskIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -297,12 +358,8 @@ export interface TaskIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -314,6 +371,11 @@ export interface TaskIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataplex/taskIamPolicy.ts b/sdk/nodejs/dataplex/taskIamPolicy.ts index 067ec0171c..b4d7cbc843 100644 --- a/sdk/nodejs/dataplex/taskIamPolicy.ts +++ b/sdk/nodejs/dataplex/taskIamPolicy.ts @@ -78,6 +78,65 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_task\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.TaskIamPolicy("policy", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * taskId: example.taskId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_task\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.TaskIamBinding("binding", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * taskId: example.taskId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_task\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.TaskIamMember("member", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * taskId: example.taskId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -166,18 +225,6 @@ export class TaskIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly taskId!: pulumi.Output; @@ -250,18 +297,6 @@ export interface TaskIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; taskId?: pulumi.Input; @@ -289,18 +324,6 @@ export interface TaskIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; taskId: pulumi.Input; diff --git a/sdk/nodejs/dataplex/zoneIamBinding.ts b/sdk/nodejs/dataplex/zoneIamBinding.ts index 1f66777138..9a6cadd8b7 100644 --- a/sdk/nodejs/dataplex/zoneIamBinding.ts +++ b/sdk/nodejs/dataplex/zoneIamBinding.ts @@ -80,6 +80,65 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_zone\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.ZoneIamPolicy("policy", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_zone\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.ZoneIamBinding("binding", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_zone\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.ZoneIamMember("member", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,12 +216,8 @@ export class ZoneIamBinding extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; public readonly lake!: pulumi.Output; public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -174,6 +229,11 @@ export class ZoneIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -246,12 +306,8 @@ export interface ZoneIamBindingState { etag?: pulumi.Input; lake?: pulumi.Input; location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -263,6 +319,11 @@ export interface ZoneIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -283,12 +344,8 @@ export interface ZoneIamBindingArgs { dataplexZone: pulumi.Input; lake: pulumi.Input; location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -300,6 +357,11 @@ export interface ZoneIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataplex/zoneIamMember.ts b/sdk/nodejs/dataplex/zoneIamMember.ts index e2dbcdc3d7..55f6a2ae63 100644 --- a/sdk/nodejs/dataplex/zoneIamMember.ts +++ b/sdk/nodejs/dataplex/zoneIamMember.ts @@ -80,6 +80,65 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_zone\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.ZoneIamPolicy("policy", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_zone\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.ZoneIamBinding("binding", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_zone\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.ZoneIamMember("member", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,12 +216,8 @@ export class ZoneIamMember extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; public readonly lake!: pulumi.Output; public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -174,6 +229,11 @@ export class ZoneIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -246,12 +306,8 @@ export interface ZoneIamMemberState { etag?: pulumi.Input; lake?: pulumi.Input; location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -263,6 +319,11 @@ export interface ZoneIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -283,12 +344,8 @@ export interface ZoneIamMemberArgs { dataplexZone: pulumi.Input; lake: pulumi.Input; location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -300,6 +357,11 @@ export interface ZoneIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataplex/zoneIamPolicy.ts b/sdk/nodejs/dataplex/zoneIamPolicy.ts index df3b13e86b..e44e08c8af 100644 --- a/sdk/nodejs/dataplex/zoneIamPolicy.ts +++ b/sdk/nodejs/dataplex/zoneIamPolicy.ts @@ -78,6 +78,65 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataplex\_zone\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataplex.ZoneIamPolicy("policy", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataplex\_zone\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataplex.ZoneIamBinding("binding", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataplex\_zone\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataplex.ZoneIamMember("member", { + * project: example.project, + * location: example.location, + * lake: example.lake, + * dataplexZone: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -162,18 +221,6 @@ export class ZoneIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -241,18 +288,6 @@ export interface ZoneIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -275,18 +310,6 @@ export interface ZoneIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/dataproc/autoscalingPolicyIamBinding.ts b/sdk/nodejs/dataproc/autoscalingPolicyIamBinding.ts index 6c194fdc11..ae5bd74d89 100644 --- a/sdk/nodejs/dataproc/autoscalingPolicyIamBinding.ts +++ b/sdk/nodejs/dataproc/autoscalingPolicyIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataproc\_autoscaling\_policy\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataproc.AutoscalingPolicyIamPolicy("policy", { + * project: basic.project, + * location: basic.location, + * policyId: basic.policyId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataproc\_autoscaling\_policy\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataproc.AutoscalingPolicyIamBinding("binding", { + * project: basic.project, + * location: basic.location, + * policyId: basic.policyId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataproc\_autoscaling\_policy\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataproc.AutoscalingPolicyIamMember("member", { + * project: basic.project, + * location: basic.location, + * policyId: basic.policyId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,19 +210,8 @@ export class AutoscalingPolicyIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - * and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - * 3 and 50 characters. - * Used to find the parent resource to bind the IAM policy to - */ - public readonly policyId!: pulumi.Output; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -178,6 +223,18 @@ export class AutoscalingPolicyIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + * and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + * 3 and 50 characters. + * Used to find the parent resource to bind the IAM policy to + */ + public readonly policyId!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -245,19 +302,8 @@ export interface AutoscalingPolicyIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; - /** - * The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - * and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - * 3 and 50 characters. - * Used to find the parent resource to bind the IAM policy to - */ - policyId?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -269,6 +315,18 @@ export interface AutoscalingPolicyIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + * and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + * 3 and 50 characters. + * Used to find the parent resource to bind the IAM policy to + */ + policyId?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -289,19 +347,8 @@ export interface AutoscalingPolicyIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; - /** - * The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - * and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - * 3 and 50 characters. - * Used to find the parent resource to bind the IAM policy to - */ - policyId: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -313,6 +360,18 @@ export interface AutoscalingPolicyIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + * and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + * 3 and 50 characters. + * Used to find the parent resource to bind the IAM policy to + */ + policyId: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataproc/autoscalingPolicyIamMember.ts b/sdk/nodejs/dataproc/autoscalingPolicyIamMember.ts index c3c9670087..fb9d2be4d1 100644 --- a/sdk/nodejs/dataproc/autoscalingPolicyIamMember.ts +++ b/sdk/nodejs/dataproc/autoscalingPolicyIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataproc\_autoscaling\_policy\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataproc.AutoscalingPolicyIamPolicy("policy", { + * project: basic.project, + * location: basic.location, + * policyId: basic.policyId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataproc\_autoscaling\_policy\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataproc.AutoscalingPolicyIamBinding("binding", { + * project: basic.project, + * location: basic.location, + * policyId: basic.policyId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataproc\_autoscaling\_policy\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataproc.AutoscalingPolicyIamMember("member", { + * project: basic.project, + * location: basic.location, + * policyId: basic.policyId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,19 +210,8 @@ export class AutoscalingPolicyIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - * and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - * 3 and 50 characters. - * Used to find the parent resource to bind the IAM policy to - */ - public readonly policyId!: pulumi.Output; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -178,6 +223,18 @@ export class AutoscalingPolicyIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + * and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + * 3 and 50 characters. + * Used to find the parent resource to bind the IAM policy to + */ + public readonly policyId!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -245,19 +302,8 @@ export interface AutoscalingPolicyIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; - /** - * The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - * and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - * 3 and 50 characters. - * Used to find the parent resource to bind the IAM policy to - */ - policyId?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -269,6 +315,18 @@ export interface AutoscalingPolicyIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + * and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + * 3 and 50 characters. + * Used to find the parent resource to bind the IAM policy to + */ + policyId?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -289,19 +347,8 @@ export interface AutoscalingPolicyIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; - /** - * The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - * and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - * 3 and 50 characters. - * Used to find the parent resource to bind the IAM policy to - */ - policyId: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -313,6 +360,18 @@ export interface AutoscalingPolicyIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + * and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + * 3 and 50 characters. + * Used to find the parent resource to bind the IAM policy to + */ + policyId: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataproc/autoscalingPolicyIamPolicy.ts b/sdk/nodejs/dataproc/autoscalingPolicyIamPolicy.ts index b4041956c8..17d7aa4169 100644 --- a/sdk/nodejs/dataproc/autoscalingPolicyIamPolicy.ts +++ b/sdk/nodejs/dataproc/autoscalingPolicyIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataproc\_autoscaling\_policy\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataproc.AutoscalingPolicyIamPolicy("policy", { + * project: basic.project, + * location: basic.location, + * policyId: basic.policyId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataproc\_autoscaling\_policy\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataproc.AutoscalingPolicyIamBinding("binding", { + * project: basic.project, + * location: basic.location, + * policyId: basic.policyId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataproc\_autoscaling\_policy\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataproc.AutoscalingPolicyIamMember("member", { + * project: basic.project, + * location: basic.location, + * policyId: basic.policyId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -166,18 +222,6 @@ export class AutoscalingPolicyIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -247,18 +291,6 @@ export interface AutoscalingPolicyIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -288,18 +320,6 @@ export interface AutoscalingPolicyIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/dataproc/clusterIAMBinding.ts b/sdk/nodejs/dataproc/clusterIAMBinding.ts index b9aa85db58..0570669af9 100644 --- a/sdk/nodejs/dataproc/clusterIAMBinding.ts +++ b/sdk/nodejs/dataproc/clusterIAMBinding.ts @@ -69,6 +69,58 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataproc\_cluster\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.dataproc.ClusterIAMPolicy("editor", { + * project: "your-project", + * region: "your-region", + * cluster: "your-dataproc-cluster", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataproc\_cluster\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.dataproc.ClusterIAMBinding("editor", { + * cluster: "your-dataproc-cluster", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataproc\_cluster\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.dataproc.ClusterIAMMember("editor", { + * cluster: "your-dataproc-cluster", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -127,8 +179,15 @@ export class ClusterIAMBinding extends pulumi.CustomResource { * The name or relative resource id of the cluster to manage IAM policies for. * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly cluster!: pulumi.Output; + public readonly condition!: pulumi.Output; + /** + * (Computed) The etag of the clusters's IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -137,12 +196,6 @@ export class ClusterIAMBinding extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly cluster!: pulumi.Output; - public readonly condition!: pulumi.Output; - /** - * (Computed) The etag of the clusters's IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly members!: pulumi.Output; /** * The project in which the cluster belongs. If it @@ -215,8 +268,15 @@ export interface ClusterIAMBindingState { * The name or relative resource id of the cluster to manage IAM policies for. * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + cluster?: pulumi.Input; + condition?: pulumi.Input; + /** + * (Computed) The etag of the clusters's IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -225,12 +285,6 @@ export interface ClusterIAMBindingState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - cluster?: pulumi.Input; - condition?: pulumi.Input; - /** - * (Computed) The etag of the clusters's IAM policy. - */ - etag?: pulumi.Input; members?: pulumi.Input[]>; /** * The project in which the cluster belongs. If it @@ -260,8 +314,11 @@ export interface ClusterIAMBindingArgs { * The name or relative resource id of the cluster to manage IAM policies for. * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + cluster: pulumi.Input; + condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -270,8 +327,6 @@ export interface ClusterIAMBindingArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - cluster: pulumi.Input; - condition?: pulumi.Input; members: pulumi.Input[]>; /** * The project in which the cluster belongs. If it diff --git a/sdk/nodejs/dataproc/clusterIAMMember.ts b/sdk/nodejs/dataproc/clusterIAMMember.ts index 25324d870c..c2a41cac53 100644 --- a/sdk/nodejs/dataproc/clusterIAMMember.ts +++ b/sdk/nodejs/dataproc/clusterIAMMember.ts @@ -69,6 +69,58 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataproc\_cluster\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.dataproc.ClusterIAMPolicy("editor", { + * project: "your-project", + * region: "your-region", + * cluster: "your-dataproc-cluster", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataproc\_cluster\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.dataproc.ClusterIAMBinding("editor", { + * cluster: "your-dataproc-cluster", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataproc\_cluster\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.dataproc.ClusterIAMMember("editor", { + * cluster: "your-dataproc-cluster", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -127,8 +179,15 @@ export class ClusterIAMMember extends pulumi.CustomResource { * The name or relative resource id of the cluster to manage IAM policies for. * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly cluster!: pulumi.Output; + public readonly condition!: pulumi.Output; + /** + * (Computed) The etag of the clusters's IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -137,12 +196,6 @@ export class ClusterIAMMember extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly cluster!: pulumi.Output; - public readonly condition!: pulumi.Output; - /** - * (Computed) The etag of the clusters's IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly member!: pulumi.Output; /** * The project in which the cluster belongs. If it @@ -215,8 +268,15 @@ export interface ClusterIAMMemberState { * The name or relative resource id of the cluster to manage IAM policies for. * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + cluster?: pulumi.Input; + condition?: pulumi.Input; + /** + * (Computed) The etag of the clusters's IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -225,12 +285,6 @@ export interface ClusterIAMMemberState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - cluster?: pulumi.Input; - condition?: pulumi.Input; - /** - * (Computed) The etag of the clusters's IAM policy. - */ - etag?: pulumi.Input; member?: pulumi.Input; /** * The project in which the cluster belongs. If it @@ -260,8 +314,11 @@ export interface ClusterIAMMemberArgs { * The name or relative resource id of the cluster to manage IAM policies for. * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + cluster: pulumi.Input; + condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -270,8 +327,6 @@ export interface ClusterIAMMemberArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - cluster: pulumi.Input; - condition?: pulumi.Input; member: pulumi.Input; /** * The project in which the cluster belongs. If it diff --git a/sdk/nodejs/dataproc/clusterIAMPolicy.ts b/sdk/nodejs/dataproc/clusterIAMPolicy.ts index 5675b4e9f6..0956bd470d 100644 --- a/sdk/nodejs/dataproc/clusterIAMPolicy.ts +++ b/sdk/nodejs/dataproc/clusterIAMPolicy.ts @@ -67,6 +67,58 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataproc\_cluster\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.dataproc.ClusterIAMPolicy("editor", { + * project: "your-project", + * region: "your-region", + * cluster: "your-dataproc-cluster", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataproc\_cluster\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.dataproc.ClusterIAMBinding("editor", { + * cluster: "your-dataproc-cluster", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataproc\_cluster\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.dataproc.ClusterIAMMember("editor", { + * cluster: "your-dataproc-cluster", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -125,15 +177,6 @@ export class ClusterIAMPolicy extends pulumi.CustomResource { * The name or relative resource id of the cluster to manage IAM policies for. * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly cluster!: pulumi.Output; /** @@ -202,15 +245,6 @@ export interface ClusterIAMPolicyState { * The name or relative resource id of the cluster to manage IAM policies for. * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ cluster?: pulumi.Input; /** @@ -243,15 +277,6 @@ export interface ClusterIAMPolicyArgs { * The name or relative resource id of the cluster to manage IAM policies for. * * For `gcp.dataproc.ClusterIAMMember` or `gcp.dataproc.ClusterIAMBinding`: - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ cluster: pulumi.Input; /** diff --git a/sdk/nodejs/dataproc/jobIAMBinding.ts b/sdk/nodejs/dataproc/jobIAMBinding.ts index ba21370d21..097648dafc 100644 --- a/sdk/nodejs/dataproc/jobIAMBinding.ts +++ b/sdk/nodejs/dataproc/jobIAMBinding.ts @@ -69,6 +69,58 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataproc\_job\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.dataproc.JobIAMPolicy("editor", { + * project: "your-project", + * region: "your-region", + * jobId: "your-dataproc-job", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataproc\_job\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.dataproc.JobIAMBinding("editor", { + * jobId: "your-dataproc-job", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataproc\_job\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.dataproc.JobIAMMember("editor", { + * jobId: "your-dataproc-job", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -129,6 +181,16 @@ export class JobIAMBinding extends pulumi.CustomResource { */ public /*out*/ readonly etag!: pulumi.Output; public readonly jobId!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly members!: pulumi.Output; /** * The project in which the job belongs. If it @@ -203,6 +265,16 @@ export interface JobIAMBindingState { */ etag?: pulumi.Input; jobId?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ members?: pulumi.Input[]>; /** * The project in which the job belongs. If it @@ -230,6 +302,16 @@ export interface JobIAMBindingState { export interface JobIAMBindingArgs { condition?: pulumi.Input; jobId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ members: pulumi.Input[]>; /** * The project in which the job belongs. If it diff --git a/sdk/nodejs/dataproc/jobIAMMember.ts b/sdk/nodejs/dataproc/jobIAMMember.ts index 091620da29..87a8953ba3 100644 --- a/sdk/nodejs/dataproc/jobIAMMember.ts +++ b/sdk/nodejs/dataproc/jobIAMMember.ts @@ -69,6 +69,58 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataproc\_job\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.dataproc.JobIAMPolicy("editor", { + * project: "your-project", + * region: "your-region", + * jobId: "your-dataproc-job", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataproc\_job\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.dataproc.JobIAMBinding("editor", { + * jobId: "your-dataproc-job", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataproc\_job\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.dataproc.JobIAMMember("editor", { + * jobId: "your-dataproc-job", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -129,6 +181,16 @@ export class JobIAMMember extends pulumi.CustomResource { */ public /*out*/ readonly etag!: pulumi.Output; public readonly jobId!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly member!: pulumi.Output; /** * The project in which the job belongs. If it @@ -203,6 +265,16 @@ export interface JobIAMMemberState { */ etag?: pulumi.Input; jobId?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member?: pulumi.Input; /** * The project in which the job belongs. If it @@ -230,6 +302,16 @@ export interface JobIAMMemberState { export interface JobIAMMemberArgs { condition?: pulumi.Input; jobId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member: pulumi.Input; /** * The project in which the job belongs. If it diff --git a/sdk/nodejs/dataproc/jobIAMPolicy.ts b/sdk/nodejs/dataproc/jobIAMPolicy.ts index 3381a289a5..88326c3485 100644 --- a/sdk/nodejs/dataproc/jobIAMPolicy.ts +++ b/sdk/nodejs/dataproc/jobIAMPolicy.ts @@ -67,6 +67,58 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataproc\_job\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.dataproc.JobIAMPolicy("editor", { + * project: "your-project", + * region: "your-region", + * jobId: "your-dataproc-job", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataproc\_job\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.dataproc.JobIAMBinding("editor", { + * jobId: "your-dataproc-job", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataproc\_job\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.dataproc.JobIAMMember("editor", { + * jobId: "your-dataproc-job", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies diff --git a/sdk/nodejs/dataproc/metastoreFederationIamBinding.ts b/sdk/nodejs/dataproc/metastoreFederationIamBinding.ts index c6cc0aadc1..943f0e4358 100644 --- a/sdk/nodejs/dataproc/metastoreFederationIamBinding.ts +++ b/sdk/nodejs/dataproc/metastoreFederationIamBinding.ts @@ -84,12 +84,8 @@ export class MetastoreFederationIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -101,6 +97,11 @@ export class MetastoreFederationIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -168,12 +169,8 @@ export interface MetastoreFederationIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -185,6 +182,11 @@ export interface MetastoreFederationIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -205,12 +207,8 @@ export interface MetastoreFederationIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -222,6 +220,11 @@ export interface MetastoreFederationIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataproc/metastoreFederationIamMember.ts b/sdk/nodejs/dataproc/metastoreFederationIamMember.ts index 745ee6874e..466bec4cf1 100644 --- a/sdk/nodejs/dataproc/metastoreFederationIamMember.ts +++ b/sdk/nodejs/dataproc/metastoreFederationIamMember.ts @@ -84,12 +84,8 @@ export class MetastoreFederationIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -101,6 +97,11 @@ export class MetastoreFederationIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -168,12 +169,8 @@ export interface MetastoreFederationIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -185,6 +182,11 @@ export interface MetastoreFederationIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -205,12 +207,8 @@ export interface MetastoreFederationIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -222,6 +220,11 @@ export interface MetastoreFederationIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataproc/metastoreFederationIamPolicy.ts b/sdk/nodejs/dataproc/metastoreFederationIamPolicy.ts index f0d1d58bd0..7a7426cd09 100644 --- a/sdk/nodejs/dataproc/metastoreFederationIamPolicy.ts +++ b/sdk/nodejs/dataproc/metastoreFederationIamPolicy.ts @@ -89,18 +89,6 @@ export class MetastoreFederationIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -163,18 +151,6 @@ export interface MetastoreFederationIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -197,18 +173,6 @@ export interface MetastoreFederationIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/dataproc/metastoreServiceIamBinding.ts b/sdk/nodejs/dataproc/metastoreServiceIamBinding.ts index 6e62325e4e..b66f0a54d8 100644 --- a/sdk/nodejs/dataproc/metastoreServiceIamBinding.ts +++ b/sdk/nodejs/dataproc/metastoreServiceIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataproc\_metastore\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataproc.MetastoreServiceIamPolicy("policy", { + * project: _default.project, + * location: _default.location, + * serviceId: _default.serviceId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataproc\_metastore\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataproc.MetastoreServiceIamBinding("binding", { + * project: _default.project, + * location: _default.location, + * serviceId: _default.serviceId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataproc\_metastore\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataproc.MetastoreServiceIamMember("member", { + * project: _default.project, + * location: _default.location, + * serviceId: _default.serviceId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,12 +210,8 @@ export class MetastoreServiceIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -171,6 +223,11 @@ export class MetastoreServiceIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -239,12 +296,8 @@ export interface MetastoreServiceIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +309,11 @@ export interface MetastoreServiceIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -277,12 +335,8 @@ export interface MetastoreServiceIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -294,6 +348,11 @@ export interface MetastoreServiceIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataproc/metastoreServiceIamMember.ts b/sdk/nodejs/dataproc/metastoreServiceIamMember.ts index 171ea0cca1..cc2f3d03de 100644 --- a/sdk/nodejs/dataproc/metastoreServiceIamMember.ts +++ b/sdk/nodejs/dataproc/metastoreServiceIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataproc\_metastore\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataproc.MetastoreServiceIamPolicy("policy", { + * project: _default.project, + * location: _default.location, + * serviceId: _default.serviceId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataproc\_metastore\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataproc.MetastoreServiceIamBinding("binding", { + * project: _default.project, + * location: _default.location, + * serviceId: _default.serviceId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataproc\_metastore\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataproc.MetastoreServiceIamMember("member", { + * project: _default.project, + * location: _default.location, + * serviceId: _default.serviceId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,12 +210,8 @@ export class MetastoreServiceIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -171,6 +223,11 @@ export class MetastoreServiceIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -239,12 +296,8 @@ export interface MetastoreServiceIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +309,11 @@ export interface MetastoreServiceIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -277,12 +335,8 @@ export interface MetastoreServiceIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -294,6 +348,11 @@ export interface MetastoreServiceIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dataproc/metastoreServiceIamPolicy.ts b/sdk/nodejs/dataproc/metastoreServiceIamPolicy.ts index fa8eba2bc2..40d7f1ac83 100644 --- a/sdk/nodejs/dataproc/metastoreServiceIamPolicy.ts +++ b/sdk/nodejs/dataproc/metastoreServiceIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dataproc\_metastore\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dataproc.MetastoreServiceIamPolicy("policy", { + * project: _default.project, + * location: _default.location, + * serviceId: _default.serviceId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dataproc\_metastore\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dataproc.MetastoreServiceIamBinding("binding", { + * project: _default.project, + * location: _default.location, + * serviceId: _default.serviceId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dataproc\_metastore\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dataproc.MetastoreServiceIamMember("member", { + * project: _default.project, + * location: _default.location, + * serviceId: _default.serviceId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -159,18 +215,6 @@ export class MetastoreServiceIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly serviceId!: pulumi.Output; @@ -234,18 +278,6 @@ export interface MetastoreServiceIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; serviceId?: pulumi.Input; @@ -269,18 +301,6 @@ export interface MetastoreServiceIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; serviceId: pulumi.Input; diff --git a/sdk/nodejs/dns/dnsManagedZoneIamBinding.ts b/sdk/nodejs/dns/dnsManagedZoneIamBinding.ts index 3a5edfca7d..60081b696c 100644 --- a/sdk/nodejs/dns/dnsManagedZoneIamBinding.ts +++ b/sdk/nodejs/dns/dnsManagedZoneIamBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dns\_managed\_zone\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dns.DnsManagedZoneIamPolicy("policy", { + * project: _default.project, + * managedZone: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dns\_managed\_zone\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dns.DnsManagedZoneIamBinding("binding", { + * project: _default.project, + * managedZone: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dns\_managed\_zone\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dns.DnsManagedZoneIamMember("member", { + * project: _default.project, + * managedZone: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -147,12 +200,8 @@ export class DnsManagedZoneIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly managedZone!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,6 +213,11 @@ export class DnsManagedZoneIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -227,12 +281,8 @@ export interface DnsManagedZoneIamBindingState { * Used to find the parent resource to bind the IAM policy to */ managedZone?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,6 +294,11 @@ export interface DnsManagedZoneIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -262,12 +317,8 @@ export interface DnsManagedZoneIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ managedZone: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -279,6 +330,11 @@ export interface DnsManagedZoneIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dns/dnsManagedZoneIamMember.ts b/sdk/nodejs/dns/dnsManagedZoneIamMember.ts index f7b348067a..fdd21ea526 100644 --- a/sdk/nodejs/dns/dnsManagedZoneIamMember.ts +++ b/sdk/nodejs/dns/dnsManagedZoneIamMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dns\_managed\_zone\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dns.DnsManagedZoneIamPolicy("policy", { + * project: _default.project, + * managedZone: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dns\_managed\_zone\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dns.DnsManagedZoneIamBinding("binding", { + * project: _default.project, + * managedZone: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dns\_managed\_zone\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dns.DnsManagedZoneIamMember("member", { + * project: _default.project, + * managedZone: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -147,12 +200,8 @@ export class DnsManagedZoneIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly managedZone!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,6 +213,11 @@ export class DnsManagedZoneIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -227,12 +281,8 @@ export interface DnsManagedZoneIamMemberState { * Used to find the parent resource to bind the IAM policy to */ managedZone?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,6 +294,11 @@ export interface DnsManagedZoneIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -262,12 +317,8 @@ export interface DnsManagedZoneIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ managedZone: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -279,6 +330,11 @@ export interface DnsManagedZoneIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/dns/dnsManagedZoneIamPolicy.ts b/sdk/nodejs/dns/dnsManagedZoneIamPolicy.ts index b282e3c633..b616c726dc 100644 --- a/sdk/nodejs/dns/dnsManagedZoneIamPolicy.ts +++ b/sdk/nodejs/dns/dnsManagedZoneIamPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_dns\_managed\_zone\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.dns.DnsManagedZoneIamPolicy("policy", { + * project: _default.project, + * managedZone: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_dns\_managed\_zone\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.dns.DnsManagedZoneIamBinding("binding", { + * project: _default.project, + * managedZone: _default.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_dns\_managed\_zone\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.dns.DnsManagedZoneIamMember("member", { + * project: _default.project, + * managedZone: _default.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,18 +205,6 @@ export class DnsManagedZoneIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -222,18 +263,6 @@ export interface DnsManagedZoneIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -254,18 +283,6 @@ export interface DnsManagedZoneIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/endpoints/consumersIamBinding.ts b/sdk/nodejs/endpoints/consumersIamBinding.ts index 11f6d3ff57..4085a289f7 100644 --- a/sdk/nodejs/endpoints/consumersIamBinding.ts +++ b/sdk/nodejs/endpoints/consumersIamBinding.ts @@ -91,6 +91,19 @@ export class ConsumersIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ public readonly members!: pulumi.Output; /** * The role that should be applied. Only one @@ -155,6 +168,19 @@ export interface ConsumersIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ members?: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -171,6 +197,19 @@ export interface ConsumersIamBindingState { export interface ConsumersIamBindingArgs { condition?: pulumi.Input; consumerProject: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ members: pulumi.Input[]>; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/endpoints/consumersIamMember.ts b/sdk/nodejs/endpoints/consumersIamMember.ts index 9ba9cec4f6..2c4d981185 100644 --- a/sdk/nodejs/endpoints/consumersIamMember.ts +++ b/sdk/nodejs/endpoints/consumersIamMember.ts @@ -91,6 +91,19 @@ export class ConsumersIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -155,6 +168,19 @@ export interface ConsumersIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ member?: pulumi.Input; /** * The role that should be applied. Only one @@ -171,6 +197,19 @@ export interface ConsumersIamMemberState { export interface ConsumersIamMemberArgs { condition?: pulumi.Input; consumerProject: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ member: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/endpoints/serviceIamBinding.ts b/sdk/nodejs/endpoints/serviceIamBinding.ts index a8d689df6c..f8e130f588 100644 --- a/sdk/nodejs/endpoints/serviceIamBinding.ts +++ b/sdk/nodejs/endpoints/serviceIamBinding.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_endpoints\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.endpoints.ServiceIamPolicy("policy", { + * serviceName: endpointsService.serviceName, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_endpoints\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.endpoints.ServiceIamBinding("binding", { + * serviceName: endpointsService.serviceName, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_endpoints\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.endpoints.ServiceIamMember("member", { + * serviceName: endpointsService.serviceName, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -138,6 +188,19 @@ export class ServiceIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ public readonly members!: pulumi.Output; /** * The role that should be applied. Only one @@ -196,6 +259,19 @@ export interface ServiceIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ members?: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -211,6 +287,19 @@ export interface ServiceIamBindingState { */ export interface ServiceIamBindingArgs { condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ members: pulumi.Input[]>; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/endpoints/serviceIamMember.ts b/sdk/nodejs/endpoints/serviceIamMember.ts index 6402cdfe83..36fac39d37 100644 --- a/sdk/nodejs/endpoints/serviceIamMember.ts +++ b/sdk/nodejs/endpoints/serviceIamMember.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_endpoints\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.endpoints.ServiceIamPolicy("policy", { + * serviceName: endpointsService.serviceName, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_endpoints\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.endpoints.ServiceIamBinding("binding", { + * serviceName: endpointsService.serviceName, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_endpoints\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.endpoints.ServiceIamMember("member", { + * serviceName: endpointsService.serviceName, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -138,6 +188,19 @@ export class ServiceIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -196,6 +259,19 @@ export interface ServiceIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ member?: pulumi.Input; /** * The role that should be applied. Only one @@ -211,6 +287,19 @@ export interface ServiceIamMemberState { */ export interface ServiceIamMemberArgs { condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ member: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/endpoints/serviceIamPolicy.ts b/sdk/nodejs/endpoints/serviceIamPolicy.ts index 2134a8fca6..0537df106f 100644 --- a/sdk/nodejs/endpoints/serviceIamPolicy.ts +++ b/sdk/nodejs/endpoints/serviceIamPolicy.ts @@ -69,6 +69,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_endpoints\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.endpoints.ServiceIamPolicy("policy", { + * serviceName: endpointsService.serviceName, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_endpoints\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.endpoints.ServiceIamBinding("binding", { + * serviceName: endpointsService.serviceName, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_endpoints\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.endpoints.ServiceIamMember("member", { + * serviceName: endpointsService.serviceName, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/nodejs/folder/iamAuditConfig.ts b/sdk/nodejs/folder/iamAuditConfig.ts index 8095bfd3c5..daa6b7b604 100644 --- a/sdk/nodejs/folder/iamAuditConfig.ts +++ b/sdk/nodejs/folder/iamAuditConfig.ts @@ -167,6 +167,152 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_folder\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your folder + * using this resource. Deleting a `gcp.folder.IAMPolicy` removes access + * from anyone without permissions on its parent folder/organization. Proceed with caution. + * It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder + * to avoid locking yourself out, and it should generally only be used with folders + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const folder = new gcp.folder.IAMPolicy("folder", { + * folder: "folders/1234567", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const folder = new gcp.folder.IAMPolicy("folder", { + * folder: "folders/1234567", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_folder\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IAMBinding("folder", { + * folder: "folders/1234567", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IAMBinding("folder", { + * folder: "folders/1234567", + * role: "roles/container.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_folder\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IAMMember("folder", { + * folder: "folders/1234567", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IAMMember("folder", { + * folder: "folders/1234567", + * role: "roles/firebase.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_folder\_iam\_audit\_config + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IamAuditConfig("folder", { + * folder: "folders/1234567", + * service: "allServices", + * auditLogConfigs: [ + * { + * logType: "ADMIN_READ", + * }, + * { + * logType: "DATA_READ", + * exemptedMembers: ["user:joebloggs@example.com"], + * }, + * ], + * }); + * ``` + * + * * ## Import * * ### Importing Audit Configs diff --git a/sdk/nodejs/folder/iammember.ts b/sdk/nodejs/folder/iammember.ts index 52fb690f97..14124cbb3b 100644 --- a/sdk/nodejs/folder/iammember.ts +++ b/sdk/nodejs/folder/iammember.ts @@ -167,6 +167,152 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_folder\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your folder + * using this resource. Deleting a `gcp.folder.IAMPolicy` removes access + * from anyone without permissions on its parent folder/organization. Proceed with caution. + * It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder + * to avoid locking yourself out, and it should generally only be used with folders + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const folder = new gcp.folder.IAMPolicy("folder", { + * folder: "folders/1234567", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const folder = new gcp.folder.IAMPolicy("folder", { + * folder: "folders/1234567", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_folder\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IAMBinding("folder", { + * folder: "folders/1234567", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IAMBinding("folder", { + * folder: "folders/1234567", + * role: "roles/container.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_folder\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IAMMember("folder", { + * folder: "folders/1234567", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IAMMember("folder", { + * folder: "folders/1234567", + * role: "roles/firebase.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_folder\_iam\_audit\_config + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IamAuditConfig("folder", { + * folder: "folders/1234567", + * service: "allServices", + * auditLogConfigs: [ + * { + * logType: "ADMIN_READ", + * }, + * { + * logType: "DATA_READ", + * exemptedMembers: ["user:joebloggs@example.com"], + * }, + * ], + * }); + * ``` + * + * * ## Import * * ### Importing Audit Configs @@ -234,6 +380,14 @@ export class IAMMember extends pulumi.CustomResource { * The resource name of the folder the policy is attached to. Its format is folders/{folder_id}. */ public readonly folder!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -299,6 +453,14 @@ export interface IAMMemberState { * The resource name of the folder the policy is attached to. Its format is folders/{folder_id}. */ folder?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member?: pulumi.Input; /** * The role that should be applied. Only one @@ -321,6 +483,14 @@ export interface IAMMemberArgs { * The resource name of the folder the policy is attached to. Its format is folders/{folder_id}. */ folder: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/folder/iampolicy.ts b/sdk/nodejs/folder/iampolicy.ts index 57a42518cf..955f7faff0 100644 --- a/sdk/nodejs/folder/iampolicy.ts +++ b/sdk/nodejs/folder/iampolicy.ts @@ -165,6 +165,152 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_folder\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your folder + * using this resource. Deleting a `gcp.folder.IAMPolicy` removes access + * from anyone without permissions on its parent folder/organization. Proceed with caution. + * It's not recommended to use `gcp.folder.IAMPolicy` with your provider folder + * to avoid locking yourself out, and it should generally only be used with folders + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const folder = new gcp.folder.IAMPolicy("folder", { + * folder: "folders/1234567", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const folder = new gcp.folder.IAMPolicy("folder", { + * folder: "folders/1234567", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_folder\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IAMBinding("folder", { + * folder: "folders/1234567", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IAMBinding("folder", { + * folder: "folders/1234567", + * role: "roles/container.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_folder\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IAMMember("folder", { + * folder: "folders/1234567", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IAMMember("folder", { + * folder: "folders/1234567", + * role: "roles/firebase.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_folder\_iam\_audit\_config + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const folder = new gcp.folder.IamAuditConfig("folder", { + * folder: "folders/1234567", + * service: "allServices", + * auditLogConfigs: [ + * { + * logType: "ADMIN_READ", + * }, + * { + * logType: "DATA_READ", + * exemptedMembers: ["user:joebloggs@example.com"], + * }, + * ], + * }); + * ``` + * + * * ## Import * * ### Importing Audit Configs diff --git a/sdk/nodejs/gkebackup/backupPlanIamBinding.ts b/sdk/nodejs/gkebackup/backupPlanIamBinding.ts index 19e59bac6c..7b6c069177 100644 --- a/sdk/nodejs/gkebackup/backupPlanIamBinding.ts +++ b/sdk/nodejs/gkebackup/backupPlanIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_gke\_backup\_backup\_plan\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.gkebackup.BackupPlanIamPolicy("policy", { + * project: basic.project, + * location: basic.location, + * name: basic.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_gke\_backup\_backup\_plan\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.gkebackup.BackupPlanIamBinding("binding", { + * project: basic.project, + * location: basic.location, + * name: basic.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_gke\_backup\_backup\_plan\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.gkebackup.BackupPlanIamMember("member", { + * project: basic.project, + * location: basic.location, + * name: basic.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,16 +209,8 @@ export class BackupPlanIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -174,6 +222,15 @@ export class BackupPlanIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -237,16 +294,8 @@ export interface BackupPlanIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -258,6 +307,15 @@ export interface BackupPlanIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -277,16 +335,8 @@ export interface BackupPlanIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -298,6 +348,15 @@ export interface BackupPlanIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/gkebackup/backupPlanIamMember.ts b/sdk/nodejs/gkebackup/backupPlanIamMember.ts index 2e06fc2c96..fc5aad2dda 100644 --- a/sdk/nodejs/gkebackup/backupPlanIamMember.ts +++ b/sdk/nodejs/gkebackup/backupPlanIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_gke\_backup\_backup\_plan\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.gkebackup.BackupPlanIamPolicy("policy", { + * project: basic.project, + * location: basic.location, + * name: basic.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_gke\_backup\_backup\_plan\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.gkebackup.BackupPlanIamBinding("binding", { + * project: basic.project, + * location: basic.location, + * name: basic.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_gke\_backup\_backup\_plan\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.gkebackup.BackupPlanIamMember("member", { + * project: basic.project, + * location: basic.location, + * name: basic.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -153,16 +209,8 @@ export class BackupPlanIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -174,6 +222,15 @@ export class BackupPlanIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -237,16 +294,8 @@ export interface BackupPlanIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -258,6 +307,15 @@ export interface BackupPlanIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -277,16 +335,8 @@ export interface BackupPlanIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -298,6 +348,15 @@ export interface BackupPlanIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/gkebackup/backupPlanIamPolicy.ts b/sdk/nodejs/gkebackup/backupPlanIamPolicy.ts index 64ec233167..f3c9b56b37 100644 --- a/sdk/nodejs/gkebackup/backupPlanIamPolicy.ts +++ b/sdk/nodejs/gkebackup/backupPlanIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_gke\_backup\_backup\_plan\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.gkebackup.BackupPlanIamPolicy("policy", { + * project: basic.project, + * location: basic.location, + * name: basic.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_gke\_backup\_backup\_plan\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.gkebackup.BackupPlanIamBinding("binding", { + * project: basic.project, + * location: basic.location, + * name: basic.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_gke\_backup\_backup\_plan\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.gkebackup.BackupPlanIamMember("member", { + * project: basic.project, + * location: basic.location, + * name: basic.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -162,18 +218,6 @@ export class BackupPlanIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -236,18 +280,6 @@ export interface BackupPlanIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -273,18 +305,6 @@ export interface BackupPlanIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/gkehub/featureIamBinding.ts b/sdk/nodejs/gkehub/featureIamBinding.ts index 94b066aad6..7524067205 100644 --- a/sdk/nodejs/gkehub/featureIamBinding.ts +++ b/sdk/nodejs/gkehub/featureIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_gke\_hub\_feature\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.gkehub.FeatureIamPolicy("policy", { + * project: feature.project, + * location: feature.location, + * name: feature.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_gke\_hub\_feature\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.gkehub.FeatureIamBinding("binding", { + * project: feature.project, + * location: feature.location, + * name: feature.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_gke\_hub\_feature\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.gkehub.FeatureIamMember("member", { + * project: feature.project, + * location: feature.location, + * name: feature.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,16 +208,8 @@ export class FeatureIamBinding extends pulumi.CustomResource { * The location for the resource Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +221,15 @@ export class FeatureIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -235,16 +292,8 @@ export interface FeatureIamBindingState { * The location for the resource Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,15 @@ export interface FeatureIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,16 +332,8 @@ export interface FeatureIamBindingArgs { * The location for the resource Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +345,15 @@ export interface FeatureIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/gkehub/featureIamMember.ts b/sdk/nodejs/gkehub/featureIamMember.ts index a4fe29273c..36a7b4bb0c 100644 --- a/sdk/nodejs/gkehub/featureIamMember.ts +++ b/sdk/nodejs/gkehub/featureIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_gke\_hub\_feature\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.gkehub.FeatureIamPolicy("policy", { + * project: feature.project, + * location: feature.location, + * name: feature.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_gke\_hub\_feature\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.gkehub.FeatureIamBinding("binding", { + * project: feature.project, + * location: feature.location, + * name: feature.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_gke\_hub\_feature\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.gkehub.FeatureIamMember("member", { + * project: feature.project, + * location: feature.location, + * name: feature.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,16 +208,8 @@ export class FeatureIamMember extends pulumi.CustomResource { * The location for the resource Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - */ - public readonly name!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +221,15 @@ export class FeatureIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ + public readonly name!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -235,16 +292,8 @@ export interface FeatureIamMemberState { * The location for the resource Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; - /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,15 @@ export interface FeatureIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,16 +332,8 @@ export interface FeatureIamMemberArgs { * The location for the resource Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - */ - name?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +345,15 @@ export interface FeatureIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ + name?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/gkehub/featureIamPolicy.ts b/sdk/nodejs/gkehub/featureIamPolicy.ts index b6de7cc581..7479987d9e 100644 --- a/sdk/nodejs/gkehub/featureIamPolicy.ts +++ b/sdk/nodejs/gkehub/featureIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_gke\_hub\_feature\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.gkehub.FeatureIamPolicy("policy", { + * project: feature.project, + * location: feature.location, + * name: feature.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_gke\_hub\_feature\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.gkehub.FeatureIamBinding("binding", { + * project: feature.project, + * location: feature.location, + * name: feature.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_gke\_hub\_feature\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.gkehub.FeatureIamMember("member", { + * project: feature.project, + * location: feature.location, + * name: feature.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,18 +217,6 @@ export class FeatureIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -234,18 +278,6 @@ export interface FeatureIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -270,18 +302,6 @@ export interface FeatureIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/gkehub/membershipIamBinding.ts b/sdk/nodejs/gkehub/membershipIamBinding.ts index 68acab5232..35d6b33d23 100644 --- a/sdk/nodejs/gkehub/membershipIamBinding.ts +++ b/sdk/nodejs/gkehub/membershipIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_gke\_hub\_membership\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.gkehub.MembershipIamPolicy("policy", { + * project: membership.project, + * location: membership.location, + * membershipId: membership.membershipId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_gke\_hub\_membership\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.gkehub.MembershipIamBinding("binding", { + * project: membership.project, + * location: membership.location, + * membershipId: membership.membershipId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_gke\_hub\_membership\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.gkehub.MembershipIamMember("member", { + * project: membership.project, + * location: membership.location, + * membershipId: membership.membershipId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,13 +210,8 @@ export class MembershipIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; - public readonly membershipId!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -172,6 +223,12 @@ export class MembershipIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + public readonly membershipId!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -239,13 +296,8 @@ export interface MembershipIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; - membershipId?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -257,6 +309,12 @@ export interface MembershipIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + membershipId?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -277,13 +335,8 @@ export interface MembershipIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; - membershipId: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +348,12 @@ export interface MembershipIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + membershipId: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/gkehub/membershipIamMember.ts b/sdk/nodejs/gkehub/membershipIamMember.ts index 000701e2ed..53d3b55d1a 100644 --- a/sdk/nodejs/gkehub/membershipIamMember.ts +++ b/sdk/nodejs/gkehub/membershipIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_gke\_hub\_membership\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.gkehub.MembershipIamPolicy("policy", { + * project: membership.project, + * location: membership.location, + * membershipId: membership.membershipId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_gke\_hub\_membership\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.gkehub.MembershipIamBinding("binding", { + * project: membership.project, + * location: membership.location, + * membershipId: membership.membershipId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_gke\_hub\_membership\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.gkehub.MembershipIamMember("member", { + * project: membership.project, + * location: membership.location, + * membershipId: membership.membershipId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -154,13 +210,8 @@ export class MembershipIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; - public readonly membershipId!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -172,6 +223,12 @@ export class MembershipIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + public readonly membershipId!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -239,13 +296,8 @@ export interface MembershipIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; - membershipId?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -257,6 +309,12 @@ export interface MembershipIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + membershipId?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -277,13 +335,8 @@ export interface MembershipIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; - membershipId: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,6 +348,12 @@ export interface MembershipIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + membershipId: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/gkehub/membershipIamPolicy.ts b/sdk/nodejs/gkehub/membershipIamPolicy.ts index ce7c4adcaa..ba3cc423ed 100644 --- a/sdk/nodejs/gkehub/membershipIamPolicy.ts +++ b/sdk/nodejs/gkehub/membershipIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_gke\_hub\_membership\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.gkehub.MembershipIamPolicy("policy", { + * project: membership.project, + * location: membership.location, + * membershipId: membership.membershipId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_gke\_hub\_membership\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.gkehub.MembershipIamBinding("binding", { + * project: membership.project, + * location: membership.location, + * membershipId: membership.membershipId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_gke\_hub\_membership\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.gkehub.MembershipIamMember("member", { + * project: membership.project, + * location: membership.location, + * membershipId: membership.membershipId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -160,18 +216,6 @@ export class MembershipIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -235,18 +279,6 @@ export interface MembershipIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -270,18 +302,6 @@ export interface MembershipIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/gkehub/scopeIamBinding.ts b/sdk/nodejs/gkehub/scopeIamBinding.ts index 2bfa14a987..d4668a0f73 100644 --- a/sdk/nodejs/gkehub/scopeIamBinding.ts +++ b/sdk/nodejs/gkehub/scopeIamBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_gke\_hub\_scope\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.gkehub.ScopeIamPolicy("policy", { + * project: scope.project, + * scopeId: scope.scopeId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_gke\_hub\_scope\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.gkehub.ScopeIamBinding("binding", { + * project: scope.project, + * scopeId: scope.scopeId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_gke\_hub\_scope\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.gkehub.ScopeIamMember("member", { + * project: scope.project, + * scopeId: scope.scopeId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,12 +196,8 @@ export class ScopeIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +209,11 @@ export class ScopeIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -220,12 +274,8 @@ export interface ScopeIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -237,6 +287,11 @@ export interface ScopeIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -252,12 +307,8 @@ export interface ScopeIamBindingState { */ export interface ScopeIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -269,6 +320,11 @@ export interface ScopeIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/gkehub/scopeIamMember.ts b/sdk/nodejs/gkehub/scopeIamMember.ts index 47f62a0780..48cb507855 100644 --- a/sdk/nodejs/gkehub/scopeIamMember.ts +++ b/sdk/nodejs/gkehub/scopeIamMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_gke\_hub\_scope\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.gkehub.ScopeIamPolicy("policy", { + * project: scope.project, + * scopeId: scope.scopeId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_gke\_hub\_scope\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.gkehub.ScopeIamBinding("binding", { + * project: scope.project, + * scopeId: scope.scopeId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_gke\_hub\_scope\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.gkehub.ScopeIamMember("member", { + * project: scope.project, + * scopeId: scope.scopeId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,12 +196,8 @@ export class ScopeIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +209,11 @@ export class ScopeIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -220,12 +274,8 @@ export interface ScopeIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -237,6 +287,11 @@ export interface ScopeIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -252,12 +307,8 @@ export interface ScopeIamMemberState { */ export interface ScopeIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -269,6 +320,11 @@ export interface ScopeIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/gkehub/scopeIamPolicy.ts b/sdk/nodejs/gkehub/scopeIamPolicy.ts index d9f37d937b..fde845351b 100644 --- a/sdk/nodejs/gkehub/scopeIamPolicy.ts +++ b/sdk/nodejs/gkehub/scopeIamPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_gke\_hub\_scope\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.gkehub.ScopeIamPolicy("policy", { + * project: scope.project, + * scopeId: scope.scopeId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_gke\_hub\_scope\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.gkehub.ScopeIamBinding("binding", { + * project: scope.project, + * scopeId: scope.scopeId, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_gke\_hub\_scope\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.gkehub.ScopeIamMember("member", { + * project: scope.project, + * scopeId: scope.scopeId, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -148,18 +201,6 @@ export class ScopeIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly scopeId!: pulumi.Output; @@ -215,18 +256,6 @@ export interface ScopeIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; scopeId?: pulumi.Input; @@ -244,18 +273,6 @@ export interface ScopeIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; scopeId: pulumi.Input; diff --git a/sdk/nodejs/healthcare/consentStoreIamBinding.ts b/sdk/nodejs/healthcare/consentStoreIamBinding.ts index ab810dbacc..330b3140ff 100644 --- a/sdk/nodejs/healthcare/consentStoreIamBinding.ts +++ b/sdk/nodejs/healthcare/consentStoreIamBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_consent\_store\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.healthcare.ConsentStoreIamPolicy("policy", { + * dataset: my_consent.dataset, + * consentStoreId: my_consent.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_consent\_store\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.healthcare.ConsentStoreIamBinding("binding", { + * dataset: my_consent.dataset, + * consentStoreId: my_consent.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_consent\_store\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.healthcare.ConsentStoreIamMember("member", { + * dataset: my_consent.dataset, + * consentStoreId: my_consent.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -145,8 +198,14 @@ export class ConsentStoreIamBinding extends pulumi.CustomResource { * Identifies the dataset addressed by this request. Must be in the format * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly dataset!: pulumi.Output; + /** + * (Computed) The etag of the IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -158,11 +217,6 @@ export class ConsentStoreIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - public readonly dataset!: pulumi.Output; - /** - * (Computed) The etag of the IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly members!: pulumi.Output; /** * The role that should be applied. Only one @@ -229,8 +283,14 @@ export interface ConsentStoreIamBindingState { * Identifies the dataset addressed by this request. Must be in the format * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + dataset?: pulumi.Input; + /** + * (Computed) The etag of the IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -242,11 +302,6 @@ export interface ConsentStoreIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - dataset?: pulumi.Input; - /** - * (Computed) The etag of the IAM policy. - */ - etag?: pulumi.Input; members?: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -269,8 +324,10 @@ export interface ConsentStoreIamBindingArgs { * Identifies the dataset addressed by this request. Must be in the format * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + dataset: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -282,7 +339,6 @@ export interface ConsentStoreIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - dataset: pulumi.Input; members: pulumi.Input[]>; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/healthcare/consentStoreIamMember.ts b/sdk/nodejs/healthcare/consentStoreIamMember.ts index cf2988dca9..c2a37ead05 100644 --- a/sdk/nodejs/healthcare/consentStoreIamMember.ts +++ b/sdk/nodejs/healthcare/consentStoreIamMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_consent\_store\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.healthcare.ConsentStoreIamPolicy("policy", { + * dataset: my_consent.dataset, + * consentStoreId: my_consent.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_consent\_store\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.healthcare.ConsentStoreIamBinding("binding", { + * dataset: my_consent.dataset, + * consentStoreId: my_consent.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_consent\_store\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.healthcare.ConsentStoreIamMember("member", { + * dataset: my_consent.dataset, + * consentStoreId: my_consent.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -145,8 +198,14 @@ export class ConsentStoreIamMember extends pulumi.CustomResource { * Identifies the dataset addressed by this request. Must be in the format * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly dataset!: pulumi.Output; + /** + * (Computed) The etag of the IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -158,11 +217,6 @@ export class ConsentStoreIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - public readonly dataset!: pulumi.Output; - /** - * (Computed) The etag of the IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -229,8 +283,14 @@ export interface ConsentStoreIamMemberState { * Identifies the dataset addressed by this request. Must be in the format * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + dataset?: pulumi.Input; + /** + * (Computed) The etag of the IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -242,11 +302,6 @@ export interface ConsentStoreIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - dataset?: pulumi.Input; - /** - * (Computed) The etag of the IAM policy. - */ - etag?: pulumi.Input; member?: pulumi.Input; /** * The role that should be applied. Only one @@ -269,8 +324,10 @@ export interface ConsentStoreIamMemberArgs { * Identifies the dataset addressed by this request. Must be in the format * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + dataset: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -282,7 +339,6 @@ export interface ConsentStoreIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - dataset: pulumi.Input; member: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/healthcare/consentStoreIamPolicy.ts b/sdk/nodejs/healthcare/consentStoreIamPolicy.ts index b171c69fd7..36dd659e55 100644 --- a/sdk/nodejs/healthcare/consentStoreIamPolicy.ts +++ b/sdk/nodejs/healthcare/consentStoreIamPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_consent\_store\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.healthcare.ConsentStoreIamPolicy("policy", { + * dataset: my_consent.dataset, + * consentStoreId: my_consent.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_consent\_store\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.healthcare.ConsentStoreIamBinding("binding", { + * dataset: my_consent.dataset, + * consentStoreId: my_consent.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_consent\_store\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.healthcare.ConsentStoreIamMember("member", { + * dataset: my_consent.dataset, + * consentStoreId: my_consent.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -142,18 +195,6 @@ export class ConsentStoreIamPolicy extends pulumi.CustomResource { * Identifies the dataset addressed by this request. Must be in the format * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly dataset!: pulumi.Output; /** @@ -216,18 +257,6 @@ export interface ConsentStoreIamPolicyState { * Identifies the dataset addressed by this request. Must be in the format * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ dataset?: pulumi.Input; /** @@ -253,18 +282,6 @@ export interface ConsentStoreIamPolicyArgs { * Identifies the dataset addressed by this request. Must be in the format * 'projects/{project}/locations/{location}/datasets/{dataset}' * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ dataset: pulumi.Input; /** diff --git a/sdk/nodejs/healthcare/datasetIamBinding.ts b/sdk/nodejs/healthcare/datasetIamBinding.ts index 18b0308eb4..0166fd0146 100644 --- a/sdk/nodejs/healthcare/datasetIamBinding.ts +++ b/sdk/nodejs/healthcare/datasetIamBinding.ts @@ -67,6 +67,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_dataset\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const dataset = new gcp.healthcare.DatasetIamPolicy("dataset", { + * datasetId: "your-dataset-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_dataset\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dataset = new gcp.healthcare.DatasetIamBinding("dataset", { + * datasetId: "your-dataset-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_dataset\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dataset = new gcp.healthcare.DatasetIamMember("dataset", { + * datasetId: "your-dataset-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -127,8 +177,14 @@ export class DatasetIamBinding extends pulumi.CustomResource { * `{project_id}/{location_name}/{dataset_name}` or * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly datasetId!: pulumi.Output; + /** + * (Computed) The etag of the dataset's IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -137,11 +193,6 @@ export class DatasetIamBinding extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly datasetId!: pulumi.Output; - /** - * (Computed) The etag of the dataset's IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly members!: pulumi.Output; /** * The role that should be applied. Only one @@ -200,8 +251,14 @@ export interface DatasetIamBindingState { * `{project_id}/{location_name}/{dataset_name}` or * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + datasetId?: pulumi.Input; + /** + * (Computed) The etag of the dataset's IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -210,11 +267,6 @@ export interface DatasetIamBindingState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - datasetId?: pulumi.Input; - /** - * (Computed) The etag of the dataset's IAM policy. - */ - etag?: pulumi.Input; members?: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -234,8 +286,10 @@ export interface DatasetIamBindingArgs { * `{project_id}/{location_name}/{dataset_name}` or * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + datasetId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,7 +298,6 @@ export interface DatasetIamBindingArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - datasetId: pulumi.Input; members: pulumi.Input[]>; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/healthcare/datasetIamMember.ts b/sdk/nodejs/healthcare/datasetIamMember.ts index 2a7e1ee13e..d3fadba5e3 100644 --- a/sdk/nodejs/healthcare/datasetIamMember.ts +++ b/sdk/nodejs/healthcare/datasetIamMember.ts @@ -67,6 +67,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_dataset\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const dataset = new gcp.healthcare.DatasetIamPolicy("dataset", { + * datasetId: "your-dataset-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_dataset\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dataset = new gcp.healthcare.DatasetIamBinding("dataset", { + * datasetId: "your-dataset-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_dataset\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dataset = new gcp.healthcare.DatasetIamMember("dataset", { + * datasetId: "your-dataset-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -127,8 +177,14 @@ export class DatasetIamMember extends pulumi.CustomResource { * `{project_id}/{location_name}/{dataset_name}` or * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly datasetId!: pulumi.Output; + /** + * (Computed) The etag of the dataset's IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -137,11 +193,6 @@ export class DatasetIamMember extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly datasetId!: pulumi.Output; - /** - * (Computed) The etag of the dataset's IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -200,8 +251,14 @@ export interface DatasetIamMemberState { * `{project_id}/{location_name}/{dataset_name}` or * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + datasetId?: pulumi.Input; + /** + * (Computed) The etag of the dataset's IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -210,11 +267,6 @@ export interface DatasetIamMemberState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - datasetId?: pulumi.Input; - /** - * (Computed) The etag of the dataset's IAM policy. - */ - etag?: pulumi.Input; member?: pulumi.Input; /** * The role that should be applied. Only one @@ -234,8 +286,10 @@ export interface DatasetIamMemberArgs { * `{project_id}/{location_name}/{dataset_name}` or * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + datasetId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,7 +298,6 @@ export interface DatasetIamMemberArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - datasetId: pulumi.Input; member: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/healthcare/datasetIamPolicy.ts b/sdk/nodejs/healthcare/datasetIamPolicy.ts index d7bd8eb9fb..dc50789bcd 100644 --- a/sdk/nodejs/healthcare/datasetIamPolicy.ts +++ b/sdk/nodejs/healthcare/datasetIamPolicy.ts @@ -65,6 +65,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_dataset\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const dataset = new gcp.healthcare.DatasetIamPolicy("dataset", { + * datasetId: "your-dataset-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_dataset\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dataset = new gcp.healthcare.DatasetIamBinding("dataset", { + * datasetId: "your-dataset-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_dataset\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dataset = new gcp.healthcare.DatasetIamMember("dataset", { + * datasetId: "your-dataset-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -124,15 +174,6 @@ export class DatasetIamPolicy extends pulumi.CustomResource { * `{project_id}/{location_name}/{dataset_name}` or * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly datasetId!: pulumi.Output; /** @@ -187,15 +228,6 @@ export interface DatasetIamPolicyState { * `{project_id}/{location_name}/{dataset_name}` or * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ datasetId?: pulumi.Input; /** @@ -218,15 +250,6 @@ export interface DatasetIamPolicyArgs { * `{project_id}/{location_name}/{dataset_name}` or * `{location_name}/{dataset_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ datasetId: pulumi.Input; /** diff --git a/sdk/nodejs/healthcare/dicomStoreIamBinding.ts b/sdk/nodejs/healthcare/dicomStoreIamBinding.ts index fd3557a798..84f8812968 100644 --- a/sdk/nodejs/healthcare/dicomStoreIamBinding.ts +++ b/sdk/nodejs/healthcare/dicomStoreIamBinding.ts @@ -67,6 +67,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_dicom\_store\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const dicomStore = new gcp.healthcare.DicomStoreIamPolicy("dicom_store", { + * dicomStoreId: "your-dicom-store-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_dicom\_store\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dicomStore = new gcp.healthcare.DicomStoreIamBinding("dicom_store", { + * dicomStoreId: "your-dicom-store-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_dicom\_store\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dicomStore = new gcp.healthcare.DicomStoreIamMember("dicom_store", { + * dicomStoreId: "your-dicom-store-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -127,8 +177,14 @@ export class DicomStoreIamBinding extends pulumi.CustomResource { * `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly dicomStoreId!: pulumi.Output; + /** + * (Computed) The etag of the DICOM store's IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -137,11 +193,6 @@ export class DicomStoreIamBinding extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly dicomStoreId!: pulumi.Output; - /** - * (Computed) The etag of the DICOM store's IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly members!: pulumi.Output; /** * The role that should be applied. Only one @@ -200,8 +251,14 @@ export interface DicomStoreIamBindingState { * `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + dicomStoreId?: pulumi.Input; + /** + * (Computed) The etag of the DICOM store's IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -210,11 +267,6 @@ export interface DicomStoreIamBindingState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - dicomStoreId?: pulumi.Input; - /** - * (Computed) The etag of the DICOM store's IAM policy. - */ - etag?: pulumi.Input; members?: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -234,8 +286,10 @@ export interface DicomStoreIamBindingArgs { * `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + dicomStoreId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,7 +298,6 @@ export interface DicomStoreIamBindingArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - dicomStoreId: pulumi.Input; members: pulumi.Input[]>; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/healthcare/dicomStoreIamMember.ts b/sdk/nodejs/healthcare/dicomStoreIamMember.ts index 22d159af02..32157044a6 100644 --- a/sdk/nodejs/healthcare/dicomStoreIamMember.ts +++ b/sdk/nodejs/healthcare/dicomStoreIamMember.ts @@ -67,6 +67,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_dicom\_store\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const dicomStore = new gcp.healthcare.DicomStoreIamPolicy("dicom_store", { + * dicomStoreId: "your-dicom-store-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_dicom\_store\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dicomStore = new gcp.healthcare.DicomStoreIamBinding("dicom_store", { + * dicomStoreId: "your-dicom-store-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_dicom\_store\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dicomStore = new gcp.healthcare.DicomStoreIamMember("dicom_store", { + * dicomStoreId: "your-dicom-store-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -127,8 +177,14 @@ export class DicomStoreIamMember extends pulumi.CustomResource { * `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly dicomStoreId!: pulumi.Output; + /** + * (Computed) The etag of the DICOM store's IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -137,11 +193,6 @@ export class DicomStoreIamMember extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly dicomStoreId!: pulumi.Output; - /** - * (Computed) The etag of the DICOM store's IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -200,8 +251,14 @@ export interface DicomStoreIamMemberState { * `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + dicomStoreId?: pulumi.Input; + /** + * (Computed) The etag of the DICOM store's IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -210,11 +267,6 @@ export interface DicomStoreIamMemberState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - dicomStoreId?: pulumi.Input; - /** - * (Computed) The etag of the DICOM store's IAM policy. - */ - etag?: pulumi.Input; member?: pulumi.Input; /** * The role that should be applied. Only one @@ -234,8 +286,10 @@ export interface DicomStoreIamMemberArgs { * `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + dicomStoreId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,7 +298,6 @@ export interface DicomStoreIamMemberArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - dicomStoreId: pulumi.Input; member: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/healthcare/dicomStoreIamPolicy.ts b/sdk/nodejs/healthcare/dicomStoreIamPolicy.ts index 3f72c89e67..ea2cf02b8b 100644 --- a/sdk/nodejs/healthcare/dicomStoreIamPolicy.ts +++ b/sdk/nodejs/healthcare/dicomStoreIamPolicy.ts @@ -65,6 +65,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_dicom\_store\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const dicomStore = new gcp.healthcare.DicomStoreIamPolicy("dicom_store", { + * dicomStoreId: "your-dicom-store-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_dicom\_store\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dicomStore = new gcp.healthcare.DicomStoreIamBinding("dicom_store", { + * dicomStoreId: "your-dicom-store-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_dicom\_store\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const dicomStore = new gcp.healthcare.DicomStoreIamMember("dicom_store", { + * dicomStoreId: "your-dicom-store-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -124,15 +174,6 @@ export class DicomStoreIamPolicy extends pulumi.CustomResource { * `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly dicomStoreId!: pulumi.Output; /** @@ -187,15 +228,6 @@ export interface DicomStoreIamPolicyState { * `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ dicomStoreId?: pulumi.Input; /** @@ -218,15 +250,6 @@ export interface DicomStoreIamPolicyArgs { * `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or * `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ dicomStoreId: pulumi.Input; /** diff --git a/sdk/nodejs/healthcare/fhirStoreIamBinding.ts b/sdk/nodejs/healthcare/fhirStoreIamBinding.ts index e1972fba35..c6090593d0 100644 --- a/sdk/nodejs/healthcare/fhirStoreIamBinding.ts +++ b/sdk/nodejs/healthcare/fhirStoreIamBinding.ts @@ -67,6 +67,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_fhir\_store\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const fhirStore = new gcp.healthcare.FhirStoreIamPolicy("fhir_store", { + * fhirStoreId: "your-fhir-store-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_fhir\_store\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const fhirStore = new gcp.healthcare.FhirStoreIamBinding("fhir_store", { + * fhirStoreId: "your-fhir-store-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_fhir\_store\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const fhirStore = new gcp.healthcare.FhirStoreIamMember("fhir_store", { + * fhirStoreId: "your-fhir-store-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -131,8 +181,10 @@ export class FhirStoreIamBinding extends pulumi.CustomResource { * `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly fhirStoreId!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -141,7 +193,6 @@ export class FhirStoreIamBinding extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly fhirStoreId!: pulumi.Output; public readonly members!: pulumi.Output; /** * The role that should be applied. Only one @@ -204,8 +255,10 @@ export interface FhirStoreIamBindingState { * `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + fhirStoreId?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -214,7 +267,6 @@ export interface FhirStoreIamBindingState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - fhirStoreId?: pulumi.Input; members?: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -234,8 +286,10 @@ export interface FhirStoreIamBindingArgs { * `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + fhirStoreId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,7 +298,6 @@ export interface FhirStoreIamBindingArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - fhirStoreId: pulumi.Input; members: pulumi.Input[]>; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/healthcare/fhirStoreIamMember.ts b/sdk/nodejs/healthcare/fhirStoreIamMember.ts index 2c84cf915b..81e24b770c 100644 --- a/sdk/nodejs/healthcare/fhirStoreIamMember.ts +++ b/sdk/nodejs/healthcare/fhirStoreIamMember.ts @@ -67,6 +67,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_fhir\_store\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const fhirStore = new gcp.healthcare.FhirStoreIamPolicy("fhir_store", { + * fhirStoreId: "your-fhir-store-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_fhir\_store\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const fhirStore = new gcp.healthcare.FhirStoreIamBinding("fhir_store", { + * fhirStoreId: "your-fhir-store-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_fhir\_store\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const fhirStore = new gcp.healthcare.FhirStoreIamMember("fhir_store", { + * fhirStoreId: "your-fhir-store-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -131,8 +181,10 @@ export class FhirStoreIamMember extends pulumi.CustomResource { * `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly fhirStoreId!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -141,7 +193,6 @@ export class FhirStoreIamMember extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly fhirStoreId!: pulumi.Output; public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -204,8 +255,10 @@ export interface FhirStoreIamMemberState { * `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + fhirStoreId?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -214,7 +267,6 @@ export interface FhirStoreIamMemberState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - fhirStoreId?: pulumi.Input; member?: pulumi.Input; /** * The role that should be applied. Only one @@ -234,8 +286,10 @@ export interface FhirStoreIamMemberArgs { * `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + fhirStoreId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,7 +298,6 @@ export interface FhirStoreIamMemberArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - fhirStoreId: pulumi.Input; member: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/healthcare/fhirStoreIamPolicy.ts b/sdk/nodejs/healthcare/fhirStoreIamPolicy.ts index b4d546f4f9..8f09cd07c5 100644 --- a/sdk/nodejs/healthcare/fhirStoreIamPolicy.ts +++ b/sdk/nodejs/healthcare/fhirStoreIamPolicy.ts @@ -65,6 +65,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_fhir\_store\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const fhirStore = new gcp.healthcare.FhirStoreIamPolicy("fhir_store", { + * fhirStoreId: "your-fhir-store-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_fhir\_store\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const fhirStore = new gcp.healthcare.FhirStoreIamBinding("fhir_store", { + * fhirStoreId: "your-fhir-store-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_fhir\_store\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const fhirStore = new gcp.healthcare.FhirStoreIamMember("fhir_store", { + * fhirStoreId: "your-fhir-store-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -128,15 +178,6 @@ export class FhirStoreIamPolicy extends pulumi.CustomResource { * `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly fhirStoreId!: pulumi.Output; /** @@ -191,15 +232,6 @@ export interface FhirStoreIamPolicyState { * `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ fhirStoreId?: pulumi.Input; /** @@ -218,15 +250,6 @@ export interface FhirStoreIamPolicyArgs { * `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or * `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ fhirStoreId: pulumi.Input; /** diff --git a/sdk/nodejs/healthcare/hl7StoreIamBinding.ts b/sdk/nodejs/healthcare/hl7StoreIamBinding.ts index e75838a7bc..6cd8fb2597 100644 --- a/sdk/nodejs/healthcare/hl7StoreIamBinding.ts +++ b/sdk/nodejs/healthcare/hl7StoreIamBinding.ts @@ -67,6 +67,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy("hl7_v2_store", { + * hl7V2StoreId: "your-hl7-v2-store-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding("hl7_v2_store", { + * hl7V2StoreId: "your-hl7-v2-store-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const hl7V2Store = new gcp.healthcare.Hl7StoreIamMember("hl7_v2_store", { + * hl7V2StoreId: "your-hl7-v2-store-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -131,8 +181,10 @@ export class Hl7StoreIamBinding extends pulumi.CustomResource { * `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly hl7V2StoreId!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -141,7 +193,6 @@ export class Hl7StoreIamBinding extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly hl7V2StoreId!: pulumi.Output; public readonly members!: pulumi.Output; /** * The role that should be applied. Only one @@ -204,8 +255,10 @@ export interface Hl7StoreIamBindingState { * `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + hl7V2StoreId?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -214,7 +267,6 @@ export interface Hl7StoreIamBindingState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - hl7V2StoreId?: pulumi.Input; members?: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -234,8 +286,10 @@ export interface Hl7StoreIamBindingArgs { * `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + hl7V2StoreId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,7 +298,6 @@ export interface Hl7StoreIamBindingArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - hl7V2StoreId: pulumi.Input; members: pulumi.Input[]>; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/healthcare/hl7StoreIamMember.ts b/sdk/nodejs/healthcare/hl7StoreIamMember.ts index d321ee9a18..61eb97880d 100644 --- a/sdk/nodejs/healthcare/hl7StoreIamMember.ts +++ b/sdk/nodejs/healthcare/hl7StoreIamMember.ts @@ -67,6 +67,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy("hl7_v2_store", { + * hl7V2StoreId: "your-hl7-v2-store-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding("hl7_v2_store", { + * hl7V2StoreId: "your-hl7-v2-store-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const hl7V2Store = new gcp.healthcare.Hl7StoreIamMember("hl7_v2_store", { + * hl7V2StoreId: "your-hl7-v2-store-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -131,8 +181,10 @@ export class Hl7StoreIamMember extends pulumi.CustomResource { * `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly hl7V2StoreId!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -141,7 +193,6 @@ export class Hl7StoreIamMember extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly hl7V2StoreId!: pulumi.Output; public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -204,8 +255,10 @@ export interface Hl7StoreIamMemberState { * `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + hl7V2StoreId?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -214,7 +267,6 @@ export interface Hl7StoreIamMemberState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - hl7V2StoreId?: pulumi.Input; member?: pulumi.Input; /** * The role that should be applied. Only one @@ -234,8 +286,10 @@ export interface Hl7StoreIamMemberArgs { * `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + hl7V2StoreId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,7 +298,6 @@ export interface Hl7StoreIamMemberArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - hl7V2StoreId: pulumi.Input; member: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/healthcare/hl7StoreIamPolicy.ts b/sdk/nodejs/healthcare/hl7StoreIamPolicy.ts index 6c61e38306..41dbd4f6bb 100644 --- a/sdk/nodejs/healthcare/hl7StoreIamPolicy.ts +++ b/sdk/nodejs/healthcare/hl7StoreIamPolicy.ts @@ -65,6 +65,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const hl7V2Store = new gcp.healthcare.Hl7StoreIamPolicy("hl7_v2_store", { + * hl7V2StoreId: "your-hl7-v2-store-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const hl7V2Store = new gcp.healthcare.Hl7StoreIamBinding("hl7_v2_store", { + * hl7V2StoreId: "your-hl7-v2-store-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_healthcare\_hl7\_v2\_store\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const hl7V2Store = new gcp.healthcare.Hl7StoreIamMember("hl7_v2_store", { + * hl7V2StoreId: "your-hl7-v2-store-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -128,15 +178,6 @@ export class Hl7StoreIamPolicy extends pulumi.CustomResource { * `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly hl7V2StoreId!: pulumi.Output; /** @@ -191,15 +232,6 @@ export interface Hl7StoreIamPolicyState { * `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ hl7V2StoreId?: pulumi.Input; /** @@ -218,15 +250,6 @@ export interface Hl7StoreIamPolicyArgs { * `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or * `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ hl7V2StoreId: pulumi.Input; /** diff --git a/sdk/nodejs/iap/appEngineServiceIamBinding.ts b/sdk/nodejs/iap/appEngineServiceIamBinding.ts index 8d4f7d52f7..b78ece23ab 100644 --- a/sdk/nodejs/iap/appEngineServiceIamBinding.ts +++ b/sdk/nodejs/iap/appEngineServiceIamBinding.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_app\_engine\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.AppEngineServiceIamPolicy("policy", { + * project: version.project, + * appId: version.project, + * service: version.service, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.AppEngineServiceIamPolicy("policy", { + * project: version.project, + * appId: version.project, + * service: version.service, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_app\_engine\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.AppEngineServiceIamBinding("binding", { + * project: version.project, + * appId: version.project, + * service: version.service, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.AppEngineServiceIamBinding("binding", { + * project: version.project, + * appId: version.project, + * service: version.service, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_app\_engine\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.AppEngineServiceIamMember("member", { + * project: version.project, + * appId: version.project, + * service: version.service, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.AppEngineServiceIamMember("member", { + * project: version.project, + * appId: version.project, + * service: version.service, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -227,12 +352,8 @@ export class AppEngineServiceIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,6 +365,11 @@ export class AppEngineServiceIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -320,12 +446,8 @@ export interface AppEngineServiceIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -337,6 +459,11 @@ export interface AppEngineServiceIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -363,12 +490,8 @@ export interface AppEngineServiceIamBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -380,6 +503,11 @@ export interface AppEngineServiceIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/appEngineServiceIamMember.ts b/sdk/nodejs/iap/appEngineServiceIamMember.ts index 0c328f2c9e..5495eeb3b2 100644 --- a/sdk/nodejs/iap/appEngineServiceIamMember.ts +++ b/sdk/nodejs/iap/appEngineServiceIamMember.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_app\_engine\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.AppEngineServiceIamPolicy("policy", { + * project: version.project, + * appId: version.project, + * service: version.service, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.AppEngineServiceIamPolicy("policy", { + * project: version.project, + * appId: version.project, + * service: version.service, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_app\_engine\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.AppEngineServiceIamBinding("binding", { + * project: version.project, + * appId: version.project, + * service: version.service, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.AppEngineServiceIamBinding("binding", { + * project: version.project, + * appId: version.project, + * service: version.service, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_app\_engine\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.AppEngineServiceIamMember("member", { + * project: version.project, + * appId: version.project, + * service: version.service, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.AppEngineServiceIamMember("member", { + * project: version.project, + * appId: version.project, + * service: version.service, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -227,12 +352,8 @@ export class AppEngineServiceIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -244,6 +365,11 @@ export class AppEngineServiceIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -320,12 +446,8 @@ export interface AppEngineServiceIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -337,6 +459,11 @@ export interface AppEngineServiceIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -363,12 +490,8 @@ export interface AppEngineServiceIamMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -380,6 +503,11 @@ export interface AppEngineServiceIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/appEngineServiceIamPolicy.ts b/sdk/nodejs/iap/appEngineServiceIamPolicy.ts index e3bf20ec44..60ece3e3bf 100644 --- a/sdk/nodejs/iap/appEngineServiceIamPolicy.ts +++ b/sdk/nodejs/iap/appEngineServiceIamPolicy.ts @@ -146,6 +146,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_app\_engine\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.AppEngineServiceIamPolicy("policy", { + * project: version.project, + * appId: version.project, + * service: version.service, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.AppEngineServiceIamPolicy("policy", { + * project: version.project, + * appId: version.project, + * service: version.service, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_app\_engine\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.AppEngineServiceIamBinding("binding", { + * project: version.project, + * appId: version.project, + * service: version.service, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.AppEngineServiceIamBinding("binding", { + * project: version.project, + * appId: version.project, + * service: version.service, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_app\_engine\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.AppEngineServiceIamMember("member", { + * project: version.project, + * appId: version.project, + * service: version.service, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.AppEngineServiceIamMember("member", { + * project: version.project, + * appId: version.project, + * service: version.service, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -228,18 +353,6 @@ export class AppEngineServiceIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -307,18 +420,6 @@ export interface AppEngineServiceIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -343,18 +444,6 @@ export interface AppEngineServiceIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/iap/appEngineVersionIamBinding.ts b/sdk/nodejs/iap/appEngineVersionIamBinding.ts index 972c54c336..a0325ea7dd 100644 --- a/sdk/nodejs/iap/appEngineVersionIamBinding.ts +++ b/sdk/nodejs/iap/appEngineVersionIamBinding.ts @@ -154,6 +154,137 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_app\_engine\_version\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.AppEngineVersionIamPolicy("policy", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.AppEngineVersionIamPolicy("policy", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_app\_engine\_version\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.AppEngineVersionIamBinding("binding", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.AppEngineVersionIamBinding("binding", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_app\_engine\_version\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.AppEngineVersionIamMember("member", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.AppEngineVersionIamMember("member", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -233,12 +364,8 @@ export class AppEngineVersionIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -250,6 +377,11 @@ export class AppEngineVersionIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -335,12 +467,8 @@ export interface AppEngineVersionIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -352,6 +480,11 @@ export interface AppEngineVersionIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -382,12 +515,8 @@ export interface AppEngineVersionIamBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -399,6 +528,11 @@ export interface AppEngineVersionIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/appEngineVersionIamMember.ts b/sdk/nodejs/iap/appEngineVersionIamMember.ts index 0f765f2915..ce322ae7c7 100644 --- a/sdk/nodejs/iap/appEngineVersionIamMember.ts +++ b/sdk/nodejs/iap/appEngineVersionIamMember.ts @@ -154,6 +154,137 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_app\_engine\_version\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.AppEngineVersionIamPolicy("policy", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.AppEngineVersionIamPolicy("policy", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_app\_engine\_version\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.AppEngineVersionIamBinding("binding", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.AppEngineVersionIamBinding("binding", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_app\_engine\_version\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.AppEngineVersionIamMember("member", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.AppEngineVersionIamMember("member", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -233,12 +364,8 @@ export class AppEngineVersionIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -250,6 +377,11 @@ export class AppEngineVersionIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -335,12 +467,8 @@ export interface AppEngineVersionIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -352,6 +480,11 @@ export interface AppEngineVersionIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -382,12 +515,8 @@ export interface AppEngineVersionIamMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -399,6 +528,11 @@ export interface AppEngineVersionIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/appEngineVersionIamPolicy.ts b/sdk/nodejs/iap/appEngineVersionIamPolicy.ts index 42a03643ae..eca043daab 100644 --- a/sdk/nodejs/iap/appEngineVersionIamPolicy.ts +++ b/sdk/nodejs/iap/appEngineVersionIamPolicy.ts @@ -152,6 +152,137 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_app\_engine\_version\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.AppEngineVersionIamPolicy("policy", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.AppEngineVersionIamPolicy("policy", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_app\_engine\_version\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.AppEngineVersionIamBinding("binding", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.AppEngineVersionIamBinding("binding", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_app\_engine\_version\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.AppEngineVersionIamMember("member", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.AppEngineVersionIamMember("member", { + * project: version.project, + * appId: version.project, + * service: version.service, + * versionId: version.versionId, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -234,18 +365,6 @@ export class AppEngineVersionIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -322,18 +441,6 @@ export interface AppEngineVersionIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -362,18 +469,6 @@ export interface AppEngineVersionIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/iap/tunnelDestGroupIamBinding.ts b/sdk/nodejs/iap/tunnelDestGroupIamBinding.ts index 453c426091..141d1980dc 100644 --- a/sdk/nodejs/iap/tunnelDestGroupIamBinding.ts +++ b/sdk/nodejs/iap/tunnelDestGroupIamBinding.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_tunnel\_dest\_group\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.TunnelDestGroupIamPolicy("policy", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.TunnelDestGroupIamPolicy("policy", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_tunnel\_dest\_group\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelDestGroupIamBinding("binding", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelDestGroupIamBinding("binding", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_tunnel\_dest\_group\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelDestGroupIamMember("member", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelDestGroupIamMember("member", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -226,12 +351,8 @@ export class TunnelDestGroupIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -243,6 +364,11 @@ export class TunnelDestGroupIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The region of the tunnel group. Must be the same as the network resources in the group. @@ -316,12 +442,8 @@ export interface TunnelDestGroupIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -333,6 +455,11 @@ export interface TunnelDestGroupIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The region of the tunnel group. Must be the same as the network resources in the group. @@ -359,12 +486,8 @@ export interface TunnelDestGroupIamBindingArgs { */ condition?: pulumi.Input; destGroup: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -376,6 +499,11 @@ export interface TunnelDestGroupIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The region of the tunnel group. Must be the same as the network resources in the group. diff --git a/sdk/nodejs/iap/tunnelDestGroupIamMember.ts b/sdk/nodejs/iap/tunnelDestGroupIamMember.ts index a110619c92..2dd99d4a87 100644 --- a/sdk/nodejs/iap/tunnelDestGroupIamMember.ts +++ b/sdk/nodejs/iap/tunnelDestGroupIamMember.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_tunnel\_dest\_group\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.TunnelDestGroupIamPolicy("policy", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.TunnelDestGroupIamPolicy("policy", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_tunnel\_dest\_group\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelDestGroupIamBinding("binding", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelDestGroupIamBinding("binding", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_tunnel\_dest\_group\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelDestGroupIamMember("member", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelDestGroupIamMember("member", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -226,12 +351,8 @@ export class TunnelDestGroupIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -243,6 +364,11 @@ export class TunnelDestGroupIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The region of the tunnel group. Must be the same as the network resources in the group. @@ -316,12 +442,8 @@ export interface TunnelDestGroupIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -333,6 +455,11 @@ export interface TunnelDestGroupIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The region of the tunnel group. Must be the same as the network resources in the group. @@ -359,12 +486,8 @@ export interface TunnelDestGroupIamMemberArgs { */ condition?: pulumi.Input; destGroup: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -376,6 +499,11 @@ export interface TunnelDestGroupIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The region of the tunnel group. Must be the same as the network resources in the group. diff --git a/sdk/nodejs/iap/tunnelDestGroupIamPolicy.ts b/sdk/nodejs/iap/tunnelDestGroupIamPolicy.ts index cf96828b07..e9810007f3 100644 --- a/sdk/nodejs/iap/tunnelDestGroupIamPolicy.ts +++ b/sdk/nodejs/iap/tunnelDestGroupIamPolicy.ts @@ -146,6 +146,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_tunnel\_dest\_group\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.TunnelDestGroupIamPolicy("policy", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.TunnelDestGroupIamPolicy("policy", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_tunnel\_dest\_group\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelDestGroupIamBinding("binding", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelDestGroupIamBinding("binding", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_tunnel\_dest\_group\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelDestGroupIamMember("member", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelDestGroupIamMember("member", { + * project: destGroup.project, + * region: destGroup.region, + * destGroup: destGroup.groupName, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -227,18 +352,6 @@ export class TunnelDestGroupIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -303,18 +416,6 @@ export interface TunnelDestGroupIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -339,18 +440,6 @@ export interface TunnelDestGroupIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/iap/tunnelIamBinding.ts b/sdk/nodejs/iap/tunnelIamBinding.ts index 5173a1b4e7..1a063b6ea3 100644 --- a/sdk/nodejs/iap/tunnelIamBinding.ts +++ b/sdk/nodejs/iap/tunnelIamBinding.ts @@ -136,6 +136,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_tunnel\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.TunnelIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.TunnelIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_tunnel\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_tunnel\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelIamMember("member", { + * project: projectService.project, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelIamMember("member", { + * project: projectService.project, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -207,12 +320,8 @@ export class TunnelIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -224,6 +333,11 @@ export class TunnelIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -282,12 +396,8 @@ export interface TunnelIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -299,6 +409,11 @@ export interface TunnelIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -317,12 +432,8 @@ export interface TunnelIamBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -334,6 +445,11 @@ export interface TunnelIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/tunnelIamMember.ts b/sdk/nodejs/iap/tunnelIamMember.ts index b28194a39c..163f023873 100644 --- a/sdk/nodejs/iap/tunnelIamMember.ts +++ b/sdk/nodejs/iap/tunnelIamMember.ts @@ -136,6 +136,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_tunnel\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.TunnelIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.TunnelIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_tunnel\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_tunnel\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelIamMember("member", { + * project: projectService.project, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelIamMember("member", { + * project: projectService.project, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -207,12 +320,8 @@ export class TunnelIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -224,6 +333,11 @@ export class TunnelIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -282,12 +396,8 @@ export interface TunnelIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -299,6 +409,11 @@ export interface TunnelIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -317,12 +432,8 @@ export interface TunnelIamMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -334,6 +445,11 @@ export interface TunnelIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/tunnelIamPolicy.ts b/sdk/nodejs/iap/tunnelIamPolicy.ts index 5df6dfd20f..7934a7589d 100644 --- a/sdk/nodejs/iap/tunnelIamPolicy.ts +++ b/sdk/nodejs/iap/tunnelIamPolicy.ts @@ -134,6 +134,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_tunnel\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.TunnelIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.TunnelIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_tunnel\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_tunnel\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelIamMember("member", { + * project: projectService.project, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelIamMember("member", { + * project: projectService.project, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -208,18 +321,6 @@ export class TunnelIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -269,18 +370,6 @@ export interface TunnelIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -297,18 +386,6 @@ export interface TunnelIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/iap/tunnelInstanceIAMBinding.ts b/sdk/nodejs/iap/tunnelInstanceIAMBinding.ts index beeae57655..9697113b88 100644 --- a/sdk/nodejs/iap/tunnelInstanceIAMBinding.ts +++ b/sdk/nodejs/iap/tunnelInstanceIAMBinding.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_tunnel\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.TunnelInstanceIAMPolicy("policy", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.TunnelInstanceIAMPolicy("policy", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_tunnel\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelInstanceIAMBinding("binding", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelInstanceIAMBinding("binding", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_tunnel\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelInstanceIAMMember("member", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelInstanceIAMMember("member", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -229,12 +354,8 @@ export class TunnelInstanceIAMBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly instance!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -246,6 +367,11 @@ export class TunnelInstanceIAMBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -316,12 +442,8 @@ export interface TunnelInstanceIAMBindingState { * Used to find the parent resource to bind the IAM policy to */ instance?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -333,6 +455,11 @@ export interface TunnelInstanceIAMBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -356,12 +483,8 @@ export interface TunnelInstanceIAMBindingArgs { * Used to find the parent resource to bind the IAM policy to */ instance: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -373,6 +496,11 @@ export interface TunnelInstanceIAMBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/tunnelInstanceIAMMember.ts b/sdk/nodejs/iap/tunnelInstanceIAMMember.ts index 1adff22c60..92a106c322 100644 --- a/sdk/nodejs/iap/tunnelInstanceIAMMember.ts +++ b/sdk/nodejs/iap/tunnelInstanceIAMMember.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_tunnel\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.TunnelInstanceIAMPolicy("policy", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.TunnelInstanceIAMPolicy("policy", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_tunnel\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelInstanceIAMBinding("binding", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelInstanceIAMBinding("binding", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_tunnel\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelInstanceIAMMember("member", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelInstanceIAMMember("member", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -229,12 +354,8 @@ export class TunnelInstanceIAMMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly instance!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -246,6 +367,11 @@ export class TunnelInstanceIAMMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -316,12 +442,8 @@ export interface TunnelInstanceIAMMemberState { * Used to find the parent resource to bind the IAM policy to */ instance?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -333,6 +455,11 @@ export interface TunnelInstanceIAMMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -356,12 +483,8 @@ export interface TunnelInstanceIAMMemberArgs { * Used to find the parent resource to bind the IAM policy to */ instance: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -373,6 +496,11 @@ export interface TunnelInstanceIAMMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/tunnelInstanceIAMPolicy.ts b/sdk/nodejs/iap/tunnelInstanceIAMPolicy.ts index 4c4ed36e36..87b226073b 100644 --- a/sdk/nodejs/iap/tunnelInstanceIAMPolicy.ts +++ b/sdk/nodejs/iap/tunnelInstanceIAMPolicy.ts @@ -146,6 +146,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_tunnel\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.TunnelInstanceIAMPolicy("policy", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.TunnelInstanceIAMPolicy("policy", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_tunnel\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelInstanceIAMBinding("binding", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.TunnelInstanceIAMBinding("binding", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * role: "roles/iap.tunnelResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_tunnel\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelInstanceIAMMember("member", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.TunnelInstanceIAMMember("member", { + * project: tunnelvm.project, + * zone: tunnelvm.zone, + * instance: tunnelvm.name, + * role: "roles/iap.tunnelResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -230,18 +355,6 @@ export class TunnelInstanceIAMPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly zone!: pulumi.Output; @@ -303,18 +416,6 @@ export interface TunnelInstanceIAMPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; zone?: pulumi.Input; @@ -336,18 +437,6 @@ export interface TunnelInstanceIAMPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; zone?: pulumi.Input; diff --git a/sdk/nodejs/iap/webBackendServiceIamBinding.ts b/sdk/nodejs/iap/webBackendServiceIamBinding.ts index a6210418bd..8f9e472b12 100644 --- a/sdk/nodejs/iap/webBackendServiceIamBinding.ts +++ b/sdk/nodejs/iap/webBackendServiceIamBinding.ts @@ -142,6 +142,125 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_backend\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebBackendServiceIamPolicy("policy", { + * project: _default.project, + * webBackendService: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebBackendServiceIamPolicy("policy", { + * project: _default.project, + * webBackendService: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_backend\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebBackendServiceIamBinding("binding", { + * project: _default.project, + * webBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebBackendServiceIamBinding("binding", { + * project: _default.project, + * webBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_backend\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebBackendServiceIamMember("member", { + * project: _default.project, + * webBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebBackendServiceIamMember("member", { + * project: _default.project, + * webBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -215,12 +334,8 @@ export class WebBackendServiceIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -232,6 +347,11 @@ export class WebBackendServiceIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -299,12 +419,8 @@ export interface WebBackendServiceIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -316,6 +432,11 @@ export interface WebBackendServiceIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -338,12 +459,8 @@ export interface WebBackendServiceIamBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -355,6 +472,11 @@ export interface WebBackendServiceIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/webBackendServiceIamMember.ts b/sdk/nodejs/iap/webBackendServiceIamMember.ts index ccea440bf9..dd84f6419d 100644 --- a/sdk/nodejs/iap/webBackendServiceIamMember.ts +++ b/sdk/nodejs/iap/webBackendServiceIamMember.ts @@ -142,6 +142,125 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_backend\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebBackendServiceIamPolicy("policy", { + * project: _default.project, + * webBackendService: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebBackendServiceIamPolicy("policy", { + * project: _default.project, + * webBackendService: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_backend\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebBackendServiceIamBinding("binding", { + * project: _default.project, + * webBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebBackendServiceIamBinding("binding", { + * project: _default.project, + * webBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_backend\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebBackendServiceIamMember("member", { + * project: _default.project, + * webBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebBackendServiceIamMember("member", { + * project: _default.project, + * webBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -215,12 +334,8 @@ export class WebBackendServiceIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -232,6 +347,11 @@ export class WebBackendServiceIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -299,12 +419,8 @@ export interface WebBackendServiceIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -316,6 +432,11 @@ export interface WebBackendServiceIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -338,12 +459,8 @@ export interface WebBackendServiceIamMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -355,6 +472,11 @@ export interface WebBackendServiceIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/webBackendServiceIamPolicy.ts b/sdk/nodejs/iap/webBackendServiceIamPolicy.ts index 91de1cd14a..a5caf5690c 100644 --- a/sdk/nodejs/iap/webBackendServiceIamPolicy.ts +++ b/sdk/nodejs/iap/webBackendServiceIamPolicy.ts @@ -140,6 +140,125 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_backend\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebBackendServiceIamPolicy("policy", { + * project: _default.project, + * webBackendService: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebBackendServiceIamPolicy("policy", { + * project: _default.project, + * webBackendService: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_backend\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebBackendServiceIamBinding("binding", { + * project: _default.project, + * webBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebBackendServiceIamBinding("binding", { + * project: _default.project, + * webBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_backend\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebBackendServiceIamMember("member", { + * project: _default.project, + * webBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebBackendServiceIamMember("member", { + * project: _default.project, + * webBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -216,18 +335,6 @@ export class WebBackendServiceIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -286,18 +393,6 @@ export interface WebBackendServiceIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -318,18 +413,6 @@ export interface WebBackendServiceIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/iap/webIamBinding.ts b/sdk/nodejs/iap/webIamBinding.ts index ff4e2f34d6..bc0ca536ee 100644 --- a/sdk/nodejs/iap/webIamBinding.ts +++ b/sdk/nodejs/iap/webIamBinding.ts @@ -136,6 +136,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebIamMember("member", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebIamMember("member", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -207,12 +320,8 @@ export class WebIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -224,6 +333,11 @@ export class WebIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -282,12 +396,8 @@ export interface WebIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -299,6 +409,11 @@ export interface WebIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -317,12 +432,8 @@ export interface WebIamBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -334,6 +445,11 @@ export interface WebIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/webIamMember.ts b/sdk/nodejs/iap/webIamMember.ts index fb8e151336..ce1c6ba154 100644 --- a/sdk/nodejs/iap/webIamMember.ts +++ b/sdk/nodejs/iap/webIamMember.ts @@ -136,6 +136,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebIamMember("member", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebIamMember("member", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -207,12 +320,8 @@ export class WebIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -224,6 +333,11 @@ export class WebIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -282,12 +396,8 @@ export interface WebIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -299,6 +409,11 @@ export interface WebIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -317,12 +432,8 @@ export interface WebIamMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -334,6 +445,11 @@ export interface WebIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/webIamPolicy.ts b/sdk/nodejs/iap/webIamPolicy.ts index f7e0300022..eae2f87114 100644 --- a/sdk/nodejs/iap/webIamPolicy.ts +++ b/sdk/nodejs/iap/webIamPolicy.ts @@ -134,6 +134,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebIamMember("member", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebIamMember("member", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -208,18 +321,6 @@ export class WebIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -269,18 +370,6 @@ export interface WebIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -297,18 +386,6 @@ export interface WebIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/iap/webRegionBackendServiceIamBinding.ts b/sdk/nodejs/iap/webRegionBackendServiceIamBinding.ts index 75584a7569..ad88722edc 100644 --- a/sdk/nodejs/iap/webRegionBackendServiceIamBinding.ts +++ b/sdk/nodejs/iap/webRegionBackendServiceIamBinding.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_region\_backend\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebRegionBackendServiceIamPolicy("policy", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebRegionBackendServiceIamPolicy("policy", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_region\_backend\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebRegionBackendServiceIamBinding("binding", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebRegionBackendServiceIamBinding("binding", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_region\_backend\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebRegionBackendServiceIamMember("member", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebRegionBackendServiceIamMember("member", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -223,12 +348,8 @@ export class WebRegionBackendServiceIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -240,6 +361,11 @@ export class WebRegionBackendServiceIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; /** @@ -310,12 +436,8 @@ export interface WebRegionBackendServiceIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -327,6 +449,11 @@ export interface WebRegionBackendServiceIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** @@ -350,12 +477,8 @@ export interface WebRegionBackendServiceIamBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -367,6 +490,11 @@ export interface WebRegionBackendServiceIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** diff --git a/sdk/nodejs/iap/webRegionBackendServiceIamMember.ts b/sdk/nodejs/iap/webRegionBackendServiceIamMember.ts index 32f8a526a3..e98791e869 100644 --- a/sdk/nodejs/iap/webRegionBackendServiceIamMember.ts +++ b/sdk/nodejs/iap/webRegionBackendServiceIamMember.ts @@ -148,6 +148,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_region\_backend\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebRegionBackendServiceIamPolicy("policy", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebRegionBackendServiceIamPolicy("policy", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_region\_backend\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebRegionBackendServiceIamBinding("binding", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebRegionBackendServiceIamBinding("binding", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_region\_backend\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebRegionBackendServiceIamMember("member", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebRegionBackendServiceIamMember("member", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -223,12 +348,8 @@ export class WebRegionBackendServiceIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -240,6 +361,11 @@ export class WebRegionBackendServiceIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; /** @@ -310,12 +436,8 @@ export interface WebRegionBackendServiceIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -327,6 +449,11 @@ export interface WebRegionBackendServiceIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** @@ -350,12 +477,8 @@ export interface WebRegionBackendServiceIamMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -367,6 +490,11 @@ export interface WebRegionBackendServiceIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; region?: pulumi.Input; /** diff --git a/sdk/nodejs/iap/webRegionBackendServiceIamPolicy.ts b/sdk/nodejs/iap/webRegionBackendServiceIamPolicy.ts index 965c3299d2..cbeb96f9a8 100644 --- a/sdk/nodejs/iap/webRegionBackendServiceIamPolicy.ts +++ b/sdk/nodejs/iap/webRegionBackendServiceIamPolicy.ts @@ -146,6 +146,131 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_region\_backend\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebRegionBackendServiceIamPolicy("policy", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebRegionBackendServiceIamPolicy("policy", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_region\_backend\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebRegionBackendServiceIamBinding("binding", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebRegionBackendServiceIamBinding("binding", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_region\_backend\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebRegionBackendServiceIamMember("member", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebRegionBackendServiceIamMember("member", { + * project: _default.project, + * region: _default.region, + * webRegionBackendService: _default.name, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -224,18 +349,6 @@ export class WebRegionBackendServiceIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly region!: pulumi.Output; @@ -297,18 +410,6 @@ export interface WebRegionBackendServiceIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; region?: pulumi.Input; @@ -330,18 +431,6 @@ export interface WebRegionBackendServiceIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; region?: pulumi.Input; diff --git a/sdk/nodejs/iap/webTypeAppEngingIamBinding.ts b/sdk/nodejs/iap/webTypeAppEngingIamBinding.ts index cafe86a3cb..7eede92190 100644 --- a/sdk/nodejs/iap/webTypeAppEngingIamBinding.ts +++ b/sdk/nodejs/iap/webTypeAppEngingIamBinding.ts @@ -142,6 +142,125 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_type\_app\_engine\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebTypeAppEngingIamPolicy("policy", { + * project: app.project, + * appId: app.appId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebTypeAppEngingIamPolicy("policy", { + * project: app.project, + * appId: app.appId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_type\_app\_engine\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebTypeAppEngingIamBinding("binding", { + * project: app.project, + * appId: app.appId, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebTypeAppEngingIamBinding("binding", { + * project: app.project, + * appId: app.appId, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_type\_app\_engine\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebTypeAppEngingIamMember("member", { + * project: app.project, + * appId: app.appId, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebTypeAppEngingIamMember("member", { + * project: app.project, + * appId: app.appId, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -219,12 +338,8 @@ export class WebTypeAppEngingIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -236,6 +351,11 @@ export class WebTypeAppEngingIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -303,12 +423,8 @@ export interface WebTypeAppEngingIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -320,6 +436,11 @@ export interface WebTypeAppEngingIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -342,12 +463,8 @@ export interface WebTypeAppEngingIamBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -359,6 +476,11 @@ export interface WebTypeAppEngingIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/webTypeAppEngingIamMember.ts b/sdk/nodejs/iap/webTypeAppEngingIamMember.ts index 47e38dd4af..cc833a83f0 100644 --- a/sdk/nodejs/iap/webTypeAppEngingIamMember.ts +++ b/sdk/nodejs/iap/webTypeAppEngingIamMember.ts @@ -142,6 +142,125 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_type\_app\_engine\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebTypeAppEngingIamPolicy("policy", { + * project: app.project, + * appId: app.appId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebTypeAppEngingIamPolicy("policy", { + * project: app.project, + * appId: app.appId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_type\_app\_engine\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebTypeAppEngingIamBinding("binding", { + * project: app.project, + * appId: app.appId, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebTypeAppEngingIamBinding("binding", { + * project: app.project, + * appId: app.appId, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_type\_app\_engine\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebTypeAppEngingIamMember("member", { + * project: app.project, + * appId: app.appId, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebTypeAppEngingIamMember("member", { + * project: app.project, + * appId: app.appId, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -219,12 +338,8 @@ export class WebTypeAppEngingIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -236,6 +351,11 @@ export class WebTypeAppEngingIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -303,12 +423,8 @@ export interface WebTypeAppEngingIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -320,6 +436,11 @@ export interface WebTypeAppEngingIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -342,12 +463,8 @@ export interface WebTypeAppEngingIamMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -359,6 +476,11 @@ export interface WebTypeAppEngingIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/webTypeAppEngingIamPolicy.ts b/sdk/nodejs/iap/webTypeAppEngingIamPolicy.ts index c46490bf38..2ac2c50271 100644 --- a/sdk/nodejs/iap/webTypeAppEngingIamPolicy.ts +++ b/sdk/nodejs/iap/webTypeAppEngingIamPolicy.ts @@ -140,6 +140,125 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_type\_app\_engine\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebTypeAppEngingIamPolicy("policy", { + * project: app.project, + * appId: app.appId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebTypeAppEngingIamPolicy("policy", { + * project: app.project, + * appId: app.appId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_type\_app\_engine\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebTypeAppEngingIamBinding("binding", { + * project: app.project, + * appId: app.appId, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebTypeAppEngingIamBinding("binding", { + * project: app.project, + * appId: app.appId, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_type\_app\_engine\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebTypeAppEngingIamMember("member", { + * project: app.project, + * appId: app.appId, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebTypeAppEngingIamMember("member", { + * project: app.project, + * appId: app.appId, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -220,18 +339,6 @@ export class WebTypeAppEngingIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -290,18 +397,6 @@ export interface WebTypeAppEngingIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -322,18 +417,6 @@ export interface WebTypeAppEngingIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/iap/webTypeComputeIamBinding.ts b/sdk/nodejs/iap/webTypeComputeIamBinding.ts index bc07c9b836..89c0033805 100644 --- a/sdk/nodejs/iap/webTypeComputeIamBinding.ts +++ b/sdk/nodejs/iap/webTypeComputeIamBinding.ts @@ -136,6 +136,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_type\_compute\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebTypeComputeIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebTypeComputeIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_type\_compute\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebTypeComputeIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebTypeComputeIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_type\_compute\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebTypeComputeIamMember("member", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebTypeComputeIamMember("member", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -207,12 +320,8 @@ export class WebTypeComputeIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -224,6 +333,11 @@ export class WebTypeComputeIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -282,12 +396,8 @@ export interface WebTypeComputeIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -299,6 +409,11 @@ export interface WebTypeComputeIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -317,12 +432,8 @@ export interface WebTypeComputeIamBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -334,6 +445,11 @@ export interface WebTypeComputeIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/webTypeComputeIamMember.ts b/sdk/nodejs/iap/webTypeComputeIamMember.ts index 268d34566b..42fd2cae17 100644 --- a/sdk/nodejs/iap/webTypeComputeIamMember.ts +++ b/sdk/nodejs/iap/webTypeComputeIamMember.ts @@ -136,6 +136,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_type\_compute\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebTypeComputeIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebTypeComputeIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_type\_compute\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebTypeComputeIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebTypeComputeIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_type\_compute\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebTypeComputeIamMember("member", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebTypeComputeIamMember("member", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -207,12 +320,8 @@ export class WebTypeComputeIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -224,6 +333,11 @@ export class WebTypeComputeIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -282,12 +396,8 @@ export interface WebTypeComputeIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -299,6 +409,11 @@ export interface WebTypeComputeIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -317,12 +432,8 @@ export interface WebTypeComputeIamMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -334,6 +445,11 @@ export interface WebTypeComputeIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/iap/webTypeComputeIamPolicy.ts b/sdk/nodejs/iap/webTypeComputeIamPolicy.ts index 13e51c04b5..21d6adf4ef 100644 --- a/sdk/nodejs/iap/webTypeComputeIamPolicy.ts +++ b/sdk/nodejs/iap/webTypeComputeIamPolicy.ts @@ -134,6 +134,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_iap\_web\_type\_compute\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.iap.WebTypeComputeIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.iap.WebTypeComputeIamPolicy("policy", { + * project: projectService.project, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_iap\_web\_type\_compute\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebTypeComputeIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.iap.WebTypeComputeIamBinding("binding", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_iap\_web\_type\_compute\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebTypeComputeIamMember("member", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.iap.WebTypeComputeIamMember("member", { + * project: projectService.project, + * role: "roles/iap.httpsResourceAccessor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -208,18 +321,6 @@ export class WebTypeComputeIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -269,18 +370,6 @@ export interface WebTypeComputeIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -297,18 +386,6 @@ export interface WebTypeComputeIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/kms/cryptoKeyIAMBinding.ts b/sdk/nodejs/kms/cryptoKeyIAMBinding.ts index a817b95bfd..def557b8e1 100644 --- a/sdk/nodejs/kms/cryptoKeyIAMBinding.ts +++ b/sdk/nodejs/kms/cryptoKeyIAMBinding.ts @@ -195,8 +195,14 @@ export class CryptoKeyIAMBinding extends pulumi.CustomResource { * `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly cryptoKeyId!: pulumi.Output; + /** + * (Computed) The etag of the project's IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -205,11 +211,6 @@ export class CryptoKeyIAMBinding extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly cryptoKeyId!: pulumi.Output; - /** - * (Computed) The etag of the project's IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly members!: pulumi.Output; /** * The role that should be applied. Note that custom roles must be of the format @@ -271,8 +272,14 @@ export interface CryptoKeyIAMBindingState { * `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + cryptoKeyId?: pulumi.Input; + /** + * (Computed) The etag of the project's IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -281,11 +288,6 @@ export interface CryptoKeyIAMBindingState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - cryptoKeyId?: pulumi.Input; - /** - * (Computed) The etag of the project's IAM policy. - */ - etag?: pulumi.Input; members?: pulumi.Input[]>; /** * The role that should be applied. Note that custom roles must be of the format @@ -308,8 +310,10 @@ export interface CryptoKeyIAMBindingArgs { * `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + cryptoKeyId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -318,7 +322,6 @@ export interface CryptoKeyIAMBindingArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - cryptoKeyId: pulumi.Input; members: pulumi.Input[]>; /** * The role that should be applied. Note that custom roles must be of the format diff --git a/sdk/nodejs/kms/cryptoKeyIAMMember.ts b/sdk/nodejs/kms/cryptoKeyIAMMember.ts index feea3c33e8..9c3603e420 100644 --- a/sdk/nodejs/kms/cryptoKeyIAMMember.ts +++ b/sdk/nodejs/kms/cryptoKeyIAMMember.ts @@ -195,8 +195,14 @@ export class CryptoKeyIAMMember extends pulumi.CustomResource { * `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly cryptoKeyId!: pulumi.Output; + /** + * (Computed) The etag of the project's IAM policy. + */ + public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -205,11 +211,6 @@ export class CryptoKeyIAMMember extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly cryptoKeyId!: pulumi.Output; - /** - * (Computed) The etag of the project's IAM policy. - */ - public /*out*/ readonly etag!: pulumi.Output; public readonly member!: pulumi.Output; /** * The role that should be applied. Note that custom roles must be of the format @@ -271,8 +272,14 @@ export interface CryptoKeyIAMMemberState { * `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + cryptoKeyId?: pulumi.Input; + /** + * (Computed) The etag of the project's IAM policy. + */ + etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -281,11 +288,6 @@ export interface CryptoKeyIAMMemberState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - cryptoKeyId?: pulumi.Input; - /** - * (Computed) The etag of the project's IAM policy. - */ - etag?: pulumi.Input; member?: pulumi.Input; /** * The role that should be applied. Note that custom roles must be of the format @@ -308,8 +310,10 @@ export interface CryptoKeyIAMMemberArgs { * `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + cryptoKeyId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -318,7 +322,6 @@ export interface CryptoKeyIAMMemberArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - cryptoKeyId: pulumi.Input; member: pulumi.Input; /** * The role that should be applied. Note that custom roles must be of the format diff --git a/sdk/nodejs/kms/cryptoKeyIAMPolicy.ts b/sdk/nodejs/kms/cryptoKeyIAMPolicy.ts index c57588394a..caca7c1fd6 100644 --- a/sdk/nodejs/kms/cryptoKeyIAMPolicy.ts +++ b/sdk/nodejs/kms/cryptoKeyIAMPolicy.ts @@ -188,15 +188,6 @@ export class CryptoKeyIAMPolicy extends pulumi.CustomResource { * `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly cryptoKeyId!: pulumi.Output; /** @@ -251,15 +242,6 @@ export interface CryptoKeyIAMPolicyState { * `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ cryptoKeyId?: pulumi.Input; /** @@ -282,15 +264,6 @@ export interface CryptoKeyIAMPolicyArgs { * `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or * `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, * the provider's project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ cryptoKeyId: pulumi.Input; /** diff --git a/sdk/nodejs/kms/keyRingIAMBinding.ts b/sdk/nodejs/kms/keyRingIAMBinding.ts index bf319340cc..1305376041 100644 --- a/sdk/nodejs/kms/keyRingIAMBinding.ts +++ b/sdk/nodejs/kms/keyRingIAMBinding.ts @@ -140,6 +140,129 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_kms\_key\_ring\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyring = new gcp.kms.KeyRing("keyring", { + * name: "keyring-example", + * location: "global", + * }); + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const keyRing = new gcp.kms.KeyRingIAMPolicy("key_ring", { + * keyRingId: keyring.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyring = new gcp.kms.KeyRing("keyring", { + * name: "keyring-example", + * location: "global", + * }); + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const keyRing = new gcp.kms.KeyRingIAMPolicy("key_ring", { + * keyRingId: keyring.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_kms\_key\_ring\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyRing = new gcp.kms.KeyRingIAMBinding("key_ring", { + * keyRingId: "your-key-ring-id", + * role: "roles/cloudkms.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyRing = new gcp.kms.KeyRingIAMBinding("key_ring", { + * keyRingId: "your-key-ring-id", + * role: "roles/cloudkms.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_kms\_key\_ring\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyRing = new gcp.kms.KeyRingIAMMember("key_ring", { + * keyRingId: "your-key-ring-id", + * role: "roles/cloudkms.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyRing = new gcp.kms.KeyRingIAMMember("key_ring", { + * keyRingId: "your-key-ring-id", + * role: "roles/cloudkms.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -208,8 +331,10 @@ export class KeyRingIAMBinding extends pulumi.CustomResource { * `{project_id}/{location_name}/{key_ring_name}` or * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly keyRingId!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -218,7 +343,6 @@ export class KeyRingIAMBinding extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly keyRingId!: pulumi.Output; public readonly members!: pulumi.Output; /** * The role that should be applied. Only one @@ -285,8 +409,10 @@ export interface KeyRingIAMBindingState { * `{project_id}/{location_name}/{key_ring_name}` or * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + keyRingId?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,7 +421,6 @@ export interface KeyRingIAMBindingState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - keyRingId?: pulumi.Input; members?: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -319,8 +444,10 @@ export interface KeyRingIAMBindingArgs { * `{project_id}/{location_name}/{key_ring_name}` or * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + keyRingId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -329,7 +456,6 @@ export interface KeyRingIAMBindingArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - keyRingId: pulumi.Input; members: pulumi.Input[]>; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/kms/keyRingIAMMember.ts b/sdk/nodejs/kms/keyRingIAMMember.ts index c046b6fa80..b9684ae04a 100644 --- a/sdk/nodejs/kms/keyRingIAMMember.ts +++ b/sdk/nodejs/kms/keyRingIAMMember.ts @@ -140,6 +140,129 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_kms\_key\_ring\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyring = new gcp.kms.KeyRing("keyring", { + * name: "keyring-example", + * location: "global", + * }); + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const keyRing = new gcp.kms.KeyRingIAMPolicy("key_ring", { + * keyRingId: keyring.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyring = new gcp.kms.KeyRing("keyring", { + * name: "keyring-example", + * location: "global", + * }); + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const keyRing = new gcp.kms.KeyRingIAMPolicy("key_ring", { + * keyRingId: keyring.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_kms\_key\_ring\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyRing = new gcp.kms.KeyRingIAMBinding("key_ring", { + * keyRingId: "your-key-ring-id", + * role: "roles/cloudkms.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyRing = new gcp.kms.KeyRingIAMBinding("key_ring", { + * keyRingId: "your-key-ring-id", + * role: "roles/cloudkms.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_kms\_key\_ring\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyRing = new gcp.kms.KeyRingIAMMember("key_ring", { + * keyRingId: "your-key-ring-id", + * role: "roles/cloudkms.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyRing = new gcp.kms.KeyRingIAMMember("key_ring", { + * keyRingId: "your-key-ring-id", + * role: "roles/cloudkms.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -208,8 +331,10 @@ export class KeyRingIAMMember extends pulumi.CustomResource { * `{project_id}/{location_name}/{key_ring_name}` or * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly keyRingId!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -218,7 +343,6 @@ export class KeyRingIAMMember extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly keyRingId!: pulumi.Output; public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -285,8 +409,10 @@ export interface KeyRingIAMMemberState { * `{project_id}/{location_name}/{key_ring_name}` or * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + keyRingId?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -295,7 +421,6 @@ export interface KeyRingIAMMemberState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - keyRingId?: pulumi.Input; member?: pulumi.Input; /** * The role that should be applied. Only one @@ -319,8 +444,10 @@ export interface KeyRingIAMMemberArgs { * `{project_id}/{location_name}/{key_ring_name}` or * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + keyRingId: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -329,7 +456,6 @@ export interface KeyRingIAMMemberArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - keyRingId: pulumi.Input; member: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/kms/keyRingIAMPolicy.ts b/sdk/nodejs/kms/keyRingIAMPolicy.ts index 070340c345..b96f630fa2 100644 --- a/sdk/nodejs/kms/keyRingIAMPolicy.ts +++ b/sdk/nodejs/kms/keyRingIAMPolicy.ts @@ -138,6 +138,129 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_kms\_key\_ring\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyring = new gcp.kms.KeyRing("keyring", { + * name: "keyring-example", + * location: "global", + * }); + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const keyRing = new gcp.kms.KeyRingIAMPolicy("key_ring", { + * keyRingId: keyring.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyring = new gcp.kms.KeyRing("keyring", { + * name: "keyring-example", + * location: "global", + * }); + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const keyRing = new gcp.kms.KeyRingIAMPolicy("key_ring", { + * keyRingId: keyring.id, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_kms\_key\_ring\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyRing = new gcp.kms.KeyRingIAMBinding("key_ring", { + * keyRingId: "your-key-ring-id", + * role: "roles/cloudkms.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyRing = new gcp.kms.KeyRingIAMBinding("key_ring", { + * keyRingId: "your-key-ring-id", + * role: "roles/cloudkms.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_kms\_key\_ring\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyRing = new gcp.kms.KeyRingIAMMember("key_ring", { + * keyRingId: "your-key-ring-id", + * role: "roles/cloudkms.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const keyRing = new gcp.kms.KeyRingIAMMember("key_ring", { + * keyRingId: "your-key-ring-id", + * role: "roles/cloudkms.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -201,15 +324,6 @@ export class KeyRingIAMPolicy extends pulumi.CustomResource { * `{project_id}/{location_name}/{key_ring_name}` or * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly keyRingId!: pulumi.Output; /** @@ -264,15 +378,6 @@ export interface KeyRingIAMPolicyState { * `{project_id}/{location_name}/{key_ring_name}` or * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ keyRingId?: pulumi.Input; /** @@ -291,15 +396,6 @@ export interface KeyRingIAMPolicyArgs { * `{project_id}/{location_name}/{key_ring_name}` or * `{location_name}/{key_ring_name}`. In the second form, the provider's * project setting will be used as a fallback. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ keyRingId: pulumi.Input; /** diff --git a/sdk/nodejs/networksecurity/addressGroupIamPolicy.ts b/sdk/nodejs/networksecurity/addressGroupIamPolicy.ts index 0fbdab7a47..28cccd5660 100644 --- a/sdk/nodejs/networksecurity/addressGroupIamPolicy.ts +++ b/sdk/nodejs/networksecurity/addressGroupIamPolicy.ts @@ -106,18 +106,6 @@ export class AddressGroupIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -180,18 +168,6 @@ export interface AddressGroupIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -217,18 +193,6 @@ export interface AddressGroupIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/notebooks/instanceIamBinding.ts b/sdk/nodejs/notebooks/instanceIamBinding.ts index edc97bce79..180bfbe8f1 100644 --- a/sdk/nodejs/notebooks/instanceIamBinding.ts +++ b/sdk/nodejs/notebooks/instanceIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_notebooks\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.notebooks.InstanceIamPolicy("policy", { + * project: instance.project, + * location: instance.location, + * instanceName: instance.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_notebooks\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.notebooks.InstanceIamBinding("binding", { + * project: instance.project, + * location: instance.location, + * instanceName: instance.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_notebooks\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.notebooks.InstanceIamMember("member", { + * project: instance.project, + * location: instance.location, + * instanceName: instance.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -156,12 +212,8 @@ export class InstanceIamBinding extends pulumi.CustomResource { * A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +225,11 @@ export class InstanceIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -242,12 +299,8 @@ export interface InstanceIamBindingState { * A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -259,6 +312,11 @@ export interface InstanceIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -281,12 +339,8 @@ export interface InstanceIamBindingArgs { * A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -298,6 +352,11 @@ export interface InstanceIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/notebooks/instanceIamMember.ts b/sdk/nodejs/notebooks/instanceIamMember.ts index 2d6113e2a9..4d78195044 100644 --- a/sdk/nodejs/notebooks/instanceIamMember.ts +++ b/sdk/nodejs/notebooks/instanceIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_notebooks\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.notebooks.InstanceIamPolicy("policy", { + * project: instance.project, + * location: instance.location, + * instanceName: instance.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_notebooks\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.notebooks.InstanceIamBinding("binding", { + * project: instance.project, + * location: instance.location, + * instanceName: instance.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_notebooks\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.notebooks.InstanceIamMember("member", { + * project: instance.project, + * location: instance.location, + * instanceName: instance.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -156,12 +212,8 @@ export class InstanceIamMember extends pulumi.CustomResource { * A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +225,11 @@ export class InstanceIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -242,12 +299,8 @@ export interface InstanceIamMemberState { * A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -259,6 +312,11 @@ export interface InstanceIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -281,12 +339,8 @@ export interface InstanceIamMemberArgs { * A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -298,6 +352,11 @@ export interface InstanceIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/notebooks/instanceIamPolicy.ts b/sdk/nodejs/notebooks/instanceIamPolicy.ts index 52c3edd0f2..8c88d265ee 100644 --- a/sdk/nodejs/notebooks/instanceIamPolicy.ts +++ b/sdk/nodejs/notebooks/instanceIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_notebooks\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.notebooks.InstanceIamPolicy("policy", { + * project: instance.project, + * location: instance.location, + * instanceName: instance.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_notebooks\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.notebooks.InstanceIamBinding("binding", { + * project: instance.project, + * location: instance.location, + * instanceName: instance.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_notebooks\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.notebooks.InstanceIamMember("member", { + * project: instance.project, + * location: instance.location, + * instanceName: instance.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -161,18 +217,6 @@ export class InstanceIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -237,18 +281,6 @@ export interface InstanceIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -273,18 +305,6 @@ export interface InstanceIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/notebooks/runtimeIamBinding.ts b/sdk/nodejs/notebooks/runtimeIamBinding.ts index 9d30d0f788..2cc45778ba 100644 --- a/sdk/nodejs/notebooks/runtimeIamBinding.ts +++ b/sdk/nodejs/notebooks/runtimeIamBinding.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_notebooks\_runtime\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.notebooks.RuntimeIamPolicy("policy", { + * project: runtime.project, + * location: runtime.location, + * runtimeName: runtime.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_notebooks\_runtime\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.notebooks.RuntimeIamBinding("binding", { + * project: runtime.project, + * location: runtime.location, + * runtimeName: runtime.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_notebooks\_runtime\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.notebooks.RuntimeIamMember("member", { + * project: runtime.project, + * location: runtime.location, + * runtimeName: runtime.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,12 +208,8 @@ export class RuntimeIamBinding extends pulumi.CustomResource { * A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +221,11 @@ export class RuntimeIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -238,12 +295,8 @@ export interface RuntimeIamBindingState { * A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -255,6 +308,11 @@ export interface RuntimeIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -277,12 +335,8 @@ export interface RuntimeIamBindingArgs { * A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -294,6 +348,11 @@ export interface RuntimeIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/notebooks/runtimeIamMember.ts b/sdk/nodejs/notebooks/runtimeIamMember.ts index bd4f0dcfac..eeaf2704e9 100644 --- a/sdk/nodejs/notebooks/runtimeIamMember.ts +++ b/sdk/nodejs/notebooks/runtimeIamMember.ts @@ -77,6 +77,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_notebooks\_runtime\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.notebooks.RuntimeIamPolicy("policy", { + * project: runtime.project, + * location: runtime.location, + * runtimeName: runtime.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_notebooks\_runtime\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.notebooks.RuntimeIamBinding("binding", { + * project: runtime.project, + * location: runtime.location, + * runtimeName: runtime.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_notebooks\_runtime\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.notebooks.RuntimeIamMember("member", { + * project: runtime.project, + * location: runtime.location, + * runtimeName: runtime.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -152,12 +208,8 @@ export class RuntimeIamMember extends pulumi.CustomResource { * A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +221,11 @@ export class RuntimeIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -238,12 +295,8 @@ export interface RuntimeIamMemberState { * A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -255,6 +308,11 @@ export interface RuntimeIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -277,12 +335,8 @@ export interface RuntimeIamMemberArgs { * A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -294,6 +348,11 @@ export interface RuntimeIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/notebooks/runtimeIamPolicy.ts b/sdk/nodejs/notebooks/runtimeIamPolicy.ts index 202e7a4ace..e99a64146e 100644 --- a/sdk/nodejs/notebooks/runtimeIamPolicy.ts +++ b/sdk/nodejs/notebooks/runtimeIamPolicy.ts @@ -75,6 +75,62 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_notebooks\_runtime\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.notebooks.RuntimeIamPolicy("policy", { + * project: runtime.project, + * location: runtime.location, + * runtimeName: runtime.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_notebooks\_runtime\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.notebooks.RuntimeIamBinding("binding", { + * project: runtime.project, + * location: runtime.location, + * runtimeName: runtime.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_notebooks\_runtime\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.notebooks.RuntimeIamMember("member", { + * project: runtime.project, + * location: runtime.location, + * runtimeName: runtime.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -157,18 +213,6 @@ export class RuntimeIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -233,18 +277,6 @@ export interface RuntimeIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -269,18 +301,6 @@ export interface RuntimeIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/organizations/iammember.ts b/sdk/nodejs/organizations/iammember.ts index 39efaae99e..69ca3d3d1b 100644 --- a/sdk/nodejs/organizations/iammember.ts +++ b/sdk/nodejs/organizations/iammember.ts @@ -170,6 +170,158 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_organization\_iam\_policy + * + * !> **Warning:** New organizations have several default policies which will, + * without extreme caution, be **overwritten** by use of this resource. + * The safest alternative is to use multiple `gcp.organizations.IAMBinding` + * resources. This resource makes it easy to remove your own access to + * an organization, which will require a call to Google Support to have + * fixed, and can take multiple days to resolve. + * + * In general, this resource should only be used with organizations + * fully managed by this provider.I f you do use this resource, + * the best way to be sure that you are not making dangerous changes is to start + * by **importing** your existing policy, and examining the diff very closely. + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const organization = new gcp.organizations.IAMPolicy("organization", { + * orgId: "1234567890", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const organization = new gcp.organizations.IAMPolicy("organization", { + * orgId: "1234567890", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_organization\_iam\_binding + * + * > **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization. + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const organization = new gcp.organizations.IAMBinding("organization", { + * orgId: "1234567890", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const organization = new gcp.organizations.IAMBinding("organization", { + * orgId: "1234567890", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_organization\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const organization = new gcp.organizations.IAMMember("organization", { + * orgId: "1234567890", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const organization = new gcp.organizations.IAMMember("organization", { + * orgId: "1234567890", + * role: "roles/editor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_organization\_iam\_audit\_config + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const organization = new gcp.organizations.IamAuditConfig("organization", { + * orgId: "1234567890", + * service: "allServices", + * auditLogConfigs: [ + * { + * logType: "ADMIN_READ", + * }, + * { + * logType: "DATA_READ", + * exemptedMembers: ["user:joebloggs@example.com"], + * }, + * ], + * }); + * ``` + * + * * ## Import * * ### Importing Audit Configs @@ -233,6 +385,14 @@ export class IAMMember extends pulumi.CustomResource { * (Computed) The etag of the organization's IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly member!: pulumi.Output; /** * The organization id of the target organization. @@ -298,6 +458,14 @@ export interface IAMMemberState { * (Computed) The etag of the organization's IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member?: pulumi.Input; /** * The organization id of the target organization. @@ -320,6 +488,14 @@ export interface IAMMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member: pulumi.Input; /** * The organization id of the target organization. diff --git a/sdk/nodejs/organizations/iampolicy.ts b/sdk/nodejs/organizations/iampolicy.ts index bb4b877cd9..a3edad6d82 100644 --- a/sdk/nodejs/organizations/iampolicy.ts +++ b/sdk/nodejs/organizations/iampolicy.ts @@ -168,6 +168,158 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_organization\_iam\_policy + * + * !> **Warning:** New organizations have several default policies which will, + * without extreme caution, be **overwritten** by use of this resource. + * The safest alternative is to use multiple `gcp.organizations.IAMBinding` + * resources. This resource makes it easy to remove your own access to + * an organization, which will require a call to Google Support to have + * fixed, and can take multiple days to resolve. + * + * In general, this resource should only be used with organizations + * fully managed by this provider.I f you do use this resource, + * the best way to be sure that you are not making dangerous changes is to start + * by **importing** your existing policy, and examining the diff very closely. + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const organization = new gcp.organizations.IAMPolicy("organization", { + * orgId: "1234567890", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const organization = new gcp.organizations.IAMPolicy("organization", { + * orgId: "1234567890", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_organization\_iam\_binding + * + * > **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization. + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const organization = new gcp.organizations.IAMBinding("organization", { + * orgId: "1234567890", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const organization = new gcp.organizations.IAMBinding("organization", { + * orgId: "1234567890", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_organization\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const organization = new gcp.organizations.IAMMember("organization", { + * orgId: "1234567890", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const organization = new gcp.organizations.IAMMember("organization", { + * orgId: "1234567890", + * role: "roles/editor", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_organization\_iam\_audit\_config + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const organization = new gcp.organizations.IamAuditConfig("organization", { + * orgId: "1234567890", + * service: "allServices", + * auditLogConfigs: [ + * { + * logType: "ADMIN_READ", + * }, + * { + * logType: "DATA_READ", + * exemptedMembers: ["user:joebloggs@example.com"], + * }, + * ], + * }); + * ``` + * + * * ## Import * * ### Importing Audit Configs diff --git a/sdk/nodejs/projects/iamauditConfig.ts b/sdk/nodejs/projects/iamauditConfig.ts index 644c97ae6e..3f985b0d64 100644 --- a/sdk/nodejs/projects/iamauditConfig.ts +++ b/sdk/nodejs/projects/iamauditConfig.ts @@ -167,6 +167,152 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_project\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your project + * using this resource. Deleting a `gcp.projects.IAMPolicy` removes access + * from anyone without organization-level access to the project. Proceed with caution. + * It's not recommended to use `gcp.projects.IAMPolicy` with your provider project + * to avoid locking yourself out, and it should generally only be used with projects + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const project = new gcp.projects.IAMPolicy("project", { + * project: "your-project-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const project = new gcp.projects.IAMPolicy("project", { + * project: "your-project-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_project\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMBinding("project", { + * project: "your-project-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMBinding("project", { + * project: "your-project-id", + * role: "roles/container.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_project\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMMember("project", { + * project: "your-project-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMMember("project", { + * project: "your-project-id", + * role: "roles/firebase.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_project\_iam\_audit\_config + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMAuditConfig("project", { + * project: "your-project-id", + * service: "allServices", + * auditLogConfigs: [ + * { + * logType: "ADMIN_READ", + * }, + * { + * logType: "DATA_READ", + * exemptedMembers: ["user:joebloggs@example.com"], + * }, + * ], + * }); + * ``` + * + * * ## Import * * ### Importing Audit Configs diff --git a/sdk/nodejs/projects/iambinding.ts b/sdk/nodejs/projects/iambinding.ts index cb1c601ce0..eadfe073d2 100644 --- a/sdk/nodejs/projects/iambinding.ts +++ b/sdk/nodejs/projects/iambinding.ts @@ -167,6 +167,152 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_project\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your project + * using this resource. Deleting a `gcp.projects.IAMPolicy` removes access + * from anyone without organization-level access to the project. Proceed with caution. + * It's not recommended to use `gcp.projects.IAMPolicy` with your provider project + * to avoid locking yourself out, and it should generally only be used with projects + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const project = new gcp.projects.IAMPolicy("project", { + * project: "your-project-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const project = new gcp.projects.IAMPolicy("project", { + * project: "your-project-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_project\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMBinding("project", { + * project: "your-project-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMBinding("project", { + * project: "your-project-id", + * role: "roles/container.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_project\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMMember("project", { + * project: "your-project-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMMember("project", { + * project: "your-project-id", + * role: "roles/firebase.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_project\_iam\_audit\_config + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMAuditConfig("project", { + * project: "your-project-id", + * service: "allServices", + * auditLogConfigs: [ + * { + * logType: "ADMIN_READ", + * }, + * { + * logType: "DATA_READ", + * exemptedMembers: ["user:joebloggs@example.com"], + * }, + * ], + * }); + * ``` + * + * * ## Import * * ### Importing Audit Configs @@ -230,6 +376,14 @@ export class IAMBinding extends pulumi.CustomResource { * (Computed) The etag of the project's IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly members!: pulumi.Output; /** * The project id of the target project. This is not @@ -296,6 +450,14 @@ export interface IAMBindingState { * (Computed) The etag of the project's IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ members?: pulumi.Input[]>; /** * The project id of the target project. This is not @@ -319,6 +481,14 @@ export interface IAMBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ members: pulumi.Input[]>; /** * The project id of the target project. This is not diff --git a/sdk/nodejs/projects/iammember.ts b/sdk/nodejs/projects/iammember.ts index a06f73a3d2..7cbdcd9fc6 100644 --- a/sdk/nodejs/projects/iammember.ts +++ b/sdk/nodejs/projects/iammember.ts @@ -167,6 +167,152 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_project\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your project + * using this resource. Deleting a `gcp.projects.IAMPolicy` removes access + * from anyone without organization-level access to the project. Proceed with caution. + * It's not recommended to use `gcp.projects.IAMPolicy` with your provider project + * to avoid locking yourself out, and it should generally only be used with projects + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const project = new gcp.projects.IAMPolicy("project", { + * project: "your-project-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const project = new gcp.projects.IAMPolicy("project", { + * project: "your-project-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_project\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMBinding("project", { + * project: "your-project-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMBinding("project", { + * project: "your-project-id", + * role: "roles/container.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_project\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMMember("project", { + * project: "your-project-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMMember("project", { + * project: "your-project-id", + * role: "roles/firebase.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_project\_iam\_audit\_config + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMAuditConfig("project", { + * project: "your-project-id", + * service: "allServices", + * auditLogConfigs: [ + * { + * logType: "ADMIN_READ", + * }, + * { + * logType: "DATA_READ", + * exemptedMembers: ["user:joebloggs@example.com"], + * }, + * ], + * }); + * ``` + * + * * ## Import * * ### Importing Audit Configs @@ -230,6 +376,14 @@ export class IAMMember extends pulumi.CustomResource { * (Computed) The etag of the project's IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly member!: pulumi.Output; /** * The project id of the target project. This is not @@ -296,6 +450,14 @@ export interface IAMMemberState { * (Computed) The etag of the project's IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member?: pulumi.Input; /** * The project id of the target project. This is not @@ -319,6 +481,14 @@ export interface IAMMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. google\_project\_iam\_binding expects `members` field while google\_project\_iam\_member expects `member` field. + * Each entry can have one of the following values: + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member: pulumi.Input; /** * The project id of the target project. This is not diff --git a/sdk/nodejs/projects/iampolicy.ts b/sdk/nodejs/projects/iampolicy.ts index f266c92742..f457df68ae 100644 --- a/sdk/nodejs/projects/iampolicy.ts +++ b/sdk/nodejs/projects/iampolicy.ts @@ -165,6 +165,152 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_project\_iam\_policy + * + * !> **Be careful!** You can accidentally lock yourself out of your project + * using this resource. Deleting a `gcp.projects.IAMPolicy` removes access + * from anyone without organization-level access to the project. Proceed with caution. + * It's not recommended to use `gcp.projects.IAMPolicy` with your provider project + * to avoid locking yourself out, and it should generally only be used with projects + * fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + * applying the change. + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const project = new gcp.projects.IAMPolicy("project", { + * project: "your-project-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/compute.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const project = new gcp.projects.IAMPolicy("project", { + * project: "your-project-id", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_project\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMBinding("project", { + * project: "your-project-id", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMBinding("project", { + * project: "your-project-id", + * role: "roles/container.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_project\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMMember("project", { + * project: "your-project-id", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMMember("project", { + * project: "your-project-id", + * role: "roles/firebase.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ## google\_project\_iam\_audit\_config + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const project = new gcp.projects.IAMAuditConfig("project", { + * project: "your-project-id", + * service: "allServices", + * auditLogConfigs: [ + * { + * logType: "ADMIN_READ", + * }, + * { + * logType: "DATA_READ", + * exemptedMembers: ["user:joebloggs@example.com"], + * }, + * ], + * }); + * ``` + * + * * ## Import * * ### Importing Audit Configs diff --git a/sdk/nodejs/pubsub/schemaIamBinding.ts b/sdk/nodejs/pubsub/schemaIamBinding.ts index db58cd35f0..0526aaf3dc 100644 --- a/sdk/nodejs/pubsub/schemaIamBinding.ts +++ b/sdk/nodejs/pubsub/schemaIamBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_pubsub\_schema\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.pubsub.SchemaIamPolicy("policy", { + * project: example.project, + * schema: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_pubsub\_schema\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.pubsub.SchemaIamBinding("binding", { + * project: example.project, + * schema: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_pubsub\_schema\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.pubsub.SchemaIamMember("member", { + * project: example.project, + * schema: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,12 +196,8 @@ export class SchemaIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +209,11 @@ export class SchemaIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -223,12 +277,8 @@ export interface SchemaIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -240,6 +290,11 @@ export interface SchemaIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -258,12 +313,8 @@ export interface SchemaIamBindingState { */ export interface SchemaIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -275,6 +326,11 @@ export interface SchemaIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/pubsub/schemaIamMember.ts b/sdk/nodejs/pubsub/schemaIamMember.ts index 7febdee031..293ff908f1 100644 --- a/sdk/nodejs/pubsub/schemaIamMember.ts +++ b/sdk/nodejs/pubsub/schemaIamMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_pubsub\_schema\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.pubsub.SchemaIamPolicy("policy", { + * project: example.project, + * schema: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_pubsub\_schema\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.pubsub.SchemaIamBinding("binding", { + * project: example.project, + * schema: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_pubsub\_schema\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.pubsub.SchemaIamMember("member", { + * project: example.project, + * schema: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,12 +196,8 @@ export class SchemaIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +209,11 @@ export class SchemaIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -223,12 +277,8 @@ export interface SchemaIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -240,6 +290,11 @@ export interface SchemaIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -258,12 +313,8 @@ export interface SchemaIamMemberState { */ export interface SchemaIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -275,6 +326,11 @@ export interface SchemaIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/pubsub/schemaIamPolicy.ts b/sdk/nodejs/pubsub/schemaIamPolicy.ts index f7f9def0cf..80b8e736d7 100644 --- a/sdk/nodejs/pubsub/schemaIamPolicy.ts +++ b/sdk/nodejs/pubsub/schemaIamPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_pubsub\_schema\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.pubsub.SchemaIamPolicy("policy", { + * project: example.project, + * schema: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_pubsub\_schema\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.pubsub.SchemaIamBinding("binding", { + * project: example.project, + * schema: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_pubsub\_schema\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.pubsub.SchemaIamMember("member", { + * project: example.project, + * schema: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -148,18 +201,6 @@ export class SchemaIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -218,18 +259,6 @@ export interface SchemaIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -250,18 +279,6 @@ export interface SchemaIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/pubsub/subscriptionIAMBinding.ts b/sdk/nodejs/pubsub/subscriptionIAMBinding.ts index f3fd371eb8..9c30d5c8c5 100644 --- a/sdk/nodejs/pubsub/subscriptionIAMBinding.ts +++ b/sdk/nodejs/pubsub/subscriptionIAMBinding.ts @@ -67,6 +67,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_pubsub\_subscription\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.pubsub.SubscriptionIAMPolicy("editor", { + * subscription: "your-subscription-name", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_pubsub\_subscription\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.pubsub.SubscriptionIAMBinding("editor", { + * subscription: "your-subscription-name", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_pubsub\_subscription\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.pubsub.SubscriptionIAMMember("editor", { + * subscription: "your-subscription-name", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -126,6 +176,16 @@ export class SubscriptionIAMBinding extends pulumi.CustomResource { * (Computed) The etag of the subscription's IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly members!: pulumi.Output; /** * The project in which the resource belongs. If it @@ -140,15 +200,6 @@ export class SubscriptionIAMBinding extends pulumi.CustomResource { public readonly role!: pulumi.Output; /** * The subscription name or id to bind to attach IAM policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly subscription!: pulumi.Output; @@ -203,6 +254,16 @@ export interface SubscriptionIAMBindingState { * (Computed) The etag of the subscription's IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ members?: pulumi.Input[]>; /** * The project in which the resource belongs. If it @@ -217,15 +278,6 @@ export interface SubscriptionIAMBindingState { role?: pulumi.Input; /** * The subscription name or id to bind to attach IAM policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ subscription?: pulumi.Input; } @@ -235,6 +287,16 @@ export interface SubscriptionIAMBindingState { */ export interface SubscriptionIAMBindingArgs { condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ members: pulumi.Input[]>; /** * The project in which the resource belongs. If it @@ -249,15 +311,6 @@ export interface SubscriptionIAMBindingArgs { role: pulumi.Input; /** * The subscription name or id to bind to attach IAM policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ subscription: pulumi.Input; } diff --git a/sdk/nodejs/pubsub/subscriptionIAMMember.ts b/sdk/nodejs/pubsub/subscriptionIAMMember.ts index 1f0e1098a9..d88d73cb93 100644 --- a/sdk/nodejs/pubsub/subscriptionIAMMember.ts +++ b/sdk/nodejs/pubsub/subscriptionIAMMember.ts @@ -67,6 +67,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_pubsub\_subscription\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.pubsub.SubscriptionIAMPolicy("editor", { + * subscription: "your-subscription-name", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_pubsub\_subscription\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.pubsub.SubscriptionIAMBinding("editor", { + * subscription: "your-subscription-name", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_pubsub\_subscription\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.pubsub.SubscriptionIAMMember("editor", { + * subscription: "your-subscription-name", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -126,6 +176,16 @@ export class SubscriptionIAMMember extends pulumi.CustomResource { * (Computed) The etag of the subscription's IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly member!: pulumi.Output; /** * The project in which the resource belongs. If it @@ -140,15 +200,6 @@ export class SubscriptionIAMMember extends pulumi.CustomResource { public readonly role!: pulumi.Output; /** * The subscription name or id to bind to attach IAM policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly subscription!: pulumi.Output; @@ -203,6 +254,16 @@ export interface SubscriptionIAMMemberState { * (Computed) The etag of the subscription's IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member?: pulumi.Input; /** * The project in which the resource belongs. If it @@ -217,15 +278,6 @@ export interface SubscriptionIAMMemberState { role?: pulumi.Input; /** * The subscription name or id to bind to attach IAM policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ subscription?: pulumi.Input; } @@ -235,6 +287,16 @@ export interface SubscriptionIAMMemberState { */ export interface SubscriptionIAMMemberArgs { condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member: pulumi.Input; /** * The project in which the resource belongs. If it @@ -249,15 +311,6 @@ export interface SubscriptionIAMMemberArgs { role: pulumi.Input; /** * The subscription name or id to bind to attach IAM policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ subscription: pulumi.Input; } diff --git a/sdk/nodejs/pubsub/subscriptionIAMPolicy.ts b/sdk/nodejs/pubsub/subscriptionIAMPolicy.ts index bb3d62b669..b0d1547a41 100644 --- a/sdk/nodejs/pubsub/subscriptionIAMPolicy.ts +++ b/sdk/nodejs/pubsub/subscriptionIAMPolicy.ts @@ -65,6 +65,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_pubsub\_subscription\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const editor = new gcp.pubsub.SubscriptionIAMPolicy("editor", { + * subscription: "your-subscription-name", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_pubsub\_subscription\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.pubsub.SubscriptionIAMBinding("editor", { + * subscription: "your-subscription-name", + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_pubsub\_subscription\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const editor = new gcp.pubsub.SubscriptionIAMMember("editor", { + * subscription: "your-subscription-name", + * role: "roles/editor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -137,15 +187,6 @@ export class SubscriptionIAMPolicy extends pulumi.CustomResource { public readonly project!: pulumi.Output; /** * The subscription name or id to bind to attach IAM policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly subscription!: pulumi.Output; @@ -206,15 +247,6 @@ export interface SubscriptionIAMPolicyState { project?: pulumi.Input; /** * The subscription name or id to bind to attach IAM policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ subscription?: pulumi.Input; } @@ -237,15 +269,6 @@ export interface SubscriptionIAMPolicyArgs { project?: pulumi.Input; /** * The subscription name or id to bind to attach IAM policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ subscription: pulumi.Input; } diff --git a/sdk/nodejs/pubsub/topicIAMBinding.ts b/sdk/nodejs/pubsub/topicIAMBinding.ts index 56e1626d2e..92901c1eca 100644 --- a/sdk/nodejs/pubsub/topicIAMBinding.ts +++ b/sdk/nodejs/pubsub/topicIAMBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_pubsub\_topic\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.pubsub.TopicIAMPolicy("policy", { + * project: example.project, + * topic: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_pubsub\_topic\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.pubsub.TopicIAMBinding("binding", { + * project: example.project, + * topic: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_pubsub\_topic\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.pubsub.TopicIAMMember("member", { + * project: example.project, + * topic: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,12 +196,8 @@ export class TopicIAMBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +209,11 @@ export class TopicIAMBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -223,12 +277,8 @@ export interface TopicIAMBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -240,6 +290,11 @@ export interface TopicIAMBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -258,12 +313,8 @@ export interface TopicIAMBindingState { */ export interface TopicIAMBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -275,6 +326,11 @@ export interface TopicIAMBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/pubsub/topicIAMMember.ts b/sdk/nodejs/pubsub/topicIAMMember.ts index 27624ac887..0fd82c9284 100644 --- a/sdk/nodejs/pubsub/topicIAMMember.ts +++ b/sdk/nodejs/pubsub/topicIAMMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_pubsub\_topic\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.pubsub.TopicIAMPolicy("policy", { + * project: example.project, + * topic: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_pubsub\_topic\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.pubsub.TopicIAMBinding("binding", { + * project: example.project, + * topic: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_pubsub\_topic\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.pubsub.TopicIAMMember("member", { + * project: example.project, + * topic: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,12 +196,8 @@ export class TopicIAMMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +209,11 @@ export class TopicIAMMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -223,12 +277,8 @@ export interface TopicIAMMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -240,6 +290,11 @@ export interface TopicIAMMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -258,12 +313,8 @@ export interface TopicIAMMemberState { */ export interface TopicIAMMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -275,6 +326,11 @@ export interface TopicIAMMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/pubsub/topicIAMPolicy.ts b/sdk/nodejs/pubsub/topicIAMPolicy.ts index 00eb9f9480..7fdee773dc 100644 --- a/sdk/nodejs/pubsub/topicIAMPolicy.ts +++ b/sdk/nodejs/pubsub/topicIAMPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_pubsub\_topic\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.pubsub.TopicIAMPolicy("policy", { + * project: example.project, + * topic: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_pubsub\_topic\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.pubsub.TopicIAMBinding("binding", { + * project: example.project, + * topic: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_pubsub\_topic\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.pubsub.TopicIAMMember("member", { + * project: example.project, + * topic: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -148,18 +201,6 @@ export class TopicIAMPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -218,18 +259,6 @@ export interface TopicIAMPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -250,18 +279,6 @@ export interface TopicIAMPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/runtimeconfig/configIamBinding.ts b/sdk/nodejs/runtimeconfig/configIamBinding.ts index 2e787db8dc..607537f308 100644 --- a/sdk/nodejs/runtimeconfig/configIamBinding.ts +++ b/sdk/nodejs/runtimeconfig/configIamBinding.ts @@ -80,12 +80,8 @@ export class ConfigIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -97,6 +93,11 @@ export class ConfigIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -160,12 +161,8 @@ export interface ConfigIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +174,11 @@ export interface ConfigIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -195,12 +197,8 @@ export interface ConfigIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ config: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -212,6 +210,11 @@ export interface ConfigIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/runtimeconfig/configIamMember.ts b/sdk/nodejs/runtimeconfig/configIamMember.ts index 6760fe2137..8ee7cf2d18 100644 --- a/sdk/nodejs/runtimeconfig/configIamMember.ts +++ b/sdk/nodejs/runtimeconfig/configIamMember.ts @@ -80,12 +80,8 @@ export class ConfigIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -97,6 +93,11 @@ export class ConfigIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -160,12 +161,8 @@ export interface ConfigIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +174,11 @@ export interface ConfigIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -195,12 +197,8 @@ export interface ConfigIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ config: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -212,6 +210,11 @@ export interface ConfigIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/runtimeconfig/configIamPolicy.ts b/sdk/nodejs/runtimeconfig/configIamPolicy.ts index 8c0b503293..a1b700f72a 100644 --- a/sdk/nodejs/runtimeconfig/configIamPolicy.ts +++ b/sdk/nodejs/runtimeconfig/configIamPolicy.ts @@ -85,18 +85,6 @@ export class ConfigIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; @@ -155,18 +143,6 @@ export interface ConfigIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } @@ -187,18 +163,6 @@ export interface ConfigIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; } diff --git a/sdk/nodejs/secretmanager/secretIamBinding.ts b/sdk/nodejs/secretmanager/secretIamBinding.ts index 947c24c751..7e184430df 100644 --- a/sdk/nodejs/secretmanager/secretIamBinding.ts +++ b/sdk/nodejs/secretmanager/secretIamBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_secret\_manager\_secret\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/secretmanager.secretAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.secretmanager.SecretIamPolicy("policy", { + * project: secret_basic.project, + * secretId: secret_basic.secretId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_secret\_manager\_secret\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.secretmanager.SecretIamBinding("binding", { + * project: secret_basic.project, + * secretId: secret_basic.secretId, + * role: "roles/secretmanager.secretAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_secret\_manager\_secret\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.secretmanager.SecretIamMember("member", { + * project: secret_basic.project, + * secretId: secret_basic.secretId, + * role: "roles/secretmanager.secretAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,12 +196,8 @@ export class SecretIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +209,11 @@ export class SecretIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -220,12 +274,8 @@ export interface SecretIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -237,6 +287,11 @@ export interface SecretIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -252,12 +307,8 @@ export interface SecretIamBindingState { */ export interface SecretIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -269,6 +320,11 @@ export interface SecretIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/secretmanager/secretIamMember.ts b/sdk/nodejs/secretmanager/secretIamMember.ts index 6a77a295fe..54cc15499a 100644 --- a/sdk/nodejs/secretmanager/secretIamMember.ts +++ b/sdk/nodejs/secretmanager/secretIamMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_secret\_manager\_secret\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/secretmanager.secretAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.secretmanager.SecretIamPolicy("policy", { + * project: secret_basic.project, + * secretId: secret_basic.secretId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_secret\_manager\_secret\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.secretmanager.SecretIamBinding("binding", { + * project: secret_basic.project, + * secretId: secret_basic.secretId, + * role: "roles/secretmanager.secretAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_secret\_manager\_secret\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.secretmanager.SecretIamMember("member", { + * project: secret_basic.project, + * secretId: secret_basic.secretId, + * role: "roles/secretmanager.secretAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,12 +196,8 @@ export class SecretIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +209,11 @@ export class SecretIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -220,12 +274,8 @@ export interface SecretIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -237,6 +287,11 @@ export interface SecretIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -252,12 +307,8 @@ export interface SecretIamMemberState { */ export interface SecretIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -269,6 +320,11 @@ export interface SecretIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/secretmanager/secretIamPolicy.ts b/sdk/nodejs/secretmanager/secretIamPolicy.ts index 23259fad3b..becd255c29 100644 --- a/sdk/nodejs/secretmanager/secretIamPolicy.ts +++ b/sdk/nodejs/secretmanager/secretIamPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_secret\_manager\_secret\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/secretmanager.secretAccessor", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.secretmanager.SecretIamPolicy("policy", { + * project: secret_basic.project, + * secretId: secret_basic.secretId, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_secret\_manager\_secret\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.secretmanager.SecretIamBinding("binding", { + * project: secret_basic.project, + * secretId: secret_basic.secretId, + * role: "roles/secretmanager.secretAccessor", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_secret\_manager\_secret\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.secretmanager.SecretIamMember("member", { + * project: secret_basic.project, + * secretId: secret_basic.secretId, + * role: "roles/secretmanager.secretAccessor", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -148,18 +201,6 @@ export class SecretIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly secretId!: pulumi.Output; @@ -215,18 +256,6 @@ export interface SecretIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; secretId?: pulumi.Input; @@ -244,18 +273,6 @@ export interface SecretIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; secretId: pulumi.Input; diff --git a/sdk/nodejs/serviceaccount/iambinding.ts b/sdk/nodejs/serviceaccount/iambinding.ts index f841e1c8d1..18b1f2da1a 100644 --- a/sdk/nodejs/serviceaccount/iambinding.ts +++ b/sdk/nodejs/serviceaccount/iambinding.ts @@ -138,6 +138,125 @@ import * as utilities from "../utilities"; * ``` * * + * ### Additional Examples + * + * ### Service Account IAM Policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iam.serviceAccountUser", + * members: ["user:jane@example.com"], + * }], + * }); + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that only Jane can interact with", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMPolicy("admin-account-iam", { + * serviceAccountId: sa.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ### Service Account IAM Binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that only Jane can use", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMBinding("admin-account-iam", { + * serviceAccountId: sa.name, + * role: "roles/iam.serviceAccountUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ### Service Account IAM Binding With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that only Jane can use", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMBinding("admin-account-iam", { + * serviceAccountId: sa.name, + * role: "roles/iam.serviceAccountUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ### Service Account IAM Member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const default = gcp.compute.getDefaultServiceAccount({}); + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that Jane can use", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMMember("admin-account-iam", { + * serviceAccountId: sa.name, + * role: "roles/iam.serviceAccountUser", + * member: "user:jane@example.com", + * }); + * // Allow SA service account use the default GCE account + * const gce_default_account_iam = new gcp.serviceaccount.IAMMember("gce-default-account-iam", { + * serviceAccountId: _default.then(_default => _default.name), + * role: "roles/iam.serviceAccountUser", + * member: pulumi.interpolate`serviceAccount:${sa.email}`, + * }); + * ``` + * + * + * ### Service Account IAM Member With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that Jane can use", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMMember("admin-account-iam", { + * serviceAccountId: sa.name, + * role: "roles/iam.serviceAccountUser", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * ### Importing with conditions: @@ -189,6 +308,16 @@ export class IAMBinding extends pulumi.CustomResource { * (Computed) The etag of the service account IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly members!: pulumi.Output; /** * The role that should be applied. Only one @@ -198,15 +327,6 @@ export class IAMBinding extends pulumi.CustomResource { public readonly role!: pulumi.Output; /** * The fully-qualified name of the service account to apply policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly serviceAccountId!: pulumi.Output; @@ -265,6 +385,16 @@ export interface IAMBindingState { * (Computed) The etag of the service account IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ members?: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -274,15 +404,6 @@ export interface IAMBindingState { role?: pulumi.Input; /** * The fully-qualified name of the service account to apply policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ serviceAccountId?: pulumi.Input; } @@ -296,6 +417,16 @@ export interface IAMBindingArgs { * Structure is documented below. */ condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ members: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -305,15 +436,6 @@ export interface IAMBindingArgs { role: pulumi.Input; /** * The fully-qualified name of the service account to apply policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ serviceAccountId: pulumi.Input; } diff --git a/sdk/nodejs/serviceaccount/iammember.ts b/sdk/nodejs/serviceaccount/iammember.ts index a072cfcf74..0f50b07ea2 100644 --- a/sdk/nodejs/serviceaccount/iammember.ts +++ b/sdk/nodejs/serviceaccount/iammember.ts @@ -138,6 +138,125 @@ import * as utilities from "../utilities"; * ``` * * + * ### Additional Examples + * + * ### Service Account IAM Policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iam.serviceAccountUser", + * members: ["user:jane@example.com"], + * }], + * }); + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that only Jane can interact with", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMPolicy("admin-account-iam", { + * serviceAccountId: sa.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ### Service Account IAM Binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that only Jane can use", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMBinding("admin-account-iam", { + * serviceAccountId: sa.name, + * role: "roles/iam.serviceAccountUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ### Service Account IAM Binding With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that only Jane can use", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMBinding("admin-account-iam", { + * serviceAccountId: sa.name, + * role: "roles/iam.serviceAccountUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ### Service Account IAM Member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const default = gcp.compute.getDefaultServiceAccount({}); + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that Jane can use", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMMember("admin-account-iam", { + * serviceAccountId: sa.name, + * role: "roles/iam.serviceAccountUser", + * member: "user:jane@example.com", + * }); + * // Allow SA service account use the default GCE account + * const gce_default_account_iam = new gcp.serviceaccount.IAMMember("gce-default-account-iam", { + * serviceAccountId: _default.then(_default => _default.name), + * role: "roles/iam.serviceAccountUser", + * member: pulumi.interpolate`serviceAccount:${sa.email}`, + * }); + * ``` + * + * + * ### Service Account IAM Member With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that Jane can use", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMMember("admin-account-iam", { + * serviceAccountId: sa.name, + * role: "roles/iam.serviceAccountUser", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * ### Importing with conditions: @@ -189,6 +308,16 @@ export class IAMMember extends pulumi.CustomResource { * (Computed) The etag of the service account IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -198,15 +327,6 @@ export class IAMMember extends pulumi.CustomResource { public readonly role!: pulumi.Output; /** * The fully-qualified name of the service account to apply policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly serviceAccountId!: pulumi.Output; @@ -265,6 +385,16 @@ export interface IAMMemberState { * (Computed) The etag of the service account IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member?: pulumi.Input; /** * The role that should be applied. Only one @@ -274,15 +404,6 @@ export interface IAMMemberState { role?: pulumi.Input; /** * The fully-qualified name of the service account to apply policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ serviceAccountId?: pulumi.Input; } @@ -296,6 +417,16 @@ export interface IAMMemberArgs { * Structure is documented below. */ condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + */ member: pulumi.Input; /** * The role that should be applied. Only one @@ -305,15 +436,6 @@ export interface IAMMemberArgs { role: pulumi.Input; /** * The fully-qualified name of the service account to apply policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ serviceAccountId: pulumi.Input; } diff --git a/sdk/nodejs/serviceaccount/iampolicy.ts b/sdk/nodejs/serviceaccount/iampolicy.ts index cc29f2f0b1..2cb020e146 100644 --- a/sdk/nodejs/serviceaccount/iampolicy.ts +++ b/sdk/nodejs/serviceaccount/iampolicy.ts @@ -136,6 +136,125 @@ import * as utilities from "../utilities"; * ``` * * + * ### Additional Examples + * + * ### Service Account IAM Policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/iam.serviceAccountUser", + * members: ["user:jane@example.com"], + * }], + * }); + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that only Jane can interact with", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMPolicy("admin-account-iam", { + * serviceAccountId: sa.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ### Service Account IAM Binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that only Jane can use", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMBinding("admin-account-iam", { + * serviceAccountId: sa.name, + * role: "roles/iam.serviceAccountUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ### Service Account IAM Binding With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that only Jane can use", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMBinding("admin-account-iam", { + * serviceAccountId: sa.name, + * role: "roles/iam.serviceAccountUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * + * ### Service Account IAM Member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const default = gcp.compute.getDefaultServiceAccount({}); + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that Jane can use", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMMember("admin-account-iam", { + * serviceAccountId: sa.name, + * role: "roles/iam.serviceAccountUser", + * member: "user:jane@example.com", + * }); + * // Allow SA service account use the default GCE account + * const gce_default_account_iam = new gcp.serviceaccount.IAMMember("gce-default-account-iam", { + * serviceAccountId: _default.then(_default => _default.name), + * role: "roles/iam.serviceAccountUser", + * member: pulumi.interpolate`serviceAccount:${sa.email}`, + * }); + * ``` + * + * + * ### Service Account IAM Member With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const sa = new gcp.serviceaccount.Account("sa", { + * accountId: "my-service-account", + * displayName: "A service account that Jane can use", + * }); + * const admin_account_iam = new gcp.serviceaccount.IAMMember("admin-account-iam", { + * serviceAccountId: sa.name, + * role: "roles/iam.serviceAccountUser", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * ### Importing with conditions: @@ -189,15 +308,6 @@ export class IAMPolicy extends pulumi.CustomResource { public readonly policyData!: pulumi.Output; /** * The fully-qualified name of the service account to apply policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly serviceAccountId!: pulumi.Output; @@ -251,15 +361,6 @@ export interface IAMPolicyState { policyData?: pulumi.Input; /** * The fully-qualified name of the service account to apply policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ serviceAccountId?: pulumi.Input; } @@ -275,15 +376,6 @@ export interface IAMPolicyArgs { policyData: pulumi.Input; /** * The fully-qualified name of the service account to apply policy to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ serviceAccountId: pulumi.Input; } diff --git a/sdk/nodejs/servicedirectory/namespaceIamBinding.ts b/sdk/nodejs/servicedirectory/namespaceIamBinding.ts index 4e9d665585..6e60b02e13 100644 --- a/sdk/nodejs/servicedirectory/namespaceIamBinding.ts +++ b/sdk/nodejs/servicedirectory/namespaceIamBinding.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_service\_directory\_namespace\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.servicedirectory.NamespaceIamPolicy("policy", { + * name: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_service\_directory\_namespace\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.servicedirectory.NamespaceIamBinding("binding", { + * name: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_service\_directory\_namespace\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.servicedirectory.NamespaceIamMember("member", { + * name: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -140,11 +190,8 @@ export class NamespaceIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,6 +203,10 @@ export class NamespaceIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ public readonly name!: pulumi.Output; /** * The role that should be applied. Only one @@ -210,11 +261,8 @@ export interface NamespaceIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -226,6 +274,10 @@ export interface NamespaceIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ name?: pulumi.Input; /** * The role that should be applied. Only one @@ -240,11 +292,8 @@ export interface NamespaceIamBindingState { */ export interface NamespaceIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,10 @@ export interface NamespaceIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ name?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/servicedirectory/namespaceIamMember.ts b/sdk/nodejs/servicedirectory/namespaceIamMember.ts index 6f8ca34647..0fdca441ba 100644 --- a/sdk/nodejs/servicedirectory/namespaceIamMember.ts +++ b/sdk/nodejs/servicedirectory/namespaceIamMember.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_service\_directory\_namespace\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.servicedirectory.NamespaceIamPolicy("policy", { + * name: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_service\_directory\_namespace\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.servicedirectory.NamespaceIamBinding("binding", { + * name: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_service\_directory\_namespace\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.servicedirectory.NamespaceIamMember("member", { + * name: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -140,11 +190,8 @@ export class NamespaceIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,6 +203,10 @@ export class NamespaceIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ public readonly name!: pulumi.Output; /** * The role that should be applied. Only one @@ -210,11 +261,8 @@ export interface NamespaceIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -226,6 +274,10 @@ export interface NamespaceIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ name?: pulumi.Input; /** * The role that should be applied. Only one @@ -240,11 +292,8 @@ export interface NamespaceIamMemberState { */ export interface NamespaceIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,10 @@ export interface NamespaceIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ name?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/servicedirectory/namespaceIamPolicy.ts b/sdk/nodejs/servicedirectory/namespaceIamPolicy.ts index 33e0760cc0..05a7fdc1d6 100644 --- a/sdk/nodejs/servicedirectory/namespaceIamPolicy.ts +++ b/sdk/nodejs/servicedirectory/namespaceIamPolicy.ts @@ -69,6 +69,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_service\_directory\_namespace\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.servicedirectory.NamespaceIamPolicy("policy", { + * name: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_service\_directory\_namespace\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.servicedirectory.NamespaceIamBinding("binding", { + * name: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_service\_directory\_namespace\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.servicedirectory.NamespaceIamMember("member", { + * name: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -139,18 +189,6 @@ export class NamespaceIamPolicy extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly name!: pulumi.Output; /** @@ -199,18 +237,6 @@ export interface NamespaceIamPolicyState { etag?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ name?: pulumi.Input; /** @@ -226,18 +252,6 @@ export interface NamespaceIamPolicyState { export interface NamespaceIamPolicyArgs { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ name?: pulumi.Input; /** diff --git a/sdk/nodejs/servicedirectory/serviceIamBinding.ts b/sdk/nodejs/servicedirectory/serviceIamBinding.ts index 72fc5128aa..f9476b49f2 100644 --- a/sdk/nodejs/servicedirectory/serviceIamBinding.ts +++ b/sdk/nodejs/servicedirectory/serviceIamBinding.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_service\_directory\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.servicedirectory.ServiceIamPolicy("policy", { + * name: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_service\_directory\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.servicedirectory.ServiceIamBinding("binding", { + * name: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_service\_directory\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.servicedirectory.ServiceIamMember("member", { + * name: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -140,11 +190,8 @@ export class ServiceIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,6 +203,10 @@ export class ServiceIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ public readonly name!: pulumi.Output; /** * The role that should be applied. Only one @@ -210,11 +261,8 @@ export interface ServiceIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -226,6 +274,10 @@ export interface ServiceIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ name?: pulumi.Input; /** * The role that should be applied. Only one @@ -240,11 +292,8 @@ export interface ServiceIamBindingState { */ export interface ServiceIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,10 @@ export interface ServiceIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * Used to find the parent resource to bind the IAM policy to + */ name?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/servicedirectory/serviceIamMember.ts b/sdk/nodejs/servicedirectory/serviceIamMember.ts index 1849cad9e0..81a0a55875 100644 --- a/sdk/nodejs/servicedirectory/serviceIamMember.ts +++ b/sdk/nodejs/servicedirectory/serviceIamMember.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_service\_directory\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.servicedirectory.ServiceIamPolicy("policy", { + * name: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_service\_directory\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.servicedirectory.ServiceIamBinding("binding", { + * name: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_service\_directory\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.servicedirectory.ServiceIamMember("member", { + * name: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -140,11 +190,8 @@ export class ServiceIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,6 +203,10 @@ export class ServiceIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ public readonly name!: pulumi.Output; /** * The role that should be applied. Only one @@ -210,11 +261,8 @@ export interface ServiceIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -226,6 +274,10 @@ export interface ServiceIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ name?: pulumi.Input; /** * The role that should be applied. Only one @@ -240,11 +292,8 @@ export interface ServiceIamMemberState { */ export interface ServiceIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -256,6 +305,10 @@ export interface ServiceIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ name?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/servicedirectory/serviceIamPolicy.ts b/sdk/nodejs/servicedirectory/serviceIamPolicy.ts index bb0701a1d6..bb0ac03f3e 100644 --- a/sdk/nodejs/servicedirectory/serviceIamPolicy.ts +++ b/sdk/nodejs/servicedirectory/serviceIamPolicy.ts @@ -69,6 +69,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_service\_directory\_service\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.servicedirectory.ServiceIamPolicy("policy", { + * name: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_service\_directory\_service\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.servicedirectory.ServiceIamBinding("binding", { + * name: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_service\_directory\_service\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.servicedirectory.ServiceIamMember("member", { + * name: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -139,18 +189,6 @@ export class ServiceIamPolicy extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly name!: pulumi.Output; /** @@ -199,18 +237,6 @@ export interface ServiceIamPolicyState { etag?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ name?: pulumi.Input; /** @@ -226,18 +252,6 @@ export interface ServiceIamPolicyState { export interface ServiceIamPolicyArgs { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ name?: pulumi.Input; /** diff --git a/sdk/nodejs/sourcerepo/repositoryIamBinding.ts b/sdk/nodejs/sourcerepo/repositoryIamBinding.ts index b34489aae9..f90e367a9e 100644 --- a/sdk/nodejs/sourcerepo/repositoryIamBinding.ts +++ b/sdk/nodejs/sourcerepo/repositoryIamBinding.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_pubsub\_topic\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.pubsub.TopicIAMPolicy("policy", { + * project: example.project, + * topic: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_pubsub\_topic\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.pubsub.TopicIAMBinding("binding", { + * project: example.project, + * topic: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_pubsub\_topic\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.pubsub.TopicIAMMember("member", { + * project: example.project, + * topic: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,12 +196,8 @@ export class RepositoryIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +209,11 @@ export class RepositoryIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; public readonly repository!: pulumi.Output; /** @@ -220,12 +274,8 @@ export interface RepositoryIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -237,6 +287,11 @@ export interface RepositoryIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; repository?: pulumi.Input; /** @@ -252,12 +307,8 @@ export interface RepositoryIamBindingState { */ export interface RepositoryIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -269,6 +320,11 @@ export interface RepositoryIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; repository: pulumi.Input; /** diff --git a/sdk/nodejs/sourcerepo/repositoryIamMember.ts b/sdk/nodejs/sourcerepo/repositoryIamMember.ts index 13ba1d4b33..837b50dec6 100644 --- a/sdk/nodejs/sourcerepo/repositoryIamMember.ts +++ b/sdk/nodejs/sourcerepo/repositoryIamMember.ts @@ -74,6 +74,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_pubsub\_topic\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.pubsub.TopicIAMPolicy("policy", { + * project: example.project, + * topic: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_pubsub\_topic\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.pubsub.TopicIAMBinding("binding", { + * project: example.project, + * topic: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_pubsub\_topic\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.pubsub.TopicIAMMember("member", { + * project: example.project, + * topic: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -143,12 +196,8 @@ export class RepositoryIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +209,11 @@ export class RepositoryIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; public readonly repository!: pulumi.Output; /** @@ -220,12 +274,8 @@ export interface RepositoryIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -237,6 +287,11 @@ export interface RepositoryIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; repository?: pulumi.Input; /** @@ -252,12 +307,8 @@ export interface RepositoryIamMemberState { */ export interface RepositoryIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -269,6 +320,11 @@ export interface RepositoryIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; repository: pulumi.Input; /** diff --git a/sdk/nodejs/sourcerepo/repositoryIamPolicy.ts b/sdk/nodejs/sourcerepo/repositoryIamPolicy.ts index 70e58712e2..f0270cdc62 100644 --- a/sdk/nodejs/sourcerepo/repositoryIamPolicy.ts +++ b/sdk/nodejs/sourcerepo/repositoryIamPolicy.ts @@ -72,6 +72,59 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_pubsub\_topic\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.pubsub.TopicIAMPolicy("policy", { + * project: example.project, + * topic: example.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_pubsub\_topic\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.pubsub.TopicIAMBinding("binding", { + * project: example.project, + * topic: example.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_pubsub\_topic\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.pubsub.TopicIAMMember("member", { + * project: example.project, + * topic: example.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -148,18 +201,6 @@ export class RepositoryIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly repository!: pulumi.Output; @@ -215,18 +256,6 @@ export interface RepositoryIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; repository?: pulumi.Input; @@ -244,18 +273,6 @@ export interface RepositoryIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; repository: pulumi.Input; diff --git a/sdk/nodejs/spanner/databaseIAMBinding.ts b/sdk/nodejs/spanner/databaseIAMBinding.ts index fc614e41ad..15396d0c0f 100644 --- a/sdk/nodejs/spanner/databaseIAMBinding.ts +++ b/sdk/nodejs/spanner/databaseIAMBinding.ts @@ -141,6 +141,127 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_spanner\_database\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const database = new gcp.spanner.DatabaseIAMPolicy("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * condition: { + * title: "My Role", + * description: "Grant permissions on my_role", + * expression: "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + * }, + * }], + * }); + * const database = new gcp.spanner.DatabaseIAMPolicy("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_spanner\_database\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const database = new gcp.spanner.DatabaseIAMBinding("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const database = new gcp.spanner.DatabaseIAMBinding("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "My Role", + * description: "Grant permissions on my_role", + * expression: "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + * }, + * }); + * ``` + * + * + * ## google\_spanner\_database\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const database = new gcp.spanner.DatabaseIAMMember("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * role: "roles/compute.networkUser", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const database = new gcp.spanner.DatabaseIAMMember("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * role: "roles/compute.networkUser", + * member: "user:jane@example.com", + * condition: { + * title: "My Role", + * description: "Grant permissions on my_role", + * expression: "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + * }, + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -210,8 +331,10 @@ export class DatabaseIAMBinding extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; /** * The name of the Spanner instance the database belongs to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly instance!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -220,7 +343,6 @@ export class DatabaseIAMBinding extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly instance!: pulumi.Output; public readonly members!: pulumi.Output; /** * The ID of the project in which the resource belongs. If it @@ -300,8 +422,10 @@ export interface DatabaseIAMBindingState { etag?: pulumi.Input; /** * The name of the Spanner instance the database belongs to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + instance?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -310,7 +434,6 @@ export interface DatabaseIAMBindingState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - instance?: pulumi.Input; members?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. If it @@ -340,8 +463,10 @@ export interface DatabaseIAMBindingArgs { database: pulumi.Input; /** * The name of the Spanner instance the database belongs to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + instance: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -350,7 +475,6 @@ export interface DatabaseIAMBindingArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - instance: pulumi.Input; members: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. If it diff --git a/sdk/nodejs/spanner/databaseIAMMember.ts b/sdk/nodejs/spanner/databaseIAMMember.ts index b6c5fca475..480174f265 100644 --- a/sdk/nodejs/spanner/databaseIAMMember.ts +++ b/sdk/nodejs/spanner/databaseIAMMember.ts @@ -141,6 +141,127 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_spanner\_database\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const database = new gcp.spanner.DatabaseIAMPolicy("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * condition: { + * title: "My Role", + * description: "Grant permissions on my_role", + * expression: "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + * }, + * }], + * }); + * const database = new gcp.spanner.DatabaseIAMPolicy("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_spanner\_database\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const database = new gcp.spanner.DatabaseIAMBinding("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const database = new gcp.spanner.DatabaseIAMBinding("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "My Role", + * description: "Grant permissions on my_role", + * expression: "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + * }, + * }); + * ``` + * + * + * ## google\_spanner\_database\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const database = new gcp.spanner.DatabaseIAMMember("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * role: "roles/compute.networkUser", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const database = new gcp.spanner.DatabaseIAMMember("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * role: "roles/compute.networkUser", + * member: "user:jane@example.com", + * condition: { + * title: "My Role", + * description: "Grant permissions on my_role", + * expression: "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + * }, + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -210,8 +331,10 @@ export class DatabaseIAMMember extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; /** * The name of the Spanner instance the database belongs to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly instance!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -220,7 +343,6 @@ export class DatabaseIAMMember extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly instance!: pulumi.Output; public readonly member!: pulumi.Output; /** * The ID of the project in which the resource belongs. If it @@ -300,8 +422,10 @@ export interface DatabaseIAMMemberState { etag?: pulumi.Input; /** * The name of the Spanner instance the database belongs to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + instance?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -310,7 +434,6 @@ export interface DatabaseIAMMemberState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - instance?: pulumi.Input; member?: pulumi.Input; /** * The ID of the project in which the resource belongs. If it @@ -340,8 +463,10 @@ export interface DatabaseIAMMemberArgs { database: pulumi.Input; /** * The name of the Spanner instance the database belongs to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + instance: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -350,7 +475,6 @@ export interface DatabaseIAMMemberArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - instance: pulumi.Input; member: pulumi.Input; /** * The ID of the project in which the resource belongs. If it diff --git a/sdk/nodejs/spanner/databaseIAMPolicy.ts b/sdk/nodejs/spanner/databaseIAMPolicy.ts index 1b226a55d3..36be82f017 100644 --- a/sdk/nodejs/spanner/databaseIAMPolicy.ts +++ b/sdk/nodejs/spanner/databaseIAMPolicy.ts @@ -139,6 +139,127 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_spanner\_database\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const database = new gcp.spanner.DatabaseIAMPolicy("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * condition: { + * title: "My Role", + * description: "Grant permissions on my_role", + * expression: "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + * }, + * }], + * }); + * const database = new gcp.spanner.DatabaseIAMPolicy("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_spanner\_database\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const database = new gcp.spanner.DatabaseIAMBinding("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const database = new gcp.spanner.DatabaseIAMBinding("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * role: "roles/compute.networkUser", + * members: ["user:jane@example.com"], + * condition: { + * title: "My Role", + * description: "Grant permissions on my_role", + * expression: "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + * }, + * }); + * ``` + * + * + * ## google\_spanner\_database\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const database = new gcp.spanner.DatabaseIAMMember("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * role: "roles/compute.networkUser", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const database = new gcp.spanner.DatabaseIAMMember("database", { + * instance: "your-instance-name", + * database: "your-database-name", + * role: "roles/compute.networkUser", + * member: "user:jane@example.com", + * condition: { + * title: "My Role", + * description: "Grant permissions on my_role", + * expression: "(resource.type == \"spanner.googleapis.com/DatabaseRole\" && (resource.name.endsWith(\"/myrole\")))", + * }, + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -203,15 +324,6 @@ export class DatabaseIAMPolicy extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; /** * The name of the Spanner instance the database belongs to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly instance!: pulumi.Output; /** @@ -279,15 +391,6 @@ export interface DatabaseIAMPolicyState { etag?: pulumi.Input; /** * The name of the Spanner instance the database belongs to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ instance?: pulumi.Input; /** @@ -312,15 +415,6 @@ export interface DatabaseIAMPolicyArgs { database: pulumi.Input; /** * The name of the Spanner instance the database belongs to. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ instance: pulumi.Input; /** diff --git a/sdk/nodejs/spanner/instanceIAMBinding.ts b/sdk/nodejs/spanner/instanceIAMBinding.ts index a252e42873..f3f0a99652 100644 --- a/sdk/nodejs/spanner/instanceIAMBinding.ts +++ b/sdk/nodejs/spanner/instanceIAMBinding.ts @@ -70,6 +70,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_spanner\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const instance = new gcp.spanner.InstanceIAMPolicy("instance", { + * instance: "your-instance-name", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_spanner\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const instance = new gcp.spanner.InstanceIAMBinding("instance", { + * instance: "your-instance-name", + * role: "roles/spanner.databaseAdmin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_spanner\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const instance = new gcp.spanner.InstanceIAMMember("instance", { + * instance: "your-instance-name", + * role: "roles/spanner.databaseAdmin", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -131,8 +181,10 @@ export class InstanceIAMBinding extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; /** * The name of the instance. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly instance!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -141,7 +193,6 @@ export class InstanceIAMBinding extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly instance!: pulumi.Output; public readonly members!: pulumi.Output; /** * The ID of the project in which the resource belongs. If it @@ -208,8 +259,10 @@ export interface InstanceIAMBindingState { etag?: pulumi.Input; /** * The name of the instance. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + instance?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -218,7 +271,6 @@ export interface InstanceIAMBindingState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - instance?: pulumi.Input; members?: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. If it @@ -240,8 +292,10 @@ export interface InstanceIAMBindingArgs { condition?: pulumi.Input; /** * The name of the instance. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + instance: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -250,7 +304,6 @@ export interface InstanceIAMBindingArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - instance: pulumi.Input; members: pulumi.Input[]>; /** * The ID of the project in which the resource belongs. If it diff --git a/sdk/nodejs/spanner/instanceIAMMember.ts b/sdk/nodejs/spanner/instanceIAMMember.ts index 63ef147c80..2791c556a9 100644 --- a/sdk/nodejs/spanner/instanceIAMMember.ts +++ b/sdk/nodejs/spanner/instanceIAMMember.ts @@ -70,6 +70,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_spanner\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const instance = new gcp.spanner.InstanceIAMPolicy("instance", { + * instance: "your-instance-name", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_spanner\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const instance = new gcp.spanner.InstanceIAMBinding("instance", { + * instance: "your-instance-name", + * role: "roles/spanner.databaseAdmin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_spanner\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const instance = new gcp.spanner.InstanceIAMMember("instance", { + * instance: "your-instance-name", + * role: "roles/spanner.databaseAdmin", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -131,8 +181,10 @@ export class InstanceIAMMember extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; /** * The name of the instance. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly instance!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -141,7 +193,6 @@ export class InstanceIAMMember extends pulumi.CustomResource { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - public readonly instance!: pulumi.Output; public readonly member!: pulumi.Output; /** * The ID of the project in which the resource belongs. If it @@ -208,8 +259,10 @@ export interface InstanceIAMMemberState { etag?: pulumi.Input; /** * The name of the instance. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + instance?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -218,7 +271,6 @@ export interface InstanceIAMMemberState { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - instance?: pulumi.Input; member?: pulumi.Input; /** * The ID of the project in which the resource belongs. If it @@ -240,8 +292,10 @@ export interface InstanceIAMMemberArgs { condition?: pulumi.Input; /** * The name of the instance. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + instance: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -250,7 +304,6 @@ export interface InstanceIAMMemberArgs { * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ - instance: pulumi.Input; member: pulumi.Input; /** * The ID of the project in which the resource belongs. If it diff --git a/sdk/nodejs/spanner/instanceIAMPolicy.ts b/sdk/nodejs/spanner/instanceIAMPolicy.ts index c42c160f6b..7a63a35c26 100644 --- a/sdk/nodejs/spanner/instanceIAMPolicy.ts +++ b/sdk/nodejs/spanner/instanceIAMPolicy.ts @@ -68,6 +68,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_spanner\_instance\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/editor", + * members: ["user:jane@example.com"], + * }], + * }); + * const instance = new gcp.spanner.InstanceIAMPolicy("instance", { + * instance: "your-instance-name", + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_spanner\_instance\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const instance = new gcp.spanner.InstanceIAMBinding("instance", { + * instance: "your-instance-name", + * role: "roles/spanner.databaseAdmin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_spanner\_instance\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const instance = new gcp.spanner.InstanceIAMMember("instance", { + * instance: "your-instance-name", + * role: "roles/spanner.databaseAdmin", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * ### Importing IAM policies @@ -128,15 +178,6 @@ export class InstanceIAMPolicy extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; /** * The name of the instance. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ public readonly instance!: pulumi.Output; /** @@ -195,15 +236,6 @@ export interface InstanceIAMPolicyState { etag?: pulumi.Input; /** * The name of the instance. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ instance?: pulumi.Input; /** @@ -224,15 +256,6 @@ export interface InstanceIAMPolicyState { export interface InstanceIAMPolicyArgs { /** * The name of the instance. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. */ instance: pulumi.Input; /** diff --git a/sdk/nodejs/storage/bucketIAMBinding.ts b/sdk/nodejs/storage/bucketIAMBinding.ts index 686ec56b96..22a29eea0c 100644 --- a/sdk/nodejs/storage/bucketIAMBinding.ts +++ b/sdk/nodejs/storage/bucketIAMBinding.ts @@ -136,6 +136,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_storage\_bucket\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/storage.admin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.storage.BucketIAMPolicy("policy", { + * bucket: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/storage.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.storage.BucketIAMPolicy("policy", { + * bucket: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_storage\_bucket\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.storage.BucketIAMBinding("binding", { + * bucket: _default.name, + * role: "roles/storage.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.storage.BucketIAMBinding("binding", { + * bucket: _default.name, + * role: "roles/storage.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_storage\_bucket\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.storage.BucketIAMMember("member", { + * bucket: _default.name, + * role: "roles/storage.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.storage.BucketIAMMember("member", { + * bucket: _default.name, + * role: "roles/storage.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -200,18 +313,6 @@ export class BucketIAMBinding extends pulumi.CustomResource { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly bucket!: pulumi.Output; /** @@ -223,6 +324,19 @@ export class BucketIAMBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ public readonly members!: pulumi.Output; /** * The role that should be applied. Only one @@ -277,18 +391,6 @@ export class BucketIAMBinding extends pulumi.CustomResource { export interface BucketIAMBindingState { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ bucket?: pulumi.Input; /** @@ -300,6 +402,19 @@ export interface BucketIAMBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ members?: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -315,8 +430,15 @@ export interface BucketIAMBindingState { export interface BucketIAMBindingArgs { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + bucket: pulumi.Input; + /** + * An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + * Structure is documented below. + */ + condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -328,12 +450,6 @@ export interface BucketIAMBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - bucket: pulumi.Input; - /** - * An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - * Structure is documented below. - */ - condition?: pulumi.Input; members: pulumi.Input[]>; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/storage/bucketIAMMember.ts b/sdk/nodejs/storage/bucketIAMMember.ts index fe86739761..6753d2fe07 100644 --- a/sdk/nodejs/storage/bucketIAMMember.ts +++ b/sdk/nodejs/storage/bucketIAMMember.ts @@ -136,6 +136,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_storage\_bucket\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/storage.admin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.storage.BucketIAMPolicy("policy", { + * bucket: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/storage.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.storage.BucketIAMPolicy("policy", { + * bucket: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_storage\_bucket\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.storage.BucketIAMBinding("binding", { + * bucket: _default.name, + * role: "roles/storage.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.storage.BucketIAMBinding("binding", { + * bucket: _default.name, + * role: "roles/storage.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_storage\_bucket\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.storage.BucketIAMMember("member", { + * bucket: _default.name, + * role: "roles/storage.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.storage.BucketIAMMember("member", { + * bucket: _default.name, + * role: "roles/storage.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -200,18 +313,6 @@ export class BucketIAMMember extends pulumi.CustomResource { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly bucket!: pulumi.Output; /** @@ -223,6 +324,19 @@ export class BucketIAMMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -277,18 +391,6 @@ export class BucketIAMMember extends pulumi.CustomResource { export interface BucketIAMMemberState { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ bucket?: pulumi.Input; /** @@ -300,6 +402,19 @@ export interface BucketIAMMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. + * Each entry can have one of the following values: + * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + */ member?: pulumi.Input; /** * The role that should be applied. Only one @@ -315,8 +430,15 @@ export interface BucketIAMMemberState { export interface BucketIAMMemberArgs { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + bucket: pulumi.Input; + /** + * An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + * Structure is documented below. + */ + condition?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -328,12 +450,6 @@ export interface BucketIAMMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - bucket: pulumi.Input; - /** - * An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - * Structure is documented below. - */ - condition?: pulumi.Input; member: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/storage/bucketIAMPolicy.ts b/sdk/nodejs/storage/bucketIAMPolicy.ts index eb0f56cb5b..58755fe15f 100644 --- a/sdk/nodejs/storage/bucketIAMPolicy.ts +++ b/sdk/nodejs/storage/bucketIAMPolicy.ts @@ -134,6 +134,119 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_storage\_bucket\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/storage.admin", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.storage.BucketIAMPolicy("policy", { + * bucket: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/storage.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }], + * }); + * const policy = new gcp.storage.BucketIAMPolicy("policy", { + * bucket: _default.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * ## google\_storage\_bucket\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.storage.BucketIAMBinding("binding", { + * bucket: _default.name, + * role: "roles/storage.admin", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.storage.BucketIAMBinding("binding", { + * bucket: _default.name, + * role: "roles/storage.admin", + * members: ["user:jane@example.com"], + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * ## google\_storage\_bucket\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.storage.BucketIAMMember("member", { + * bucket: _default.name, + * role: "roles/storage.admin", + * member: "user:jane@example.com", + * }); + * ``` + * + * + * With IAM Conditions: + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.storage.BucketIAMMember("member", { + * bucket: _default.name, + * role: "roles/storage.admin", + * member: "user:jane@example.com", + * condition: { + * title: "expires_after_2019_12_31", + * description: "Expiring at midnight of 2019-12-31", + * expression: "request.time < timestamp(\"2020-01-01T00:00:00Z\")", + * }, + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -198,18 +311,6 @@ export class BucketIAMPolicy extends pulumi.CustomResource { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly bucket!: pulumi.Output; /** @@ -261,18 +362,6 @@ export class BucketIAMPolicy extends pulumi.CustomResource { export interface BucketIAMPolicyState { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ bucket?: pulumi.Input; /** @@ -292,18 +381,6 @@ export interface BucketIAMPolicyState { export interface BucketIAMPolicyArgs { /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ bucket: pulumi.Input; /** diff --git a/sdk/nodejs/tags/tagKeyIamBinding.ts b/sdk/nodejs/tags/tagKeyIamBinding.ts index b06e17257d..997787a1f0 100644 --- a/sdk/nodejs/tags/tagKeyIamBinding.ts +++ b/sdk/nodejs/tags/tagKeyIamBinding.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_tags\_tag\_key\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.tags.TagKeyIamPolicy("policy", { + * tagKey: key.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_tags\_tag\_key\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.tags.TagKeyIamBinding("binding", { + * tagKey: key.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_tags\_tag\_key\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.tags.TagKeyIamMember("member", { + * tagKey: key.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -138,17 +188,8 @@ export class TagKeyIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The role that should be applied. Only one - * `gcp.tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - * `[projects|organizations]/{parent-name}/roles/{role-name}`. - */ - public readonly role!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +201,16 @@ export class TagKeyIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The role that should be applied. Only one + * `gcp.tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + public readonly role!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ public readonly tagKey!: pulumi.Output; /** @@ -211,17 +262,8 @@ export interface TagKeyIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The role that should be applied. Only one - * `gcp.tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - * `[projects|organizations]/{parent-name}/roles/{role-name}`. - */ - role?: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -233,6 +275,16 @@ export interface TagKeyIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The role that should be applied. Only one + * `gcp.tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + role?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ tagKey?: pulumi.Input; } @@ -241,17 +293,8 @@ export interface TagKeyIamBindingState { */ export interface TagKeyIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; - /** - * The role that should be applied. Only one - * `gcp.tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - * `[projects|organizations]/{parent-name}/roles/{role-name}`. - */ - role: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -263,5 +306,15 @@ export interface TagKeyIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The role that should be applied. Only one + * `gcp.tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + role: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ tagKey: pulumi.Input; } diff --git a/sdk/nodejs/tags/tagKeyIamMember.ts b/sdk/nodejs/tags/tagKeyIamMember.ts index 6c6557ae8e..eace47a311 100644 --- a/sdk/nodejs/tags/tagKeyIamMember.ts +++ b/sdk/nodejs/tags/tagKeyIamMember.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_tags\_tag\_key\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.tags.TagKeyIamPolicy("policy", { + * tagKey: key.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_tags\_tag\_key\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.tags.TagKeyIamBinding("binding", { + * tagKey: key.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_tags\_tag\_key\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.tags.TagKeyIamMember("member", { + * tagKey: key.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -138,17 +188,8 @@ export class TagKeyIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The role that should be applied. Only one - * `gcp.tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - * `[projects|organizations]/{parent-name}/roles/{role-name}`. - */ - public readonly role!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +201,16 @@ export class TagKeyIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The role that should be applied. Only one + * `gcp.tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + public readonly role!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ public readonly tagKey!: pulumi.Output; /** @@ -211,17 +262,8 @@ export interface TagKeyIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The role that should be applied. Only one - * `gcp.tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - * `[projects|organizations]/{parent-name}/roles/{role-name}`. - */ - role?: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -233,6 +275,16 @@ export interface TagKeyIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The role that should be applied. Only one + * `gcp.tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + role?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ tagKey?: pulumi.Input; } @@ -241,17 +293,8 @@ export interface TagKeyIamMemberState { */ export interface TagKeyIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; - /** - * The role that should be applied. Only one - * `gcp.tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - * `[projects|organizations]/{parent-name}/roles/{role-name}`. - */ - role: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -263,5 +306,15 @@ export interface TagKeyIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The role that should be applied. Only one + * `gcp.tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + role: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ tagKey: pulumi.Input; } diff --git a/sdk/nodejs/tags/tagKeyIamPolicy.ts b/sdk/nodejs/tags/tagKeyIamPolicy.ts index ed0c49cf9a..73a8b088d7 100644 --- a/sdk/nodejs/tags/tagKeyIamPolicy.ts +++ b/sdk/nodejs/tags/tagKeyIamPolicy.ts @@ -69,6 +69,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_tags\_tag\_key\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.tags.TagKeyIamPolicy("policy", { + * tagKey: key.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_tags\_tag\_key\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.tags.TagKeyIamBinding("binding", { + * tagKey: key.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_tags\_tag\_key\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.tags.TagKeyIamMember("member", { + * tagKey: key.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -142,18 +192,6 @@ export class TagKeyIamPolicy extends pulumi.CustomResource { public readonly policyData!: pulumi.Output; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly tagKey!: pulumi.Output; @@ -205,18 +243,6 @@ export interface TagKeyIamPolicyState { policyData?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ tagKey?: pulumi.Input; } @@ -232,18 +258,6 @@ export interface TagKeyIamPolicyArgs { policyData: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ tagKey: pulumi.Input; } diff --git a/sdk/nodejs/tags/tagValueIamBinding.ts b/sdk/nodejs/tags/tagValueIamBinding.ts index bdf2712a02..0e7f993681 100644 --- a/sdk/nodejs/tags/tagValueIamBinding.ts +++ b/sdk/nodejs/tags/tagValueIamBinding.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_tags\_tag\_value\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.tags.TagValueIamPolicy("policy", { + * tagValue: value.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_tags\_tag\_value\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.tags.TagValueIamBinding("binding", { + * tagValue: value.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_tags\_tag\_value\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.tags.TagValueIamMember("member", { + * tagValue: value.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -138,17 +188,8 @@ export class TagValueIamBinding extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The role that should be applied. Only one - * `gcp.tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - * `[projects|organizations]/{parent-name}/roles/{role-name}`. - */ - public readonly role!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +201,16 @@ export class TagValueIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The role that should be applied. Only one + * `gcp.tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + public readonly role!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ public readonly tagValue!: pulumi.Output; /** @@ -211,17 +262,8 @@ export interface TagValueIamBindingState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The role that should be applied. Only one - * `gcp.tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - * `[projects|organizations]/{parent-name}/roles/{role-name}`. - */ - role?: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -233,6 +275,16 @@ export interface TagValueIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The role that should be applied. Only one + * `gcp.tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + role?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ tagValue?: pulumi.Input; } @@ -241,17 +293,8 @@ export interface TagValueIamBindingState { */ export interface TagValueIamBindingArgs { condition?: pulumi.Input; - members: pulumi.Input[]>; - /** - * The role that should be applied. Only one - * `gcp.tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - * `[projects|organizations]/{parent-name}/roles/{role-name}`. - */ - role: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -263,5 +306,15 @@ export interface TagValueIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The role that should be applied. Only one + * `gcp.tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + role: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ tagValue: pulumi.Input; } diff --git a/sdk/nodejs/tags/tagValueIamMember.ts b/sdk/nodejs/tags/tagValueIamMember.ts index bf62d1eace..55e756ef16 100644 --- a/sdk/nodejs/tags/tagValueIamMember.ts +++ b/sdk/nodejs/tags/tagValueIamMember.ts @@ -71,6 +71,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_tags\_tag\_value\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.tags.TagValueIamPolicy("policy", { + * tagValue: value.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_tags\_tag\_value\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.tags.TagValueIamBinding("binding", { + * tagValue: value.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_tags\_tag\_value\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.tags.TagValueIamMember("member", { + * tagValue: value.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -138,17 +188,8 @@ export class TagValueIamMember extends pulumi.CustomResource { * (Computed) The etag of the IAM policy. */ public /*out*/ readonly etag!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The role that should be applied. Only one - * `gcp.tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - * `[projects|organizations]/{parent-name}/roles/{role-name}`. - */ - public readonly role!: pulumi.Output; - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +201,16 @@ export class TagValueIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The role that should be applied. Only one + * `gcp.tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + public readonly role!: pulumi.Output; + /** + * Used to find the parent resource to bind the IAM policy to + */ public readonly tagValue!: pulumi.Output; /** @@ -211,17 +262,8 @@ export interface TagValueIamMemberState { * (Computed) The etag of the IAM policy. */ etag?: pulumi.Input; - member?: pulumi.Input; /** - * The role that should be applied. Only one - * `gcp.tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - * `[projects|organizations]/{parent-name}/roles/{role-name}`. - */ - role?: pulumi.Input; - /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -233,6 +275,16 @@ export interface TagValueIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The role that should be applied. Only one + * `gcp.tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + role?: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ tagValue?: pulumi.Input; } @@ -241,17 +293,8 @@ export interface TagValueIamMemberState { */ export interface TagValueIamMemberArgs { condition?: pulumi.Input; - member: pulumi.Input; - /** - * The role that should be applied. Only one - * `gcp.tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - * `[projects|organizations]/{parent-name}/roles/{role-name}`. - */ - role: pulumi.Input; /** - * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -263,5 +306,15 @@ export interface TagValueIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The role that should be applied. Only one + * `gcp.tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + * `[projects|organizations]/{parent-name}/roles/{role-name}`. + */ + role: pulumi.Input; + /** + * Used to find the parent resource to bind the IAM policy to + */ tagValue: pulumi.Input; } diff --git a/sdk/nodejs/tags/tagValueIamPolicy.ts b/sdk/nodejs/tags/tagValueIamPolicy.ts index d6663a22fc..aeea7fc194 100644 --- a/sdk/nodejs/tags/tagValueIamPolicy.ts +++ b/sdk/nodejs/tags/tagValueIamPolicy.ts @@ -69,6 +69,56 @@ import * as utilities from "../utilities"; * ``` * * + * ## google\_tags\_tag\_value\_iam\_policy + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const admin = gcp.organizations.getIAMPolicy({ + * bindings: [{ + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }], + * }); + * const policy = new gcp.tags.TagValueIamPolicy("policy", { + * tagValue: value.name, + * policyData: admin.then(admin => admin.policyData), + * }); + * ``` + * + * + * ## google\_tags\_tag\_value\_iam\_binding + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const binding = new gcp.tags.TagValueIamBinding("binding", { + * tagValue: value.name, + * role: "roles/viewer", + * members: ["user:jane@example.com"], + * }); + * ``` + * + * + * ## google\_tags\_tag\_value\_iam\_member + * + * + * ```typescript + * import * as pulumi from "@pulumi/pulumi"; + * import * as gcp from "@pulumi/gcp"; + * + * const member = new gcp.tags.TagValueIamMember("member", { + * tagValue: value.name, + * role: "roles/viewer", + * member: "user:jane@example.com", + * }); + * ``` + * + * * ## Import * * For all import syntaxes, the "resource in question" can take any of the following forms: @@ -142,18 +192,6 @@ export class TagValueIamPolicy extends pulumi.CustomResource { public readonly policyData!: pulumi.Output; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly tagValue!: pulumi.Output; @@ -205,18 +243,6 @@ export interface TagValueIamPolicyState { policyData?: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ tagValue?: pulumi.Input; } @@ -232,18 +258,6 @@ export interface TagValueIamPolicyArgs { policyData: pulumi.Input; /** * Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ tagValue: pulumi.Input; } diff --git a/sdk/nodejs/vertex/aiFeatureStoreEntityTypeIamBinding.ts b/sdk/nodejs/vertex/aiFeatureStoreEntityTypeIamBinding.ts index b06e4f367d..2080ffd2e8 100644 --- a/sdk/nodejs/vertex/aiFeatureStoreEntityTypeIamBinding.ts +++ b/sdk/nodejs/vertex/aiFeatureStoreEntityTypeIamBinding.ts @@ -80,8 +80,10 @@ export class AiFeatureStoreEntityTypeIamBinding extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly featurestore!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -93,7 +95,6 @@ export class AiFeatureStoreEntityTypeIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - public readonly featurestore!: pulumi.Output; public readonly members!: pulumi.Output; /** * The role that should be applied. Only one @@ -162,8 +163,10 @@ export interface AiFeatureStoreEntityTypeIamBindingState { etag?: pulumi.Input; /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + featurestore?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -175,7 +178,6 @@ export interface AiFeatureStoreEntityTypeIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - featurestore?: pulumi.Input; members?: pulumi.Input[]>; /** * The role that should be applied. Only one @@ -196,8 +198,10 @@ export interface AiFeatureStoreEntityTypeIamBindingArgs { entitytype: pulumi.Input; /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + featurestore: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -209,7 +213,6 @@ export interface AiFeatureStoreEntityTypeIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - featurestore: pulumi.Input; members: pulumi.Input[]>; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/vertex/aiFeatureStoreEntityTypeIamMember.ts b/sdk/nodejs/vertex/aiFeatureStoreEntityTypeIamMember.ts index e3f604af04..c2f6779851 100644 --- a/sdk/nodejs/vertex/aiFeatureStoreEntityTypeIamMember.ts +++ b/sdk/nodejs/vertex/aiFeatureStoreEntityTypeIamMember.ts @@ -80,8 +80,10 @@ export class AiFeatureStoreEntityTypeIamMember extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + public readonly featurestore!: pulumi.Output; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -93,7 +95,6 @@ export class AiFeatureStoreEntityTypeIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - public readonly featurestore!: pulumi.Output; public readonly member!: pulumi.Output; /** * The role that should be applied. Only one @@ -162,8 +163,10 @@ export interface AiFeatureStoreEntityTypeIamMemberState { etag?: pulumi.Input; /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + featurestore?: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -175,7 +178,6 @@ export interface AiFeatureStoreEntityTypeIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - featurestore?: pulumi.Input; member?: pulumi.Input; /** * The role that should be applied. Only one @@ -196,8 +198,10 @@ export interface AiFeatureStoreEntityTypeIamMemberArgs { entitytype: pulumi.Input; /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + */ + featurestore: pulumi.Input; + /** + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -209,7 +213,6 @@ export interface AiFeatureStoreEntityTypeIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ - featurestore: pulumi.Input; member: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/vertex/aiFeatureStoreEntityTypeIamPolicy.ts b/sdk/nodejs/vertex/aiFeatureStoreEntityTypeIamPolicy.ts index e6204ca477..4cad0c56f5 100644 --- a/sdk/nodejs/vertex/aiFeatureStoreEntityTypeIamPolicy.ts +++ b/sdk/nodejs/vertex/aiFeatureStoreEntityTypeIamPolicy.ts @@ -77,18 +77,6 @@ export class AiFeatureStoreEntityTypeIamPolicy extends pulumi.CustomResource { public /*out*/ readonly etag!: pulumi.Output; /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly featurestore!: pulumi.Output; /** @@ -149,18 +137,6 @@ export interface AiFeatureStoreEntityTypeIamPolicyState { etag?: pulumi.Input; /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ featurestore?: pulumi.Input; /** @@ -180,18 +156,6 @@ export interface AiFeatureStoreEntityTypeIamPolicyArgs { entitytype: pulumi.Input; /** * The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ featurestore: pulumi.Input; /** diff --git a/sdk/nodejs/vertex/aiFeatureStoreIamBinding.ts b/sdk/nodejs/vertex/aiFeatureStoreIamBinding.ts index 693065469f..e89076558f 100644 --- a/sdk/nodejs/vertex/aiFeatureStoreIamBinding.ts +++ b/sdk/nodejs/vertex/aiFeatureStoreIamBinding.ts @@ -82,12 +82,8 @@ export class AiFeatureStoreIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly featurestore!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -99,6 +95,11 @@ export class AiFeatureStoreIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, @@ -170,12 +171,8 @@ export interface AiFeatureStoreIamBindingState { * Used to find the parent resource to bind the IAM policy to */ featurestore?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -187,6 +184,11 @@ export interface AiFeatureStoreIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, @@ -211,12 +213,8 @@ export interface AiFeatureStoreIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ featurestore: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -228,6 +226,11 @@ export interface AiFeatureStoreIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, diff --git a/sdk/nodejs/vertex/aiFeatureStoreIamMember.ts b/sdk/nodejs/vertex/aiFeatureStoreIamMember.ts index 908bad778e..c2e3d359e6 100644 --- a/sdk/nodejs/vertex/aiFeatureStoreIamMember.ts +++ b/sdk/nodejs/vertex/aiFeatureStoreIamMember.ts @@ -82,12 +82,8 @@ export class AiFeatureStoreIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly featurestore!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -99,6 +95,11 @@ export class AiFeatureStoreIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, @@ -170,12 +171,8 @@ export interface AiFeatureStoreIamMemberState { * Used to find the parent resource to bind the IAM policy to */ featurestore?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -187,6 +184,11 @@ export interface AiFeatureStoreIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, @@ -211,12 +213,8 @@ export interface AiFeatureStoreIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ featurestore: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -228,6 +226,11 @@ export interface AiFeatureStoreIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, diff --git a/sdk/nodejs/vertex/aiFeatureStoreIamPolicy.ts b/sdk/nodejs/vertex/aiFeatureStoreIamPolicy.ts index 6ae0c17abc..ecc19dc3f9 100644 --- a/sdk/nodejs/vertex/aiFeatureStoreIamPolicy.ts +++ b/sdk/nodejs/vertex/aiFeatureStoreIamPolicy.ts @@ -87,18 +87,6 @@ export class AiFeatureStoreIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; /** @@ -165,18 +153,6 @@ export interface AiFeatureStoreIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** @@ -203,18 +179,6 @@ export interface AiFeatureStoreIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; /** diff --git a/sdk/nodejs/workstations/workstationConfigIamBinding.ts b/sdk/nodejs/workstations/workstationConfigIamBinding.ts index de330027c7..e55cb75044 100644 --- a/sdk/nodejs/workstations/workstationConfigIamBinding.ts +++ b/sdk/nodejs/workstations/workstationConfigIamBinding.ts @@ -83,12 +83,8 @@ export class WorkstationConfigIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -100,6 +96,11 @@ export class WorkstationConfigIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -173,12 +174,8 @@ export interface WorkstationConfigIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -190,6 +187,11 @@ export interface WorkstationConfigIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -211,12 +213,8 @@ export interface WorkstationConfigIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -228,6 +226,11 @@ export interface WorkstationConfigIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/workstations/workstationConfigIamMember.ts b/sdk/nodejs/workstations/workstationConfigIamMember.ts index 5783788545..71b4daec95 100644 --- a/sdk/nodejs/workstations/workstationConfigIamMember.ts +++ b/sdk/nodejs/workstations/workstationConfigIamMember.ts @@ -83,12 +83,8 @@ export class WorkstationConfigIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -100,6 +96,11 @@ export class WorkstationConfigIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -173,12 +174,8 @@ export interface WorkstationConfigIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -190,6 +187,11 @@ export interface WorkstationConfigIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -211,12 +213,8 @@ export interface WorkstationConfigIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -228,6 +226,11 @@ export interface WorkstationConfigIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/workstations/workstationConfigIamPolicy.ts b/sdk/nodejs/workstations/workstationConfigIamPolicy.ts index 8693c43c03..3036d60ec4 100644 --- a/sdk/nodejs/workstations/workstationConfigIamPolicy.ts +++ b/sdk/nodejs/workstations/workstationConfigIamPolicy.ts @@ -88,18 +88,6 @@ export class WorkstationConfigIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly workstationClusterId!: pulumi.Output; @@ -168,18 +156,6 @@ export interface WorkstationConfigIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; workstationClusterId?: pulumi.Input; @@ -203,18 +179,6 @@ export interface WorkstationConfigIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; workstationClusterId: pulumi.Input; diff --git a/sdk/nodejs/workstations/workstationIamBinding.ts b/sdk/nodejs/workstations/workstationIamBinding.ts index cfd795001d..8d6734d95f 100644 --- a/sdk/nodejs/workstations/workstationIamBinding.ts +++ b/sdk/nodejs/workstations/workstationIamBinding.ts @@ -83,12 +83,8 @@ export class WorkstationIamBinding extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly members!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -100,6 +96,11 @@ export class WorkstationIamBinding extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly members!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -179,12 +180,8 @@ export interface WorkstationIamBindingState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members?: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -196,6 +193,11 @@ export interface WorkstationIamBindingState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members?: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -218,12 +220,8 @@ export interface WorkstationIamBindingArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - members: pulumi.Input[]>; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -235,6 +233,11 @@ export interface WorkstationIamBindingArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + members: pulumi.Input[]>; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/workstations/workstationIamMember.ts b/sdk/nodejs/workstations/workstationIamMember.ts index 0fd2b5d699..92c225c53b 100644 --- a/sdk/nodejs/workstations/workstationIamMember.ts +++ b/sdk/nodejs/workstations/workstationIamMember.ts @@ -83,12 +83,8 @@ export class WorkstationIamMember extends pulumi.CustomResource { * Used to find the parent resource to bind the IAM policy to */ public readonly location!: pulumi.Output; - public readonly member!: pulumi.Output; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -100,6 +96,11 @@ export class WorkstationIamMember extends pulumi.CustomResource { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + public readonly member!: pulumi.Output; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ public readonly project!: pulumi.Output; /** * The role that should be applied. Only one @@ -179,12 +180,8 @@ export interface WorkstationIamMemberState { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member?: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -196,6 +193,11 @@ export interface WorkstationIamMemberState { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member?: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one @@ -218,12 +220,8 @@ export interface WorkstationIamMemberArgs { * Used to find the parent resource to bind the IAM policy to */ location?: pulumi.Input; - member: pulumi.Input; /** - * The ID of the project in which the resource belongs. - * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. + * Identities that will be granted the privilege in `role`. * Each entry can have one of the following values: * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -235,6 +233,11 @@ export interface WorkstationIamMemberArgs { * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ + member: pulumi.Input; + /** + * The ID of the project in which the resource belongs. + * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + */ project?: pulumi.Input; /** * The role that should be applied. Only one diff --git a/sdk/nodejs/workstations/workstationIamPolicy.ts b/sdk/nodejs/workstations/workstationIamPolicy.ts index d6fe75bad2..7bd6669b65 100644 --- a/sdk/nodejs/workstations/workstationIamPolicy.ts +++ b/sdk/nodejs/workstations/workstationIamPolicy.ts @@ -88,18 +88,6 @@ export class WorkstationIamPolicy extends pulumi.CustomResource { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ public readonly project!: pulumi.Output; public readonly workstationClusterId!: pulumi.Output; @@ -174,18 +162,6 @@ export interface WorkstationIamPolicyState { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; workstationClusterId?: pulumi.Input; @@ -210,18 +186,6 @@ export interface WorkstationIamPolicyArgs { /** * The ID of the project in which the resource belongs. * If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - * - * * `member/members` - (Required) Identities that will be granted the privilege in `role`. - * Each entry can have one of the following values: - * * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" */ project?: pulumi.Input; workstationClusterId: pulumi.Input; diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/access_policy_iam_binding.py b/sdk/python/pulumi_gcp/accesscontextmanager/access_policy_iam_binding.py index 3d1af5492d..df0318e474 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/access_policy_iam_binding.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/access_policy_iam_binding.py @@ -22,12 +22,7 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a AccessPolicyIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -38,6 +33,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -49,6 +48,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -83,18 +95,6 @@ def condition(self, value: Optional[pulumi.Input['AccessPolicyIamBindingConditio def name(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") @@ -114,9 +114,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering AccessPolicyIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -127,6 +125,7 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -166,19 +165,8 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - return pulumi.get(self, "members") - - @members.setter - def members(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "members", value) - - @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -190,6 +178,18 @@ def name(self) -> Optional[pulumi.Input[str]]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @members.setter + def members(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "members", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "name") @name.setter @@ -281,6 +281,51 @@ def __init__(__self__, ``` + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/accesscontextmanager.policyAdmin", + members=["user:jane@example.com"], + )]) + policy = gcp.accesscontextmanager.AccessPolicyIamPolicy("policy", + name=access_policy["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.accesscontextmanager.AccessPolicyIamBinding("binding", + name=access_policy["name"], + role="roles/accesscontextmanager.policyAdmin", + members=["user:jane@example.com"]) + ``` + + + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.accesscontextmanager.AccessPolicyIamMember("member", + name=access_policy["name"], + role="roles/accesscontextmanager.policyAdmin", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -317,9 +362,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -330,6 +373,7 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -400,6 +444,51 @@ def __init__(__self__, ``` + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/accesscontextmanager.policyAdmin", + members=["user:jane@example.com"], + )]) + policy = gcp.accesscontextmanager.AccessPolicyIamPolicy("policy", + name=access_policy["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.accesscontextmanager.AccessPolicyIamBinding("binding", + name=access_policy["name"], + role="roles/accesscontextmanager.policyAdmin", + members=["user:jane@example.com"]) + ``` + + + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.accesscontextmanager.AccessPolicyIamMember("member", + name=access_policy["name"], + role="roles/accesscontextmanager.policyAdmin", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -494,9 +583,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -507,6 +594,7 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -538,15 +626,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def name(self) -> pulumi.Output[str]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -558,6 +639,14 @@ def name(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "name") @property diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/access_policy_iam_member.py b/sdk/python/pulumi_gcp/accesscontextmanager/access_policy_iam_member.py index 16d955f91f..e5136caa37 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/access_policy_iam_member.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/access_policy_iam_member.py @@ -22,12 +22,7 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a AccessPolicyIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -38,6 +33,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -49,6 +48,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -83,18 +95,6 @@ def condition(self, value: Optional[pulumi.Input['AccessPolicyIamMemberCondition def name(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") @@ -114,9 +114,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering AccessPolicyIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -127,6 +125,7 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -166,19 +165,8 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "member") - - @member.setter - def member(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "member", value) - - @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -190,6 +178,18 @@ def name(self) -> Optional[pulumi.Input[str]]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @member.setter + def member(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "member", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "name") @name.setter @@ -281,6 +281,51 @@ def __init__(__self__, ``` + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/accesscontextmanager.policyAdmin", + members=["user:jane@example.com"], + )]) + policy = gcp.accesscontextmanager.AccessPolicyIamPolicy("policy", + name=access_policy["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.accesscontextmanager.AccessPolicyIamBinding("binding", + name=access_policy["name"], + role="roles/accesscontextmanager.policyAdmin", + members=["user:jane@example.com"]) + ``` + + + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.accesscontextmanager.AccessPolicyIamMember("member", + name=access_policy["name"], + role="roles/accesscontextmanager.policyAdmin", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -317,9 +362,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -330,6 +373,7 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -400,6 +444,51 @@ def __init__(__self__, ``` + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/accesscontextmanager.policyAdmin", + members=["user:jane@example.com"], + )]) + policy = gcp.accesscontextmanager.AccessPolicyIamPolicy("policy", + name=access_policy["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.accesscontextmanager.AccessPolicyIamBinding("binding", + name=access_policy["name"], + role="roles/accesscontextmanager.policyAdmin", + members=["user:jane@example.com"]) + ``` + + + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.accesscontextmanager.AccessPolicyIamMember("member", + name=access_policy["name"], + role="roles/accesscontextmanager.policyAdmin", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -494,9 +583,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -507,6 +594,7 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `accesscontextmanager.AccessPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -538,15 +626,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def name(self) -> pulumi.Output[str]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -558,6 +639,14 @@ def name(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "name") @property diff --git a/sdk/python/pulumi_gcp/accesscontextmanager/access_policy_iam_policy.py b/sdk/python/pulumi_gcp/accesscontextmanager/access_policy_iam_policy.py index cce489d91b..7d940374a7 100644 --- a/sdk/python/pulumi_gcp/accesscontextmanager/access_policy_iam_policy.py +++ b/sdk/python/pulumi_gcp/accesscontextmanager/access_policy_iam_policy.py @@ -21,18 +21,6 @@ def __init__(__self__, *, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if name is not None: @@ -56,18 +44,6 @@ def policy_data(self, value: pulumi.Input[str]): def name(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") @@ -86,18 +62,6 @@ def __init__(__self__, *, Input properties used for looking up and filtering AccessPolicyIamPolicy resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -125,18 +89,6 @@ def etag(self, value: Optional[pulumi.Input[str]]): def name(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") @@ -226,6 +178,51 @@ def __init__(__self__, ``` + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/accesscontextmanager.policyAdmin", + members=["user:jane@example.com"], + )]) + policy = gcp.accesscontextmanager.AccessPolicyIamPolicy("policy", + name=access_policy["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.accesscontextmanager.AccessPolicyIamBinding("binding", + name=access_policy["name"], + role="roles/accesscontextmanager.policyAdmin", + members=["user:jane@example.com"]) + ``` + + + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.accesscontextmanager.AccessPolicyIamMember("member", + name=access_policy["name"], + role="roles/accesscontextmanager.policyAdmin", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -263,18 +260,6 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -344,6 +329,51 @@ def __init__(__self__, ``` + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/accesscontextmanager.policyAdmin", + members=["user:jane@example.com"], + )]) + policy = gcp.accesscontextmanager.AccessPolicyIamPolicy("policy", + name=access_policy["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.accesscontextmanager.AccessPolicyIamBinding("binding", + name=access_policy["name"], + role="roles/accesscontextmanager.policyAdmin", + members=["user:jane@example.com"]) + ``` + + + ## google\\_access\\_context\\_manager\\_access\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.accesscontextmanager.AccessPolicyIamMember("member", + name=access_policy["name"], + role="roles/accesscontextmanager.policyAdmin", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -431,18 +461,6 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -468,18 +486,6 @@ def etag(self) -> pulumi.Output[str]: def name(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") diff --git a/sdk/python/pulumi_gcp/apigateway/api_config_iam_binding.py b/sdk/python/pulumi_gcp/apigateway/api_config_iam_binding.py index bcb3c45286..dbb701af54 100644 --- a/sdk/python/pulumi_gcp/apigateway/api_config_iam_binding.py +++ b/sdk/python/pulumi_gcp/apigateway/api_config_iam_binding.py @@ -26,13 +26,7 @@ def __init__(__self__, *, The set of arguments for constructing a ApiConfigIamBinding resource. :param pulumi.Input[str] api: The API to attach the config to. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +37,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "api", api) pulumi.set(__self__, "api_config", api_config) @@ -78,6 +77,19 @@ def api_config(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -113,18 +125,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -148,10 +148,7 @@ def __init__(__self__, *, :param pulumi.Input[str] api: The API to attach the config to. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -162,6 +159,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -227,6 +226,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -239,18 +251,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -348,6 +348,54 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.ApiConfigIamPolicy("policy", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.ApiConfigIamBinding("binding", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.ApiConfigIamMember("member", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -390,10 +438,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] api: The API to attach the config to. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -404,6 +449,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -477,6 +524,54 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.ApiConfigIamPolicy("policy", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.ApiConfigIamBinding("binding", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.ApiConfigIamMember("member", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -587,10 +682,7 @@ def get(resource_name: str, :param pulumi.Input[str] api: The API to attach the config to. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -601,6 +693,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -648,16 +742,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -669,6 +755,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/apigateway/api_config_iam_member.py b/sdk/python/pulumi_gcp/apigateway/api_config_iam_member.py index 36b74f85c2..3f995e1812 100644 --- a/sdk/python/pulumi_gcp/apigateway/api_config_iam_member.py +++ b/sdk/python/pulumi_gcp/apigateway/api_config_iam_member.py @@ -26,13 +26,7 @@ def __init__(__self__, *, The set of arguments for constructing a ApiConfigIamMember resource. :param pulumi.Input[str] api: The API to attach the config to. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +37,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "api", api) pulumi.set(__self__, "api_config", api_config) @@ -78,6 +77,19 @@ def api_config(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -113,18 +125,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -148,10 +148,7 @@ def __init__(__self__, *, :param pulumi.Input[str] api: The API to attach the config to. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -162,6 +159,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -227,6 +226,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -239,18 +251,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -348,6 +348,54 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.ApiConfigIamPolicy("policy", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.ApiConfigIamBinding("binding", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.ApiConfigIamMember("member", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -390,10 +438,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] api: The API to attach the config to. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -404,6 +449,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -477,6 +524,54 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.ApiConfigIamPolicy("policy", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.ApiConfigIamBinding("binding", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.ApiConfigIamMember("member", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -587,10 +682,7 @@ def get(resource_name: str, :param pulumi.Input[str] api: The API to attach the config to. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -601,6 +693,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `apigateway.ApiConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -648,16 +742,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -669,6 +755,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/apigateway/api_config_iam_policy.py b/sdk/python/pulumi_gcp/apigateway/api_config_iam_policy.py index beb696eb93..41d08e5eb3 100644 --- a/sdk/python/pulumi_gcp/apigateway/api_config_iam_policy.py +++ b/sdk/python/pulumi_gcp/apigateway/api_config_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "api", api) pulumi.set(__self__, "api_config", api_config) @@ -86,18 +74,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -123,18 +99,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if api is not None: pulumi.set(__self__, "api", api) @@ -200,18 +164,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -293,6 +245,54 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.ApiConfigIamPolicy("policy", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.ApiConfigIamBinding("binding", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.ApiConfigIamMember("member", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -339,18 +339,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -421,6 +409,54 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.ApiConfigIamPolicy("policy", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.ApiConfigIamBinding("binding", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_api\\_config\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.ApiConfigIamMember("member", + api=api_cfg["api"], + api_config=api_cfg["apiConfigId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -527,18 +563,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -588,18 +612,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/apigateway/api_iam_binding.py b/sdk/python/pulumi_gcp/apigateway/api_iam_binding.py index b42b2ef87b..07674c617f 100644 --- a/sdk/python/pulumi_gcp/apigateway/api_iam_binding.py +++ b/sdk/python/pulumi_gcp/apigateway/api_iam_binding.py @@ -23,13 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a ApiIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -40,6 +34,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "api", api) pulumi.set(__self__, "members", members) @@ -61,6 +60,19 @@ def api(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -96,18 +108,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -128,10 +128,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering ApiIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -142,6 +139,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -192,6 +191,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -204,18 +216,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -312,6 +312,54 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_api\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.ApiIamPolicy("policy", + project=api["project"], + api=api["apiId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_api\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.ApiIamBinding("binding", + project=api["project"], + api=api["apiId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_api\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.ApiIamMember("member", + project=api["project"], + api=api["apiId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -350,10 +398,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -364,6 +409,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -437,6 +484,54 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_api\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.ApiIamPolicy("policy", + project=api["project"], + api=api["apiId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_api\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.ApiIamBinding("binding", + project=api["project"], + api=api["apiId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_api\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.ApiIamMember("member", + project=api["project"], + api=api["apiId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -538,10 +633,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -552,6 +644,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -589,16 +683,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -610,6 +696,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/apigateway/api_iam_member.py b/sdk/python/pulumi_gcp/apigateway/api_iam_member.py index 11a5c5afd7..53c17f1b2a 100644 --- a/sdk/python/pulumi_gcp/apigateway/api_iam_member.py +++ b/sdk/python/pulumi_gcp/apigateway/api_iam_member.py @@ -23,13 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a ApiIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -40,6 +34,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "api", api) pulumi.set(__self__, "member", member) @@ -61,6 +60,19 @@ def api(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -96,18 +108,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -128,10 +128,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering ApiIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -142,6 +139,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -192,6 +191,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -204,18 +216,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -312,6 +312,54 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_api\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.ApiIamPolicy("policy", + project=api["project"], + api=api["apiId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_api\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.ApiIamBinding("binding", + project=api["project"], + api=api["apiId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_api\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.ApiIamMember("member", + project=api["project"], + api=api["apiId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -350,10 +398,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -364,6 +409,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -437,6 +484,54 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_api\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.ApiIamPolicy("policy", + project=api["project"], + api=api["apiId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_api\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.ApiIamBinding("binding", + project=api["project"], + api=api["apiId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_api\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.ApiIamMember("member", + project=api["project"], + api=api["apiId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -538,10 +633,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -552,6 +644,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `apigateway.ApiIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -589,16 +683,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -610,6 +696,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/apigateway/api_iam_policy.py b/sdk/python/pulumi_gcp/apigateway/api_iam_policy.py index b0e3492f55..d7b78ef50a 100644 --- a/sdk/python/pulumi_gcp/apigateway/api_iam_policy.py +++ b/sdk/python/pulumi_gcp/apigateway/api_iam_policy.py @@ -23,18 +23,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "api", api) pulumi.set(__self__, "policy_data", policy_data) @@ -69,18 +57,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -103,18 +79,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if api is not None: pulumi.set(__self__, "api", api) @@ -165,18 +129,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -257,6 +209,54 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_api\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.ApiIamPolicy("policy", + project=api["project"], + api=api["apiId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_api\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.ApiIamBinding("binding", + project=api["project"], + api=api["apiId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_api\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.ApiIamMember("member", + project=api["project"], + api=api["apiId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -299,18 +299,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -381,6 +369,54 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_api\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.ApiIamPolicy("policy", + project=api["project"], + api=api["apiId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_api\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.ApiIamBinding("binding", + project=api["project"], + api=api["apiId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_api\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.ApiIamMember("member", + project=api["project"], + api=api["apiId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -478,18 +514,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -529,18 +553,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/apigateway/gateway_iam_binding.py b/sdk/python/pulumi_gcp/apigateway/gateway_iam_binding.py index 52d113b64c..aa45849591 100644 --- a/sdk/python/pulumi_gcp/apigateway/gateway_iam_binding.py +++ b/sdk/python/pulumi_gcp/apigateway/gateway_iam_binding.py @@ -24,13 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a GatewayIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `apigateway.GatewayIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +35,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `apigateway.GatewayIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the gateway for the API. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -68,6 +67,19 @@ def gateway(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -103,18 +115,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,10 +151,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering GatewayIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -165,6 +162,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the gateway for the API. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -221,6 +220,19 @@ def gateway(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -233,18 +245,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -360,6 +360,57 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_gateway\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.GatewayIamPolicy("policy", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_gateway\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.GatewayIamBinding("binding", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_gateway\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.GatewayIamMember("member", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -400,10 +451,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -414,6 +462,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the gateway for the API. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -494,6 +544,57 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_gateway\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.GatewayIamPolicy("policy", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_gateway\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.GatewayIamBinding("binding", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_gateway\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.GatewayIamMember("member", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -600,10 +701,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -614,6 +712,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the gateway for the API. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -656,16 +756,8 @@ def gateway(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -677,6 +769,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/apigateway/gateway_iam_member.py b/sdk/python/pulumi_gcp/apigateway/gateway_iam_member.py index 0469f46c97..14ea6c13dc 100644 --- a/sdk/python/pulumi_gcp/apigateway/gateway_iam_member.py +++ b/sdk/python/pulumi_gcp/apigateway/gateway_iam_member.py @@ -24,13 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a GatewayIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `apigateway.GatewayIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +35,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `apigateway.GatewayIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the gateway for the API. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -68,6 +67,19 @@ def gateway(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -103,18 +115,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,10 +151,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering GatewayIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -165,6 +162,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the gateway for the API. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -221,6 +220,19 @@ def gateway(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -233,18 +245,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -360,6 +360,57 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_gateway\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.GatewayIamPolicy("policy", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_gateway\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.GatewayIamBinding("binding", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_gateway\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.GatewayIamMember("member", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -400,10 +451,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -414,6 +462,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the gateway for the API. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -494,6 +544,57 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_gateway\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.GatewayIamPolicy("policy", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_gateway\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.GatewayIamBinding("binding", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_gateway\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.GatewayIamMember("member", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -600,10 +701,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -614,6 +712,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the gateway for the API. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -656,16 +756,8 @@ def gateway(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -677,6 +769,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/apigateway/gateway_iam_policy.py b/sdk/python/pulumi_gcp/apigateway/gateway_iam_policy.py index baebfb091f..878868cf92 100644 --- a/sdk/python/pulumi_gcp/apigateway/gateway_iam_policy.py +++ b/sdk/python/pulumi_gcp/apigateway/gateway_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The region of the gateway for the API. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -76,18 +64,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -126,18 +102,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The region of the gateway for the API. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -194,18 +158,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -305,6 +257,57 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_gateway\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.GatewayIamPolicy("policy", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_gateway\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.GatewayIamBinding("binding", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_gateway\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.GatewayIamMember("member", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -349,18 +352,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The region of the gateway for the API. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -438,6 +429,57 @@ def __init__(__self__, ``` + ## google\\_api\\_gateway\\_gateway\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/apigateway.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigateway.GatewayIamPolicy("policy", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_api\\_gateway\\_gateway\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigateway.GatewayIamBinding("binding", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + role="roles/apigateway.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_api\\_gateway\\_gateway\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigateway.GatewayIamMember("member", + project=api_gw["project"], + region=api_gw["region"], + gateway=api_gw["gatewayId"], + role="roles/apigateway.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -540,18 +582,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The region of the gateway for the API. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -596,18 +626,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/apigee/environment_iam_binding.py b/sdk/python/pulumi_gcp/apigee/environment_iam_binding.py index 11cdfcfbc6..9d063a3714 100644 --- a/sdk/python/pulumi_gcp/apigee/environment_iam_binding.py +++ b/sdk/python/pulumi_gcp/apigee/environment_iam_binding.py @@ -24,8 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a EnvironmentIamBinding resource. :param pulumi.Input[str] env_id: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -52,8 +51,18 @@ def __init__(__self__, *, def env_id(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "env_id") + + @env_id.setter + def env_id(self, value: pulumi.Input[str]): + pulumi.set(self, "env_id", value) - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -65,15 +74,6 @@ def env_id(self) -> pulumi.Input[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ - return pulumi.get(self, "env_id") - - @env_id.setter - def env_id(self, value: pulumi.Input[str]): - pulumi.set(self, "env_id", value) - - @property - @pulumi.getter - def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: return pulumi.get(self, "members") @members.setter @@ -125,8 +125,8 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering EnvironmentIamBinding resources. :param pulumi.Input[str] env_id: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -137,7 +137,6 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `apigee.EnvironmentIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -169,18 +168,6 @@ def condition(self, value: Optional[pulumi.Input['EnvironmentIamBindingCondition def env_id(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "env_id") @@ -203,6 +190,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -307,6 +307,54 @@ def __init__(__self__, ``` + ## google\\_apigee\\_environment\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigee.EnvironmentIamPolicy("policy", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_apigee\\_environment\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigee.EnvironmentIamBinding("binding", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_apigee\\_environment\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigee.EnvironmentIamMember("member", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -344,8 +392,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] env_id: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -429,6 +476,54 @@ def __init__(__self__, ``` + ## google\\_apigee\\_environment\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigee.EnvironmentIamPolicy("policy", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_apigee\\_environment\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigee.EnvironmentIamBinding("binding", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_apigee\\_environment\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigee.EnvironmentIamMember("member", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -530,8 +625,8 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] env_id: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -542,7 +637,6 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `apigee.EnvironmentIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -569,18 +663,6 @@ def condition(self) -> pulumi.Output[Optional['outputs.EnvironmentIamBindingCond def env_id(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "env_id") @@ -595,6 +677,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/apigee/environment_iam_member.py b/sdk/python/pulumi_gcp/apigee/environment_iam_member.py index 72294a957d..d6cb532ab3 100644 --- a/sdk/python/pulumi_gcp/apigee/environment_iam_member.py +++ b/sdk/python/pulumi_gcp/apigee/environment_iam_member.py @@ -24,8 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a EnvironmentIamMember resource. :param pulumi.Input[str] env_id: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -52,8 +51,18 @@ def __init__(__self__, *, def env_id(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "env_id") + + @env_id.setter + def env_id(self, value: pulumi.Input[str]): + pulumi.set(self, "env_id", value) - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -65,15 +74,6 @@ def env_id(self) -> pulumi.Input[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ - return pulumi.get(self, "env_id") - - @env_id.setter - def env_id(self, value: pulumi.Input[str]): - pulumi.set(self, "env_id", value) - - @property - @pulumi.getter - def member(self) -> pulumi.Input[str]: return pulumi.get(self, "member") @member.setter @@ -125,8 +125,8 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering EnvironmentIamMember resources. :param pulumi.Input[str] env_id: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -137,7 +137,6 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `apigee.EnvironmentIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -169,18 +168,6 @@ def condition(self, value: Optional[pulumi.Input['EnvironmentIamMemberConditionA def env_id(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "env_id") @@ -203,6 +190,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -307,6 +307,54 @@ def __init__(__self__, ``` + ## google\\_apigee\\_environment\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigee.EnvironmentIamPolicy("policy", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_apigee\\_environment\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigee.EnvironmentIamBinding("binding", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_apigee\\_environment\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigee.EnvironmentIamMember("member", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -344,8 +392,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] env_id: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -429,6 +476,54 @@ def __init__(__self__, ``` + ## google\\_apigee\\_environment\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigee.EnvironmentIamPolicy("policy", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_apigee\\_environment\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigee.EnvironmentIamBinding("binding", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_apigee\\_environment\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigee.EnvironmentIamMember("member", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -530,8 +625,8 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] env_id: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -542,7 +637,6 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `apigee.EnvironmentIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -569,18 +663,6 @@ def condition(self) -> pulumi.Output[Optional['outputs.EnvironmentIamMemberCondi def env_id(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "env_id") @@ -595,6 +677,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/apigee/environment_iam_policy.py b/sdk/python/pulumi_gcp/apigee/environment_iam_policy.py index efea13857c..2b258107f8 100644 --- a/sdk/python/pulumi_gcp/apigee/environment_iam_policy.py +++ b/sdk/python/pulumi_gcp/apigee/environment_iam_policy.py @@ -20,18 +20,6 @@ def __init__(__self__, *, """ The set of arguments for constructing a EnvironmentIamPolicy resource. :param pulumi.Input[str] env_id: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -44,18 +32,6 @@ def __init__(__self__, *, def env_id(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "env_id") @@ -96,18 +72,6 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering EnvironmentIamPolicy resources. :param pulumi.Input[str] env_id: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -126,18 +90,6 @@ def __init__(__self__, *, def env_id(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "env_id") @@ -252,6 +204,54 @@ def __init__(__self__, ``` + ## google\\_apigee\\_environment\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigee.EnvironmentIamPolicy("policy", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_apigee\\_environment\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigee.EnvironmentIamBinding("binding", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_apigee\\_environment\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigee.EnvironmentIamMember("member", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -289,18 +289,6 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] env_id: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -373,6 +361,54 @@ def __init__(__self__, ``` + ## google\\_apigee\\_environment\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.apigee.EnvironmentIamPolicy("policy", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_apigee\\_environment\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.apigee.EnvironmentIamBinding("binding", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_apigee\\_environment\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.apigee.EnvironmentIamMember("member", + org_id=apigee_environment["orgId"], + env_id=apigee_environment["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -466,18 +502,6 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] env_id: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -497,18 +521,6 @@ def get(resource_name: str, def env_id(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "env_id") diff --git a/sdk/python/pulumi_gcp/artifactregistry/repository_iam_binding.py b/sdk/python/pulumi_gcp/artifactregistry/repository_iam_binding.py index ca47b68ed6..550c1c659c 100644 --- a/sdk/python/pulumi_gcp/artifactregistry/repository_iam_binding.py +++ b/sdk/python/pulumi_gcp/artifactregistry/repository_iam_binding.py @@ -24,16 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a RepositoryIamBinding resource. - :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `artifactregistry.RepositoryIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] role: The role that should be applied. Only one + `artifactregistry.RepositoryIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The name of the location this repository is located in. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "repository", repository) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -118,18 +130,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -153,10 +153,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The name of the location this repository is located in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -167,6 +164,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `artifactregistry.RepositoryIamBinding` can be used per role. Note that custom roles must be of the format @@ -224,6 +223,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -236,18 +248,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -360,6 +360,57 @@ def __init__(__self__, ``` + ## google\\_artifact\\_registry\\_repository\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/artifactregistry.reader", + members=["user:jane@example.com"], + )]) + policy = gcp.artifactregistry.RepositoryIamPolicy("policy", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_artifact\\_registry\\_repository\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.artifactregistry.RepositoryIamBinding("binding", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + role="roles/artifactregistry.reader", + members=["user:jane@example.com"]) + ``` + + + ## google\\_artifact\\_registry\\_repository\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.artifactregistry.RepositoryIamMember("member", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + role="roles/artifactregistry.reader", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -402,10 +453,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The name of the location this repository is located in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -416,6 +464,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `artifactregistry.RepositoryIamBinding` can be used per role. Note that custom roles must be of the format @@ -493,6 +543,57 @@ def __init__(__self__, ``` + ## google\\_artifact\\_registry\\_repository\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/artifactregistry.reader", + members=["user:jane@example.com"], + )]) + policy = gcp.artifactregistry.RepositoryIamPolicy("policy", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_artifact\\_registry\\_repository\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.artifactregistry.RepositoryIamBinding("binding", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + role="roles/artifactregistry.reader", + members=["user:jane@example.com"]) + ``` + + + ## google\\_artifact\\_registry\\_repository\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.artifactregistry.RepositoryIamMember("member", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + role="roles/artifactregistry.reader", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -601,10 +702,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The name of the location this repository is located in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -615,6 +713,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `artifactregistry.RepositoryIamBinding` can be used per role. Note that custom roles must be of the format @@ -658,16 +758,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -679,6 +771,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/artifactregistry/repository_iam_member.py b/sdk/python/pulumi_gcp/artifactregistry/repository_iam_member.py index 84bc4ad896..ddf114fbc2 100644 --- a/sdk/python/pulumi_gcp/artifactregistry/repository_iam_member.py +++ b/sdk/python/pulumi_gcp/artifactregistry/repository_iam_member.py @@ -24,16 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a RepositoryIamMember resource. - :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `artifactregistry.RepositoryIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The name of the location this repository is located in. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] role: The role that should be applied. Only one + `artifactregistry.RepositoryIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The name of the location this repository is located in. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "repository", repository) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -118,18 +130,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -153,10 +153,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The name of the location this repository is located in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -167,6 +164,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `artifactregistry.RepositoryIamBinding` can be used per role. Note that custom roles must be of the format @@ -224,6 +223,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -236,18 +248,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -360,6 +360,57 @@ def __init__(__self__, ``` + ## google\\_artifact\\_registry\\_repository\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/artifactregistry.reader", + members=["user:jane@example.com"], + )]) + policy = gcp.artifactregistry.RepositoryIamPolicy("policy", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_artifact\\_registry\\_repository\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.artifactregistry.RepositoryIamBinding("binding", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + role="roles/artifactregistry.reader", + members=["user:jane@example.com"]) + ``` + + + ## google\\_artifact\\_registry\\_repository\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.artifactregistry.RepositoryIamMember("member", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + role="roles/artifactregistry.reader", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -402,10 +453,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The name of the location this repository is located in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -416,6 +464,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `artifactregistry.RepositoryIamBinding` can be used per role. Note that custom roles must be of the format @@ -493,6 +543,57 @@ def __init__(__self__, ``` + ## google\\_artifact\\_registry\\_repository\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/artifactregistry.reader", + members=["user:jane@example.com"], + )]) + policy = gcp.artifactregistry.RepositoryIamPolicy("policy", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_artifact\\_registry\\_repository\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.artifactregistry.RepositoryIamBinding("binding", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + role="roles/artifactregistry.reader", + members=["user:jane@example.com"]) + ``` + + + ## google\\_artifact\\_registry\\_repository\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.artifactregistry.RepositoryIamMember("member", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + role="roles/artifactregistry.reader", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -601,10 +702,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The name of the location this repository is located in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -615,6 +713,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `artifactregistry.RepositoryIamBinding` can be used per role. Note that custom roles must be of the format @@ -658,16 +758,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -679,6 +771,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/artifactregistry/repository_iam_policy.py b/sdk/python/pulumi_gcp/artifactregistry/repository_iam_policy.py index ef624547cf..0b9627b7fb 100644 --- a/sdk/python/pulumi_gcp/artifactregistry/repository_iam_policy.py +++ b/sdk/python/pulumi_gcp/artifactregistry/repository_iam_policy.py @@ -27,18 +27,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "repository", repository) @@ -91,18 +79,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -128,18 +104,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to """ if etag is not None: @@ -197,18 +161,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -305,6 +257,57 @@ def __init__(__self__, ``` + ## google\\_artifact\\_registry\\_repository\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/artifactregistry.reader", + members=["user:jane@example.com"], + )]) + policy = gcp.artifactregistry.RepositoryIamPolicy("policy", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_artifact\\_registry\\_repository\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.artifactregistry.RepositoryIamBinding("binding", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + role="roles/artifactregistry.reader", + members=["user:jane@example.com"]) + ``` + + + ## google\\_artifact\\_registry\\_repository\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.artifactregistry.RepositoryIamMember("member", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + role="roles/artifactregistry.reader", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -351,18 +354,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to """ ... @@ -437,6 +428,57 @@ def __init__(__self__, ``` + ## google\\_artifact\\_registry\\_repository\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/artifactregistry.reader", + members=["user:jane@example.com"], + )]) + policy = gcp.artifactregistry.RepositoryIamPolicy("policy", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_artifact\\_registry\\_repository\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.artifactregistry.RepositoryIamBinding("binding", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + role="roles/artifactregistry.reader", + members=["user:jane@example.com"]) + ``` + + + ## google\\_artifact\\_registry\\_repository\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.artifactregistry.RepositoryIamMember("member", + project=my_repo["project"], + location=my_repo["location"], + repository=my_repo["name"], + role="roles/artifactregistry.reader", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -541,18 +583,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] repository: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -598,18 +628,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/bigquery/connection_iam_binding.py b/sdk/python/pulumi_gcp/bigquery/connection_iam_binding.py index 415beb67fd..e6e5f01599 100644 --- a/sdk/python/pulumi_gcp/bigquery/connection_iam_binding.py +++ b/sdk/python/pulumi_gcp/bigquery/connection_iam_binding.py @@ -26,6 +26,17 @@ def __init__(__self__, *, The set of arguments for constructing a ConnectionIamBinding resource. :param pulumi.Input[str] connection_id: Optional connection id that should be assigned to the created connection. Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -38,18 +49,6 @@ def __init__(__self__, *, Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "connection_id", connection_id) pulumi.set(__self__, "members", members) @@ -77,6 +76,19 @@ def connection_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -130,18 +142,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -172,10 +172,7 @@ def __init__(__self__, *, Spanner Connections same as spanner region AWS allowed regions are aws-us-east-1 Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -186,6 +183,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -260,6 +259,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -272,18 +284,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -384,6 +384,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_connection\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquery.ConnectionIamPolicy("policy", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_connection\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.ConnectionIamBinding("binding", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_connection\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.ConnectionIamMember("member", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -433,10 +484,7 @@ def __init__(__self__, Spanner Connections same as spanner region AWS allowed regions are aws-us-east-1 Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -447,6 +495,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -523,6 +573,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_connection\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquery.ConnectionIamPolicy("policy", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_connection\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.ConnectionIamBinding("binding", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_connection\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.ConnectionIamMember("member", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -638,10 +739,7 @@ def get(resource_name: str, Spanner Connections same as spanner region AWS allowed regions are aws-us-east-1 Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -652,6 +750,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -708,16 +808,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -729,6 +821,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/bigquery/connection_iam_member.py b/sdk/python/pulumi_gcp/bigquery/connection_iam_member.py index 559bb2ba7f..337e7850ad 100644 --- a/sdk/python/pulumi_gcp/bigquery/connection_iam_member.py +++ b/sdk/python/pulumi_gcp/bigquery/connection_iam_member.py @@ -26,6 +26,17 @@ def __init__(__self__, *, The set of arguments for constructing a ConnectionIamMember resource. :param pulumi.Input[str] connection_id: Optional connection id that should be assigned to the created connection. Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -38,18 +49,6 @@ def __init__(__self__, *, Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "connection_id", connection_id) pulumi.set(__self__, "member", member) @@ -77,6 +76,19 @@ def connection_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -130,18 +142,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -172,10 +172,7 @@ def __init__(__self__, *, Spanner Connections same as spanner region AWS allowed regions are aws-us-east-1 Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -186,6 +183,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -260,6 +259,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -272,18 +284,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -384,6 +384,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_connection\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquery.ConnectionIamPolicy("policy", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_connection\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.ConnectionIamBinding("binding", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_connection\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.ConnectionIamMember("member", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -433,10 +484,7 @@ def __init__(__self__, Spanner Connections same as spanner region AWS allowed regions are aws-us-east-1 Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -447,6 +495,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -523,6 +573,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_connection\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquery.ConnectionIamPolicy("policy", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_connection\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.ConnectionIamBinding("binding", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_connection\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.ConnectionIamMember("member", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -638,10 +739,7 @@ def get(resource_name: str, Spanner Connections same as spanner region AWS allowed regions are aws-us-east-1 Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -652,6 +750,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.ConnectionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -708,16 +808,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -729,6 +821,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/bigquery/connection_iam_policy.py b/sdk/python/pulumi_gcp/bigquery/connection_iam_policy.py index e816b869ab..f2055196cf 100644 --- a/sdk/python/pulumi_gcp/bigquery/connection_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigquery/connection_iam_policy.py @@ -33,18 +33,6 @@ def __init__(__self__, *, Azure allowed regions are azure-eastus2 Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "connection_id", connection_id) pulumi.set(__self__, "policy_data", policy_data) @@ -103,18 +91,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -147,18 +123,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if connection_id is not None: pulumi.set(__self__, "connection_id", connection_id) @@ -233,18 +197,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -329,6 +281,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_connection\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquery.ConnectionIamPolicy("policy", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_connection\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.ConnectionIamBinding("binding", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_connection\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.ConnectionIamMember("member", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -382,18 +385,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -467,6 +458,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_connection\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquery.ConnectionIamPolicy("policy", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_connection\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.ConnectionIamBinding("binding", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_connection\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.ConnectionIamMember("member", + project=connection["project"], + location=connection["location"], + connection_id=connection["connectionId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -578,18 +620,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -648,18 +678,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/bigquery/dataset_iam_binding.py b/sdk/python/pulumi_gcp/bigquery/dataset_iam_binding.py index e1154c1415..1b795b281f 100644 --- a/sdk/python/pulumi_gcp/bigquery/dataset_iam_binding.py +++ b/sdk/python/pulumi_gcp/bigquery/dataset_iam_binding.py @@ -24,8 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a DatasetIamBinding resource. :param pulumi.Input[str] dataset_id: The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -53,16 +52,6 @@ def __init__(__self__, *, def dataset_id(self) -> pulumi.Input[str]: """ The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. """ return pulumi.get(self, "dataset_id") @@ -73,6 +62,17 @@ def dataset_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + """ return pulumi.get(self, "members") @members.setter @@ -128,8 +128,8 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering DatasetIamBinding resources. :param pulumi.Input[str] dataset_id: The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -138,7 +138,6 @@ def __init__(__self__, *, * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -172,16 +171,6 @@ def condition(self, value: Optional[pulumi.Input['DatasetIamBindingConditionArgs def dataset_id(self) -> Optional[pulumi.Input[str]]: """ The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. """ return pulumi.get(self, "dataset_id") @@ -204,6 +193,17 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + """ return pulumi.get(self, "members") @members.setter @@ -316,6 +316,54 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_dataset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + owner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + )]) + dataset_dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + dataset = gcp.bigquery.DatasetIamPolicy("dataset", + dataset_id=dataset_dataset.dataset_id, + policy_data=owner.policy_data) + ``` + + + ## google\\_bigquery\\_dataset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + reader = gcp.bigquery.DatasetIamBinding("reader", + dataset_id=dataset.dataset_id, + role="roles/bigquery.dataViewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_dataset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + editor = gcp.bigquery.DatasetIamMember("editor", + dataset_id=dataset.dataset_id, + role="roles/bigquery.dataEditor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -345,8 +393,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] dataset_id: The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -434,6 +481,54 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_dataset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + owner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + )]) + dataset_dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + dataset = gcp.bigquery.DatasetIamPolicy("dataset", + dataset_id=dataset_dataset.dataset_id, + policy_data=owner.policy_data) + ``` + + + ## google\\_bigquery\\_dataset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + reader = gcp.bigquery.DatasetIamBinding("reader", + dataset_id=dataset.dataset_id, + role="roles/bigquery.dataViewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_dataset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + editor = gcp.bigquery.DatasetIamMember("editor", + dataset_id=dataset.dataset_id, + role="roles/bigquery.dataEditor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -525,8 +620,8 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] dataset_id: The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -535,7 +630,6 @@ def get(resource_name: str, * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -564,16 +658,6 @@ def condition(self) -> pulumi.Output[Optional['outputs.DatasetIamBindingConditio def dataset_id(self) -> pulumi.Output[str]: """ The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. """ return pulumi.get(self, "dataset_id") @@ -588,6 +672,17 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/bigquery/dataset_iam_member.py b/sdk/python/pulumi_gcp/bigquery/dataset_iam_member.py index 978990b8dd..0ef91cbd34 100644 --- a/sdk/python/pulumi_gcp/bigquery/dataset_iam_member.py +++ b/sdk/python/pulumi_gcp/bigquery/dataset_iam_member.py @@ -24,8 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a DatasetIamMember resource. :param pulumi.Input[str] dataset_id: The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -53,16 +52,6 @@ def __init__(__self__, *, def dataset_id(self) -> pulumi.Input[str]: """ The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. """ return pulumi.get(self, "dataset_id") @@ -73,6 +62,17 @@ def dataset_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + """ return pulumi.get(self, "member") @member.setter @@ -128,8 +128,8 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering DatasetIamMember resources. :param pulumi.Input[str] dataset_id: The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -138,7 +138,6 @@ def __init__(__self__, *, * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -172,16 +171,6 @@ def condition(self, value: Optional[pulumi.Input['DatasetIamMemberConditionArgs' def dataset_id(self) -> Optional[pulumi.Input[str]]: """ The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. """ return pulumi.get(self, "dataset_id") @@ -204,6 +193,17 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + """ return pulumi.get(self, "member") @member.setter @@ -316,6 +316,54 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_dataset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + owner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + )]) + dataset_dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + dataset = gcp.bigquery.DatasetIamPolicy("dataset", + dataset_id=dataset_dataset.dataset_id, + policy_data=owner.policy_data) + ``` + + + ## google\\_bigquery\\_dataset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + reader = gcp.bigquery.DatasetIamBinding("reader", + dataset_id=dataset.dataset_id, + role="roles/bigquery.dataViewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_dataset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + editor = gcp.bigquery.DatasetIamMember("editor", + dataset_id=dataset.dataset_id, + role="roles/bigquery.dataEditor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -345,8 +393,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] dataset_id: The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -434,6 +481,54 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_dataset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + owner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + )]) + dataset_dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + dataset = gcp.bigquery.DatasetIamPolicy("dataset", + dataset_id=dataset_dataset.dataset_id, + policy_data=owner.policy_data) + ``` + + + ## google\\_bigquery\\_dataset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + reader = gcp.bigquery.DatasetIamBinding("reader", + dataset_id=dataset.dataset_id, + role="roles/bigquery.dataViewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_dataset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + editor = gcp.bigquery.DatasetIamMember("editor", + dataset_id=dataset.dataset_id, + role="roles/bigquery.dataEditor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -525,8 +620,8 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] dataset_id: The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. @@ -535,7 +630,6 @@ def get(resource_name: str, * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -564,16 +658,6 @@ def condition(self) -> pulumi.Output[Optional['outputs.DatasetIamMemberCondition def dataset_id(self) -> pulumi.Output[str]: """ The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. """ return pulumi.get(self, "dataset_id") @@ -588,6 +672,17 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/bigquery/dataset_iam_policy.py b/sdk/python/pulumi_gcp/bigquery/dataset_iam_policy.py index 591fc5d071..4f54abe053 100644 --- a/sdk/python/pulumi_gcp/bigquery/dataset_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigquery/dataset_iam_policy.py @@ -20,16 +20,6 @@ def __init__(__self__, *, """ The set of arguments for constructing a DatasetIamPolicy resource. :param pulumi.Input[str] dataset_id: The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. @@ -45,16 +35,6 @@ def __init__(__self__, *, def dataset_id(self) -> pulumi.Input[str]: """ The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. """ return pulumi.get(self, "dataset_id") @@ -99,16 +79,6 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering DatasetIamPolicy resources. :param pulumi.Input[str] dataset_id: The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -129,16 +99,6 @@ def __init__(__self__, *, def dataset_id(self) -> Optional[pulumi.Input[str]]: """ The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. """ return pulumi.get(self, "dataset_id") @@ -261,6 +221,54 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_dataset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + owner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + )]) + dataset_dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + dataset = gcp.bigquery.DatasetIamPolicy("dataset", + dataset_id=dataset_dataset.dataset_id, + policy_data=owner.policy_data) + ``` + + + ## google\\_bigquery\\_dataset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + reader = gcp.bigquery.DatasetIamBinding("reader", + dataset_id=dataset.dataset_id, + role="roles/bigquery.dataViewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_dataset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + editor = gcp.bigquery.DatasetIamMember("editor", + dataset_id=dataset.dataset_id, + role="roles/bigquery.dataEditor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -290,16 +298,6 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] dataset_id: The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. @@ -378,6 +376,54 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_dataset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + owner = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + )]) + dataset_dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + dataset = gcp.bigquery.DatasetIamPolicy("dataset", + dataset_id=dataset_dataset.dataset_id, + policy_data=owner.policy_data) + ``` + + + ## google\\_bigquery\\_dataset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + reader = gcp.bigquery.DatasetIamBinding("reader", + dataset_id=dataset.dataset_id, + role="roles/bigquery.dataViewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_dataset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.bigquery.Dataset("dataset", dataset_id="example_dataset") + editor = gcp.bigquery.DatasetIamMember("editor", + dataset_id=dataset.dataset_id, + role="roles/bigquery.dataEditor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -461,16 +507,6 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] dataset_id: The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -492,16 +528,6 @@ def get(resource_name: str, def dataset_id(self) -> pulumi.Output[str]: """ The dataset ID. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **iamMember:{principal}**: Some other type of member that appears in the IAM Policy but isn't a user, group, domain, or special group. This is used for example for workload/workforce federated identities (principal, principalSet). - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. """ return pulumi.get(self, "dataset_id") diff --git a/sdk/python/pulumi_gcp/bigquery/iam_binding.py b/sdk/python/pulumi_gcp/bigquery/iam_binding.py index a96d022d4b..fb361aae85 100644 --- a/sdk/python/pulumi_gcp/bigquery/iam_binding.py +++ b/sdk/python/pulumi_gcp/bigquery/iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a IamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['IamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['IamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "dataset_id", dataset_id) pulumi.set(__self__, "members", members) @@ -65,6 +64,19 @@ def dataset_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -113,18 +125,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -148,10 +148,7 @@ def __init__(__self__, *, :param pulumi.Input['IamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -162,6 +159,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -218,6 +217,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -230,18 +242,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -417,6 +417,121 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_table\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquery.IamPolicy("policy", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.bigquery.IamPolicy("policy", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + policy_data=admin.policy_data) + ``` + + ## google\\_bigquery\\_table\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.IamBinding("binding", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.IamBinding("binding", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + condition=gcp.bigquery.IamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_bigquery\\_table\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.IamMember("member", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.IamMember("member", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + member="user:jane@example.com", + condition=gcp.bigquery.IamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -459,10 +574,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['IamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -473,6 +585,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -615,6 +729,121 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_table\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquery.IamPolicy("policy", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.bigquery.IamPolicy("policy", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + policy_data=admin.policy_data) + ``` + + ## google\\_bigquery\\_table\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.IamBinding("binding", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.IamBinding("binding", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + condition=gcp.bigquery.IamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_bigquery\\_table\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.IamMember("member", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.IamMember("member", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + member="user:jane@example.com", + condition=gcp.bigquery.IamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -725,10 +954,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['IamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -739,6 +965,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -781,16 +1009,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -802,6 +1022,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/bigquery/iam_member.py b/sdk/python/pulumi_gcp/bigquery/iam_member.py index 2a8895d7bd..10fa5811fc 100644 --- a/sdk/python/pulumi_gcp/bigquery/iam_member.py +++ b/sdk/python/pulumi_gcp/bigquery/iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a IamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['IamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['IamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "dataset_id", dataset_id) pulumi.set(__self__, "member", member) @@ -65,6 +64,19 @@ def dataset_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -113,18 +125,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -148,10 +148,7 @@ def __init__(__self__, *, :param pulumi.Input['IamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -162,6 +159,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -218,6 +217,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -230,18 +242,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -417,6 +417,121 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_table\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquery.IamPolicy("policy", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.bigquery.IamPolicy("policy", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + policy_data=admin.policy_data) + ``` + + ## google\\_bigquery\\_table\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.IamBinding("binding", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.IamBinding("binding", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + condition=gcp.bigquery.IamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_bigquery\\_table\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.IamMember("member", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.IamMember("member", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + member="user:jane@example.com", + condition=gcp.bigquery.IamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -459,10 +574,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['IamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -473,6 +585,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -615,6 +729,121 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_table\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquery.IamPolicy("policy", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.bigquery.IamPolicy("policy", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + policy_data=admin.policy_data) + ``` + + ## google\\_bigquery\\_table\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.IamBinding("binding", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.IamBinding("binding", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + condition=gcp.bigquery.IamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_bigquery\\_table\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.IamMember("member", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.IamMember("member", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + member="user:jane@example.com", + condition=gcp.bigquery.IamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -725,10 +954,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['IamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -739,6 +965,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquery.IamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -781,16 +1009,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -802,6 +1022,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/bigquery/iam_policy.py b/sdk/python/pulumi_gcp/bigquery/iam_policy.py index cffcffab94..da43020d4e 100644 --- a/sdk/python/pulumi_gcp/bigquery/iam_policy.py +++ b/sdk/python/pulumi_gcp/bigquery/iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "dataset_id", dataset_id) pulumi.set(__self__, "policy_data", policy_data) @@ -80,18 +68,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -115,18 +91,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if dataset_id is not None: pulumi.set(__self__, "dataset_id", dataset_id) @@ -179,18 +143,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -350,6 +302,121 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_table\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquery.IamPolicy("policy", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.bigquery.IamPolicy("policy", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + policy_data=admin.policy_data) + ``` + + ## google\\_bigquery\\_table\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.IamBinding("binding", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.IamBinding("binding", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + condition=gcp.bigquery.IamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_bigquery\\_table\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.IamMember("member", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.IamMember("member", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + member="user:jane@example.com", + condition=gcp.bigquery.IamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -394,18 +461,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -545,6 +600,121 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_table\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquery.IamPolicy("policy", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.bigquery.IamPolicy("policy", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + policy_data=admin.policy_data) + ``` + + ## google\\_bigquery\\_table\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.IamBinding("binding", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquery.IamBinding("binding", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + members=["user:jane@example.com"], + condition=gcp.bigquery.IamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_bigquery\\_table\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.IamMember("member", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquery.IamMember("member", + project=test["project"], + dataset_id=test["datasetId"], + table_id=test["tableId"], + role="roles/bigquery.dataOwner", + member="user:jane@example.com", + condition=gcp.bigquery.IamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -649,18 +819,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -701,18 +859,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_binding.py b/sdk/python/pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_binding.py index 59fd2c325c..1bd0e22b48 100644 --- a/sdk/python/pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_binding.py +++ b/sdk/python/pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_binding.py @@ -25,15 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a DataExchangeIamBinding resource. :param pulumi.Input[str] data_exchange_id: The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The name of the location this data exchange. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +36,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The name of the location this data exchange. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "data_exchange_id", data_exchange_id) pulumi.set(__self__, "members", members) @@ -70,6 +69,19 @@ def data_exchange_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -118,18 +130,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,10 +154,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The name of the location this data exchange. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +165,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -236,6 +235,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -248,18 +260,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -360,6 +360,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy("policy", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigqueryanalyticshub.DataExchangeIamBinding("binding", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigqueryanalyticshub.DataExchangeIamMember("member", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -403,10 +454,7 @@ def __init__(__self__, :param pulumi.Input[str] data_exchange_id: The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The name of the location this data exchange. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -417,6 +465,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -493,6 +543,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy("policy", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigqueryanalyticshub.DataExchangeIamBinding("binding", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigqueryanalyticshub.DataExchangeIamMember("member", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -602,10 +703,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The name of the location this data exchange. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -616,6 +714,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -666,16 +766,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -687,6 +779,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_member.py b/sdk/python/pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_member.py index 5bb0cb7a6d..38be78df08 100644 --- a/sdk/python/pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_member.py +++ b/sdk/python/pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_member.py @@ -25,15 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a DataExchangeIamMember resource. :param pulumi.Input[str] data_exchange_id: The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The name of the location this data exchange. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +36,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The name of the location this data exchange. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "data_exchange_id", data_exchange_id) pulumi.set(__self__, "member", member) @@ -70,6 +69,19 @@ def data_exchange_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -118,18 +130,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,10 +154,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The name of the location this data exchange. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +165,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -236,6 +235,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -248,18 +260,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -360,6 +360,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy("policy", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigqueryanalyticshub.DataExchangeIamBinding("binding", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigqueryanalyticshub.DataExchangeIamMember("member", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -403,10 +454,7 @@ def __init__(__self__, :param pulumi.Input[str] data_exchange_id: The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The name of the location this data exchange. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -417,6 +465,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -493,6 +543,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy("policy", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigqueryanalyticshub.DataExchangeIamBinding("binding", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigqueryanalyticshub.DataExchangeIamMember("member", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -602,10 +703,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The name of the location this data exchange. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -616,6 +714,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigqueryanalyticshub.DataExchangeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -666,16 +766,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -687,6 +779,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_policy.py b/sdk/python/pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_policy.py index 852f33d8a4..7a7b395f11 100644 --- a/sdk/python/pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigqueryanalyticshub/data_exchange_iam_policy.py @@ -27,18 +27,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "data_exchange_id", data_exchange_id) pulumi.set(__self__, "policy_data", policy_data) @@ -91,18 +79,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -129,18 +105,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if data_exchange_id is not None: pulumi.set(__self__, "data_exchange_id", data_exchange_id) @@ -209,18 +173,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -305,6 +257,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy("policy", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigqueryanalyticshub.DataExchangeIamBinding("binding", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigqueryanalyticshub.DataExchangeIamMember("member", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -352,18 +355,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -437,6 +428,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigqueryanalyticshub.DataExchangeIamPolicy("policy", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigqueryanalyticshub.DataExchangeIamBinding("binding", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_data\\_exchange\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigqueryanalyticshub.DataExchangeIamMember("member", + project=data_exchange["project"], + location=data_exchange["location"], + data_exchange_id=data_exchange["dataExchangeId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -542,18 +584,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -606,18 +636,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/bigqueryanalyticshub/listing_iam_binding.py b/sdk/python/pulumi_gcp/bigqueryanalyticshub/listing_iam_binding.py index 41bd9e4955..db836207e4 100644 --- a/sdk/python/pulumi_gcp/bigqueryanalyticshub/listing_iam_binding.py +++ b/sdk/python/pulumi_gcp/bigqueryanalyticshub/listing_iam_binding.py @@ -27,15 +27,7 @@ def __init__(__self__, *, The set of arguments for constructing a ListingIamBinding resource. :param pulumi.Input[str] data_exchange_id: The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] listing_id: The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The name of the location this data exchange listing. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -46,6 +38,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The name of the location this data exchange listing. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "data_exchange_id", data_exchange_id) pulumi.set(__self__, "listing_id", listing_id) @@ -85,6 +84,19 @@ def listing_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -133,18 +145,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -171,10 +171,7 @@ def __init__(__self__, *, :param pulumi.Input[str] listing_id: The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The name of the location this data exchange listing. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -185,6 +182,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -267,6 +266,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -279,18 +291,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -395,6 +395,60 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigqueryanalyticshub.ListingIamPolicy("policy", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigqueryanalyticshub.ListingIamBinding("binding", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigqueryanalyticshub.ListingIamMember("member", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -439,10 +493,7 @@ def __init__(__self__, :param pulumi.Input[str] listing_id: The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The name of the location this data exchange listing. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -453,6 +504,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -532,6 +585,60 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigqueryanalyticshub.ListingIamPolicy("policy", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigqueryanalyticshub.ListingIamBinding("binding", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigqueryanalyticshub.ListingIamMember("member", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -647,10 +754,7 @@ def get(resource_name: str, :param pulumi.Input[str] listing_id: The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The name of the location this data exchange listing. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -661,6 +765,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -720,16 +826,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -741,6 +839,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/bigqueryanalyticshub/listing_iam_member.py b/sdk/python/pulumi_gcp/bigqueryanalyticshub/listing_iam_member.py index 61e7330795..0d62aac50a 100644 --- a/sdk/python/pulumi_gcp/bigqueryanalyticshub/listing_iam_member.py +++ b/sdk/python/pulumi_gcp/bigqueryanalyticshub/listing_iam_member.py @@ -27,15 +27,7 @@ def __init__(__self__, *, The set of arguments for constructing a ListingIamMember resource. :param pulumi.Input[str] data_exchange_id: The ID of the data exchange. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] listing_id: The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The name of the location this data exchange listing. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -46,6 +38,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The name of the location this data exchange listing. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "data_exchange_id", data_exchange_id) pulumi.set(__self__, "listing_id", listing_id) @@ -85,6 +84,19 @@ def listing_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -133,18 +145,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -171,10 +171,7 @@ def __init__(__self__, *, :param pulumi.Input[str] listing_id: The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The name of the location this data exchange listing. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -185,6 +182,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -267,6 +266,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -279,18 +291,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -395,6 +395,60 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigqueryanalyticshub.ListingIamPolicy("policy", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigqueryanalyticshub.ListingIamBinding("binding", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigqueryanalyticshub.ListingIamMember("member", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -439,10 +493,7 @@ def __init__(__self__, :param pulumi.Input[str] listing_id: The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The name of the location this data exchange listing. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -453,6 +504,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -532,6 +585,60 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigqueryanalyticshub.ListingIamPolicy("policy", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigqueryanalyticshub.ListingIamBinding("binding", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigqueryanalyticshub.ListingIamMember("member", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -647,10 +754,7 @@ def get(resource_name: str, :param pulumi.Input[str] listing_id: The ID of the listing. Must contain only Unicode letters, numbers (0-9), underscores (_). Should not use characters that require URL-escaping, or characters outside of ASCII, spaces. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The name of the location this data exchange listing. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -661,6 +765,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigqueryanalyticshub.ListingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -720,16 +826,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -741,6 +839,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/bigqueryanalyticshub/listing_iam_policy.py b/sdk/python/pulumi_gcp/bigqueryanalyticshub/listing_iam_policy.py index f6bb8974c9..78130c0a15 100644 --- a/sdk/python/pulumi_gcp/bigqueryanalyticshub/listing_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigqueryanalyticshub/listing_iam_policy.py @@ -29,18 +29,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "data_exchange_id", data_exchange_id) pulumi.set(__self__, "listing_id", listing_id) @@ -106,18 +94,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -146,18 +122,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if data_exchange_id is not None: pulumi.set(__self__, "data_exchange_id", data_exchange_id) @@ -240,18 +204,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -340,6 +292,60 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigqueryanalyticshub.ListingIamPolicy("policy", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigqueryanalyticshub.ListingIamBinding("binding", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigqueryanalyticshub.ListingIamMember("member", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -388,18 +394,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -476,6 +470,60 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigqueryanalyticshub.ListingIamPolicy("policy", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigqueryanalyticshub.ListingIamBinding("binding", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_analytics\\_hub\\_listing\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigqueryanalyticshub.ListingIamMember("member", + project=listing["project"], + location=listing["location"], + data_exchange_id=listing["dataExchangeId"], + listing_id=listing["listingId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -587,18 +635,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -660,18 +696,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/bigquerydatapolicy/data_policy_iam_binding.py b/sdk/python/pulumi_gcp/bigquerydatapolicy/data_policy_iam_binding.py index 693b41f4c0..17bff24f86 100644 --- a/sdk/python/pulumi_gcp/bigquerydatapolicy/data_policy_iam_binding.py +++ b/sdk/python/pulumi_gcp/bigquerydatapolicy/data_policy_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a DataPolicyIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The name of the location of the data policy. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The name of the location of the data policy. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "data_policy_id", data_policy_id) pulumi.set(__self__, "members", members) @@ -66,6 +65,19 @@ def data_policy_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -114,18 +126,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -149,10 +149,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The name of the location of the data policy. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -163,6 +160,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -228,6 +227,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -240,18 +252,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -352,6 +352,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquerydatapolicy.DataPolicyIamPolicy("policy", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquerydatapolicy.DataPolicyIamBinding("binding", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquerydatapolicy.DataPolicyIamMember("member", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -394,10 +445,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The name of the location of the data policy. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -408,6 +456,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -484,6 +534,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquerydatapolicy.DataPolicyIamPolicy("policy", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquerydatapolicy.DataPolicyIamBinding("binding", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquerydatapolicy.DataPolicyIamMember("member", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -592,10 +693,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The name of the location of the data policy. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -606,6 +704,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -653,16 +753,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -674,6 +766,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/bigquerydatapolicy/data_policy_iam_member.py b/sdk/python/pulumi_gcp/bigquerydatapolicy/data_policy_iam_member.py index 13ccf590a7..f39b1e81ad 100644 --- a/sdk/python/pulumi_gcp/bigquerydatapolicy/data_policy_iam_member.py +++ b/sdk/python/pulumi_gcp/bigquerydatapolicy/data_policy_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a DataPolicyIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The name of the location of the data policy. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The name of the location of the data policy. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "data_policy_id", data_policy_id) pulumi.set(__self__, "member", member) @@ -66,6 +65,19 @@ def data_policy_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -114,18 +126,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -149,10 +149,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The name of the location of the data policy. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -163,6 +160,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -228,6 +227,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -240,18 +252,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -352,6 +352,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquerydatapolicy.DataPolicyIamPolicy("policy", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquerydatapolicy.DataPolicyIamBinding("binding", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquerydatapolicy.DataPolicyIamMember("member", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -394,10 +445,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The name of the location of the data policy. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -408,6 +456,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -484,6 +534,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquerydatapolicy.DataPolicyIamPolicy("policy", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquerydatapolicy.DataPolicyIamBinding("binding", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquerydatapolicy.DataPolicyIamMember("member", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -592,10 +693,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The name of the location of the data policy. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -606,6 +704,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `bigquerydatapolicy.DataPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -653,16 +753,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -674,6 +766,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/bigquerydatapolicy/data_policy_iam_policy.py b/sdk/python/pulumi_gcp/bigquerydatapolicy/data_policy_iam_policy.py index 245ed138cf..f03c678b12 100644 --- a/sdk/python/pulumi_gcp/bigquerydatapolicy/data_policy_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigquerydatapolicy/data_policy_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "data_policy_id", data_policy_id) pulumi.set(__self__, "policy_data", policy_data) @@ -87,18 +75,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -124,18 +100,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if data_policy_id is not None: pulumi.set(__self__, "data_policy_id", data_policy_id) @@ -201,18 +165,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -297,6 +249,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquerydatapolicy.DataPolicyIamPolicy("policy", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquerydatapolicy.DataPolicyIamBinding("binding", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquerydatapolicy.DataPolicyIamMember("member", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -343,18 +346,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -428,6 +419,57 @@ def __init__(__self__, ``` + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.bigquerydatapolicy.DataPolicyIamPolicy("policy", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.bigquerydatapolicy.DataPolicyIamBinding("binding", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigquery\\_datapolicy\\_data\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.bigquerydatapolicy.DataPolicyIamMember("member", + project=data_policy["project"], + location=data_policy["location"], + data_policy_id=data_policy["dataPolicyId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -532,18 +574,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -593,18 +623,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/bigtable/instance_iam_binding.py b/sdk/python/pulumi_gcp/bigtable/instance_iam_binding.py index 569c901aeb..553d12fb6c 100644 --- a/sdk/python/pulumi_gcp/bigtable/instance_iam_binding.py +++ b/sdk/python/pulumi_gcp/bigtable/instance_iam_binding.py @@ -26,8 +26,7 @@ def __init__(__self__, *, :param pulumi.Input[str] instance: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -58,15 +57,6 @@ def instance(self) -> pulumi.Input[str]: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -77,6 +67,16 @@ def instance(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -137,8 +137,7 @@ def __init__(__self__, *, :param pulumi.Input[str] instance: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -195,15 +194,6 @@ def instance(self) -> Optional[pulumi.Input[str]]: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -214,6 +204,16 @@ def instance(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -318,6 +318,52 @@ def __init__(__self__, ``` + ## google\\_bigtable\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigtable.user", + members=["user:jane@example.com"], + )]) + editor = gcp.bigtable.InstanceIamPolicy("editor", + project="your-project", + instance="your-bigtable-instance", + policy_data=admin.policy_data) + ``` + + + ## google\\_bigtable\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.InstanceIamBinding("editor", + instance="your-bigtable-instance", + role="roles/bigtable.user", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigtable\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.InstanceIamMember("editor", + instance="your-bigtable-instance", + role="roles/bigtable.user", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -349,8 +395,7 @@ def __init__(__self__, :param pulumi.Input[str] instance: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -429,6 +474,52 @@ def __init__(__self__, ``` + ## google\\_bigtable\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigtable.user", + members=["user:jane@example.com"], + )]) + editor = gcp.bigtable.InstanceIamPolicy("editor", + project="your-project", + instance="your-bigtable-instance", + policy_data=admin.policy_data) + ``` + + + ## google\\_bigtable\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.InstanceIamBinding("editor", + instance="your-bigtable-instance", + role="roles/bigtable.user", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigtable\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.InstanceIamMember("editor", + instance="your-bigtable-instance", + role="roles/bigtable.user", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -523,8 +614,7 @@ def get(resource_name: str, :param pulumi.Input[str] instance: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -572,8 +662,14 @@ def instance(self) -> pulumi.Output[str]: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: + """ + return pulumi.get(self, "instance") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -582,11 +678,6 @@ def instance(self) -> pulumi.Output[str]: * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ - return pulumi.get(self, "instance") - - @property - @pulumi.getter - def members(self) -> pulumi.Output[Sequence[str]]: return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/bigtable/instance_iam_member.py b/sdk/python/pulumi_gcp/bigtable/instance_iam_member.py index 21c9e6d277..13199581ed 100644 --- a/sdk/python/pulumi_gcp/bigtable/instance_iam_member.py +++ b/sdk/python/pulumi_gcp/bigtable/instance_iam_member.py @@ -26,8 +26,7 @@ def __init__(__self__, *, :param pulumi.Input[str] instance: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -58,15 +57,6 @@ def instance(self) -> pulumi.Input[str]: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -77,6 +67,16 @@ def instance(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -137,8 +137,7 @@ def __init__(__self__, *, :param pulumi.Input[str] instance: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -195,15 +194,6 @@ def instance(self) -> Optional[pulumi.Input[str]]: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -214,6 +204,16 @@ def instance(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -318,6 +318,52 @@ def __init__(__self__, ``` + ## google\\_bigtable\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigtable.user", + members=["user:jane@example.com"], + )]) + editor = gcp.bigtable.InstanceIamPolicy("editor", + project="your-project", + instance="your-bigtable-instance", + policy_data=admin.policy_data) + ``` + + + ## google\\_bigtable\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.InstanceIamBinding("editor", + instance="your-bigtable-instance", + role="roles/bigtable.user", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigtable\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.InstanceIamMember("editor", + instance="your-bigtable-instance", + role="roles/bigtable.user", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -349,8 +395,7 @@ def __init__(__self__, :param pulumi.Input[str] instance: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -429,6 +474,52 @@ def __init__(__self__, ``` + ## google\\_bigtable\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigtable.user", + members=["user:jane@example.com"], + )]) + editor = gcp.bigtable.InstanceIamPolicy("editor", + project="your-project", + instance="your-bigtable-instance", + policy_data=admin.policy_data) + ``` + + + ## google\\_bigtable\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.InstanceIamBinding("editor", + instance="your-bigtable-instance", + role="roles/bigtable.user", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigtable\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.InstanceIamMember("editor", + instance="your-bigtable-instance", + role="roles/bigtable.user", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -523,8 +614,7 @@ def get(resource_name: str, :param pulumi.Input[str] instance: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -572,8 +662,14 @@ def instance(self) -> pulumi.Output[str]: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: + """ + return pulumi.get(self, "instance") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -582,11 +678,6 @@ def instance(self) -> pulumi.Output[str]: * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ - return pulumi.get(self, "instance") - - @property - @pulumi.getter - def member(self) -> pulumi.Output[str]: return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/bigtable/instance_iam_policy.py b/sdk/python/pulumi_gcp/bigtable/instance_iam_policy.py index 9e54830a5d..cfb5090ed6 100644 --- a/sdk/python/pulumi_gcp/bigtable/instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigtable/instance_iam_policy.py @@ -22,15 +22,6 @@ def __init__(__self__, *, :param pulumi.Input[str] instance: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. - - - @@ -49,15 +40,6 @@ def instance(self) -> pulumi.Input[str]: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -106,15 +88,6 @@ def __init__(__self__, *, :param pulumi.Input[str] instance: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. - - - @@ -149,15 +122,6 @@ def instance(self) -> Optional[pulumi.Input[str]]: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -259,6 +223,52 @@ def __init__(__self__, ``` + ## google\\_bigtable\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigtable.user", + members=["user:jane@example.com"], + )]) + editor = gcp.bigtable.InstanceIamPolicy("editor", + project="your-project", + instance="your-bigtable-instance", + policy_data=admin.policy_data) + ``` + + + ## google\\_bigtable\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.InstanceIamBinding("editor", + instance="your-bigtable-instance", + role="roles/bigtable.user", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigtable\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.InstanceIamMember("editor", + instance="your-bigtable-instance", + role="roles/bigtable.user", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -290,15 +300,6 @@ def __init__(__self__, :param pulumi.Input[str] instance: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. - - - @@ -368,6 +369,52 @@ def __init__(__self__, ``` + ## google\\_bigtable\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigtable.user", + members=["user:jane@example.com"], + )]) + editor = gcp.bigtable.InstanceIamPolicy("editor", + project="your-project", + instance="your-bigtable-instance", + policy_data=admin.policy_data) + ``` + + + ## google\\_bigtable\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.InstanceIamBinding("editor", + instance="your-bigtable-instance", + role="roles/bigtable.user", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigtable\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.InstanceIamMember("editor", + instance="your-bigtable-instance", + role="roles/bigtable.user", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -454,15 +501,6 @@ def get(resource_name: str, :param pulumi.Input[str] instance: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. - - - @@ -494,15 +532,6 @@ def instance(self) -> pulumi.Output[str]: The name or relative resource id of the instance to manage IAM policies for. For `bigtable.InstanceIamMember` or `bigtable.InstanceIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") diff --git a/sdk/python/pulumi_gcp/bigtable/table_iam_binding.py b/sdk/python/pulumi_gcp/bigtable/table_iam_binding.py index 58588a3195..832e6240e0 100644 --- a/sdk/python/pulumi_gcp/bigtable/table_iam_binding.py +++ b/sdk/python/pulumi_gcp/bigtable/table_iam_binding.py @@ -25,6 +25,14 @@ def __init__(__self__, *, """ The set of arguments for constructing a TableIamBinding resource. :param pulumi.Input[str] instance: The name or relative resource id of the instance that owns the table. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] role: The role that should be applied. Only one `bigtable.TableIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles). @@ -33,15 +41,6 @@ def __init__(__self__, *, :param pulumi.Input[str] table: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the table belongs. If it is not provided, this provider will use the provider default. """ @@ -69,6 +68,16 @@ def instance(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -98,15 +107,6 @@ def table(self) -> pulumi.Input[str]: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "table") @@ -151,6 +151,14 @@ def __init__(__self__, *, Input properties used for looking up and filtering TableIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the tables's IAM policy. :param pulumi.Input[str] instance: The name or relative resource id of the instance that owns the table. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the table belongs. If it is not provided, this provider will use the provider default. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -161,15 +169,6 @@ def __init__(__self__, *, :param pulumi.Input[str] table: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ if condition is not None: pulumi.set(__self__, "condition", condition) @@ -222,6 +221,16 @@ def instance(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -264,15 +273,6 @@ def table(self) -> Optional[pulumi.Input[str]]: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "table") @@ -353,6 +353,55 @@ def __init__(__self__, ``` + ## google\\_bigtable\\_table\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigtable.user", + members=["user:jane@example.com"], + )]) + editor = gcp.bigtable.TableIamPolicy("editor", + project="your-project", + instance="your-bigtable-instance", + table="your-bigtable-table", + policy_data=admin.policy_data) + ``` + + + ## google\\_bigtable\\_table\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.TableIamBinding("editor", + table="your-bigtable-table", + instance="your-bigtable-instance", + role="roles/bigtable.user", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigtable\\_table\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.TableIamMember("editor", + table="your-bigtable-table", + instance="your-bigtable-instance", + role="roles/bigtable.user", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -382,6 +431,14 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] instance: The name or relative resource id of the instance that owns the table. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the table belongs. If it is not provided, this provider will use the provider default. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -392,15 +449,6 @@ def __init__(__self__, :param pulumi.Input[str] table: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ ... @overload @@ -468,6 +516,55 @@ def __init__(__self__, ``` + ## google\\_bigtable\\_table\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigtable.user", + members=["user:jane@example.com"], + )]) + editor = gcp.bigtable.TableIamPolicy("editor", + project="your-project", + instance="your-bigtable-instance", + table="your-bigtable-table", + policy_data=admin.policy_data) + ``` + + + ## google\\_bigtable\\_table\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.TableIamBinding("editor", + table="your-bigtable-table", + instance="your-bigtable-instance", + role="roles/bigtable.user", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigtable\\_table\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.TableIamMember("editor", + table="your-bigtable-table", + instance="your-bigtable-instance", + role="roles/bigtable.user", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -565,6 +662,14 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the tables's IAM policy. :param pulumi.Input[str] instance: The name or relative resource id of the instance that owns the table. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the table belongs. If it is not provided, this provider will use the provider default. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -575,15 +680,6 @@ def get(resource_name: str, :param pulumi.Input[str] table: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -622,6 +718,16 @@ def instance(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @property @@ -652,15 +758,6 @@ def table(self) -> pulumi.Output[str]: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "table") diff --git a/sdk/python/pulumi_gcp/bigtable/table_iam_member.py b/sdk/python/pulumi_gcp/bigtable/table_iam_member.py index eb5a3646f6..2d33655c82 100644 --- a/sdk/python/pulumi_gcp/bigtable/table_iam_member.py +++ b/sdk/python/pulumi_gcp/bigtable/table_iam_member.py @@ -25,6 +25,14 @@ def __init__(__self__, *, """ The set of arguments for constructing a TableIamMember resource. :param pulumi.Input[str] instance: The name or relative resource id of the instance that owns the table. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] role: The role that should be applied. Only one `bigtable.TableIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles). @@ -33,15 +41,6 @@ def __init__(__self__, *, :param pulumi.Input[str] table: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the table belongs. If it is not provided, this provider will use the provider default. """ @@ -69,6 +68,16 @@ def instance(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -98,15 +107,6 @@ def table(self) -> pulumi.Input[str]: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "table") @@ -151,6 +151,14 @@ def __init__(__self__, *, Input properties used for looking up and filtering TableIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the tables's IAM policy. :param pulumi.Input[str] instance: The name or relative resource id of the instance that owns the table. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the table belongs. If it is not provided, this provider will use the provider default. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -161,15 +169,6 @@ def __init__(__self__, *, :param pulumi.Input[str] table: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ if condition is not None: pulumi.set(__self__, "condition", condition) @@ -222,6 +221,16 @@ def instance(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -264,15 +273,6 @@ def table(self) -> Optional[pulumi.Input[str]]: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "table") @@ -353,6 +353,55 @@ def __init__(__self__, ``` + ## google\\_bigtable\\_table\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigtable.user", + members=["user:jane@example.com"], + )]) + editor = gcp.bigtable.TableIamPolicy("editor", + project="your-project", + instance="your-bigtable-instance", + table="your-bigtable-table", + policy_data=admin.policy_data) + ``` + + + ## google\\_bigtable\\_table\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.TableIamBinding("editor", + table="your-bigtable-table", + instance="your-bigtable-instance", + role="roles/bigtable.user", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigtable\\_table\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.TableIamMember("editor", + table="your-bigtable-table", + instance="your-bigtable-instance", + role="roles/bigtable.user", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -382,6 +431,14 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] instance: The name or relative resource id of the instance that owns the table. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the table belongs. If it is not provided, this provider will use the provider default. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -392,15 +449,6 @@ def __init__(__self__, :param pulumi.Input[str] table: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ ... @overload @@ -468,6 +516,55 @@ def __init__(__self__, ``` + ## google\\_bigtable\\_table\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigtable.user", + members=["user:jane@example.com"], + )]) + editor = gcp.bigtable.TableIamPolicy("editor", + project="your-project", + instance="your-bigtable-instance", + table="your-bigtable-table", + policy_data=admin.policy_data) + ``` + + + ## google\\_bigtable\\_table\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.TableIamBinding("editor", + table="your-bigtable-table", + instance="your-bigtable-instance", + role="roles/bigtable.user", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigtable\\_table\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.TableIamMember("editor", + table="your-bigtable-table", + instance="your-bigtable-instance", + role="roles/bigtable.user", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -565,6 +662,14 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the tables's IAM policy. :param pulumi.Input[str] instance: The name or relative resource id of the instance that owns the table. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the table belongs. If it is not provided, this provider will use the provider default. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -575,15 +680,6 @@ def get(resource_name: str, :param pulumi.Input[str] table: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -622,6 +718,16 @@ def instance(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @property @@ -652,15 +758,6 @@ def table(self) -> pulumi.Output[str]: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "table") diff --git a/sdk/python/pulumi_gcp/bigtable/table_iam_policy.py b/sdk/python/pulumi_gcp/bigtable/table_iam_policy.py index 82b0585aec..32dd31b6c5 100644 --- a/sdk/python/pulumi_gcp/bigtable/table_iam_policy.py +++ b/sdk/python/pulumi_gcp/bigtable/table_iam_policy.py @@ -27,15 +27,6 @@ def __init__(__self__, *, :param pulumi.Input[str] table: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the table belongs. If it is not provided, this provider will use the provider default. """ @@ -78,15 +69,6 @@ def table(self) -> pulumi.Input[str]: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "table") @@ -128,15 +110,6 @@ def __init__(__self__, *, :param pulumi.Input[str] table: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -207,15 +180,6 @@ def table(self) -> Optional[pulumi.Input[str]]: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "table") @@ -294,6 +258,55 @@ def __init__(__self__, ``` + ## google\\_bigtable\\_table\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigtable.user", + members=["user:jane@example.com"], + )]) + editor = gcp.bigtable.TableIamPolicy("editor", + project="your-project", + instance="your-bigtable-instance", + table="your-bigtable-table", + policy_data=admin.policy_data) + ``` + + + ## google\\_bigtable\\_table\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.TableIamBinding("editor", + table="your-bigtable-table", + instance="your-bigtable-instance", + role="roles/bigtable.user", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigtable\\_table\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.TableIamMember("editor", + table="your-bigtable-table", + instance="your-bigtable-instance", + role="roles/bigtable.user", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -331,15 +344,6 @@ def __init__(__self__, :param pulumi.Input[str] table: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ ... @overload @@ -407,6 +411,55 @@ def __init__(__self__, ``` + ## google\\_bigtable\\_table\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/bigtable.user", + members=["user:jane@example.com"], + )]) + editor = gcp.bigtable.TableIamPolicy("editor", + project="your-project", + instance="your-bigtable-instance", + table="your-bigtable-table", + policy_data=admin.policy_data) + ``` + + + ## google\\_bigtable\\_table\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.TableIamBinding("editor", + table="your-bigtable-table", + instance="your-bigtable-instance", + role="roles/bigtable.user", + members=["user:jane@example.com"]) + ``` + + + ## google\\_bigtable\\_table\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.bigtable.TableIamMember("editor", + table="your-bigtable-table", + instance="your-bigtable-instance", + role="roles/bigtable.user", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -504,15 +557,6 @@ def get(resource_name: str, :param pulumi.Input[str] table: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -567,15 +611,6 @@ def table(self) -> pulumi.Output[str]: The name or relative resource id of the table to manage IAM policies for. For `bigtable.TableIamMember` or `bigtable.TableIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "table") diff --git a/sdk/python/pulumi_gcp/billing/account_iam_binding.py b/sdk/python/pulumi_gcp/billing/account_iam_binding.py index 4afaecf9b3..36854ed37b 100644 --- a/sdk/python/pulumi_gcp/billing/account_iam_binding.py +++ b/sdk/python/pulumi_gcp/billing/account_iam_binding.py @@ -25,8 +25,7 @@ def __init__(__self__, *, :param pulumi.Input[str] billing_account_id: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. @@ -51,13 +50,6 @@ def billing_account_id(self) -> pulumi.Input[str]: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "billing_account_id") @@ -68,6 +60,14 @@ def billing_account_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -113,14 +113,13 @@ def __init__(__self__, *, :param pulumi.Input[str] billing_account_id: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the billing account's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the billing account's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles). @@ -145,13 +144,6 @@ def billing_account_id(self) -> Optional[pulumi.Input[str]]: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "billing_account_id") @@ -183,6 +175,14 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -272,6 +272,51 @@ def __init__(__self__, ``` + ## google\\_billing\\_account\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/billing.viewer", + members=["user:jane@example.com"], + )]) + editor = gcp.billing.AccountIamPolicy("editor", + billing_account_id="00AA00-000AAA-00AA0A", + policy_data=admin.policy_data) + ``` + + + ## google\\_billing\\_account\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.billing.AccountIamBinding("editor", + billing_account_id="00AA00-000AAA-00AA0A", + role="roles/billing.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_billing\\_account\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.billing.AccountIamMember("editor", + billing_account_id="00AA00-000AAA-00AA0A", + role="roles/billing.viewer", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -303,8 +348,7 @@ def __init__(__self__, :param pulumi.Input[str] billing_account_id: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. @@ -378,6 +422,51 @@ def __init__(__self__, ``` + ## google\\_billing\\_account\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/billing.viewer", + members=["user:jane@example.com"], + )]) + editor = gcp.billing.AccountIamPolicy("editor", + billing_account_id="00AA00-000AAA-00AA0A", + policy_data=admin.policy_data) + ``` + + + ## google\\_billing\\_account\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.billing.AccountIamBinding("editor", + billing_account_id="00AA00-000AAA-00AA0A", + role="roles/billing.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_billing\\_account\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.billing.AccountIamMember("editor", + billing_account_id="00AA00-000AAA-00AA0A", + role="roles/billing.viewer", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -468,14 +557,13 @@ def get(resource_name: str, :param pulumi.Input[str] billing_account_id: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the billing account's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the billing account's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles). @@ -500,13 +588,6 @@ def billing_account_id(self) -> pulumi.Output[str]: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "billing_account_id") @@ -526,6 +607,14 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/billing/account_iam_member.py b/sdk/python/pulumi_gcp/billing/account_iam_member.py index 33fef5d3b8..267e25cbab 100644 --- a/sdk/python/pulumi_gcp/billing/account_iam_member.py +++ b/sdk/python/pulumi_gcp/billing/account_iam_member.py @@ -25,8 +25,7 @@ def __init__(__self__, *, :param pulumi.Input[str] billing_account_id: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. @@ -51,13 +50,6 @@ def billing_account_id(self) -> pulumi.Input[str]: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "billing_account_id") @@ -68,6 +60,14 @@ def billing_account_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -113,14 +113,13 @@ def __init__(__self__, *, :param pulumi.Input[str] billing_account_id: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the billing account's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the billing account's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles). @@ -145,13 +144,6 @@ def billing_account_id(self) -> Optional[pulumi.Input[str]]: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "billing_account_id") @@ -183,6 +175,14 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -272,6 +272,51 @@ def __init__(__self__, ``` + ## google\\_billing\\_account\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/billing.viewer", + members=["user:jane@example.com"], + )]) + editor = gcp.billing.AccountIamPolicy("editor", + billing_account_id="00AA00-000AAA-00AA0A", + policy_data=admin.policy_data) + ``` + + + ## google\\_billing\\_account\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.billing.AccountIamBinding("editor", + billing_account_id="00AA00-000AAA-00AA0A", + role="roles/billing.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_billing\\_account\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.billing.AccountIamMember("editor", + billing_account_id="00AA00-000AAA-00AA0A", + role="roles/billing.viewer", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -303,8 +348,7 @@ def __init__(__self__, :param pulumi.Input[str] billing_account_id: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. @@ -378,6 +422,51 @@ def __init__(__self__, ``` + ## google\\_billing\\_account\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/billing.viewer", + members=["user:jane@example.com"], + )]) + editor = gcp.billing.AccountIamPolicy("editor", + billing_account_id="00AA00-000AAA-00AA0A", + policy_data=admin.policy_data) + ``` + + + ## google\\_billing\\_account\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.billing.AccountIamBinding("editor", + billing_account_id="00AA00-000AAA-00AA0A", + role="roles/billing.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_billing\\_account\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.billing.AccountIamMember("editor", + billing_account_id="00AA00-000AAA-00AA0A", + role="roles/billing.viewer", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -468,14 +557,13 @@ def get(resource_name: str, :param pulumi.Input[str] billing_account_id: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the billing account's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the billing account's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `billing.AccountIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. Read more about roles [here](https://cloud.google.com/bigtable/docs/access-control#roles). @@ -500,13 +588,6 @@ def billing_account_id(self) -> pulumi.Output[str]: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "billing_account_id") @@ -526,6 +607,14 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/billing/account_iam_policy.py b/sdk/python/pulumi_gcp/billing/account_iam_policy.py index 0323f0ffef..8f40ac8a64 100644 --- a/sdk/python/pulumi_gcp/billing/account_iam_policy.py +++ b/sdk/python/pulumi_gcp/billing/account_iam_policy.py @@ -21,13 +21,6 @@ def __init__(__self__, *, :param pulumi.Input[str] billing_account_id: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. - - - @@ -42,13 +35,6 @@ def billing_account_id(self) -> pulumi.Input[str]: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "billing_account_id") @@ -82,13 +68,6 @@ def __init__(__self__, *, :param pulumi.Input[str] billing_account_id: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] etag: (Computed) The etag of the billing account's IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -108,13 +87,6 @@ def billing_account_id(self) -> Optional[pulumi.Input[str]]: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "billing_account_id") @@ -213,6 +185,51 @@ def __init__(__self__, ``` + ## google\\_billing\\_account\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/billing.viewer", + members=["user:jane@example.com"], + )]) + editor = gcp.billing.AccountIamPolicy("editor", + billing_account_id="00AA00-000AAA-00AA0A", + policy_data=admin.policy_data) + ``` + + + ## google\\_billing\\_account\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.billing.AccountIamBinding("editor", + billing_account_id="00AA00-000AAA-00AA0A", + role="roles/billing.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_billing\\_account\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.billing.AccountIamMember("editor", + billing_account_id="00AA00-000AAA-00AA0A", + role="roles/billing.viewer", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -244,13 +261,6 @@ def __init__(__self__, :param pulumi.Input[str] billing_account_id: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. - - - @@ -317,6 +327,51 @@ def __init__(__self__, ``` + ## google\\_billing\\_account\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/billing.viewer", + members=["user:jane@example.com"], + )]) + editor = gcp.billing.AccountIamPolicy("editor", + billing_account_id="00AA00-000AAA-00AA0A", + policy_data=admin.policy_data) + ``` + + + ## google\\_billing\\_account\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.billing.AccountIamBinding("editor", + billing_account_id="00AA00-000AAA-00AA0A", + role="roles/billing.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_billing\\_account\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.billing.AccountIamMember("editor", + billing_account_id="00AA00-000AAA-00AA0A", + role="roles/billing.viewer", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -399,13 +454,6 @@ def get(resource_name: str, :param pulumi.Input[str] billing_account_id: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] etag: (Computed) The etag of the billing account's IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -427,13 +475,6 @@ def billing_account_id(self) -> pulumi.Output[str]: The billing account id. For `billing.AccountIamMember` or `billing.AccountIamBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "billing_account_id") diff --git a/sdk/python/pulumi_gcp/binaryauthorization/attestor_iam_binding.py b/sdk/python/pulumi_gcp/binaryauthorization/attestor_iam_binding.py index 953de2e091..38aa65d96b 100644 --- a/sdk/python/pulumi_gcp/binaryauthorization/attestor_iam_binding.py +++ b/sdk/python/pulumi_gcp/binaryauthorization/attestor_iam_binding.py @@ -24,13 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a AttestorIamBinding resource. :param pulumi.Input[str] attestor: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +35,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "attestor", attestor) pulumi.set(__self__, "members", members) @@ -65,6 +64,19 @@ def attestor(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -100,18 +112,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -133,10 +133,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering AttestorIamBinding resources. :param pulumi.Input[str] attestor: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -147,6 +144,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -200,6 +199,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -212,18 +224,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -320,6 +320,54 @@ def __init__(__self__, ``` + ## google\\_binary\\_authorization\\_attestor\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.binaryauthorization.AttestorIamPolicy("policy", + project=attestor["project"], + attestor=attestor["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_binary\\_authorization\\_attestor\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.binaryauthorization.AttestorIamBinding("binding", + project=attestor["project"], + attestor=attestor["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_binary\\_authorization\\_attestor\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.binaryauthorization.AttestorIamMember("member", + project=attestor["project"], + attestor=attestor["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -359,10 +407,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] attestor: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -373,6 +418,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -446,6 +493,54 @@ def __init__(__self__, ``` + ## google\\_binary\\_authorization\\_attestor\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.binaryauthorization.AttestorIamPolicy("policy", + project=attestor["project"], + attestor=attestor["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_binary\\_authorization\\_attestor\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.binaryauthorization.AttestorIamBinding("binding", + project=attestor["project"], + attestor=attestor["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_binary\\_authorization\\_attestor\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.binaryauthorization.AttestorIamMember("member", + project=attestor["project"], + attestor=attestor["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -548,10 +643,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] attestor: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -562,6 +654,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -602,16 +696,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -623,6 +709,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/binaryauthorization/attestor_iam_member.py b/sdk/python/pulumi_gcp/binaryauthorization/attestor_iam_member.py index b964420c1a..7a630a1687 100644 --- a/sdk/python/pulumi_gcp/binaryauthorization/attestor_iam_member.py +++ b/sdk/python/pulumi_gcp/binaryauthorization/attestor_iam_member.py @@ -24,13 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a AttestorIamMember resource. :param pulumi.Input[str] attestor: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +35,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "attestor", attestor) pulumi.set(__self__, "member", member) @@ -65,6 +64,19 @@ def attestor(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -100,18 +112,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -133,10 +133,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering AttestorIamMember resources. :param pulumi.Input[str] attestor: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -147,6 +144,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -200,6 +199,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -212,18 +224,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -320,6 +320,54 @@ def __init__(__self__, ``` + ## google\\_binary\\_authorization\\_attestor\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.binaryauthorization.AttestorIamPolicy("policy", + project=attestor["project"], + attestor=attestor["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_binary\\_authorization\\_attestor\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.binaryauthorization.AttestorIamBinding("binding", + project=attestor["project"], + attestor=attestor["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_binary\\_authorization\\_attestor\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.binaryauthorization.AttestorIamMember("member", + project=attestor["project"], + attestor=attestor["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -359,10 +407,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] attestor: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -373,6 +418,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -446,6 +493,54 @@ def __init__(__self__, ``` + ## google\\_binary\\_authorization\\_attestor\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.binaryauthorization.AttestorIamPolicy("policy", + project=attestor["project"], + attestor=attestor["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_binary\\_authorization\\_attestor\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.binaryauthorization.AttestorIamBinding("binding", + project=attestor["project"], + attestor=attestor["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_binary\\_authorization\\_attestor\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.binaryauthorization.AttestorIamMember("member", + project=attestor["project"], + attestor=attestor["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -548,10 +643,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] attestor: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -562,6 +654,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -602,16 +696,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -623,6 +709,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/binaryauthorization/attestor_iam_policy.py b/sdk/python/pulumi_gcp/binaryauthorization/attestor_iam_policy.py index ab7a22929e..d2e99dbbb8 100644 --- a/sdk/python/pulumi_gcp/binaryauthorization/attestor_iam_policy.py +++ b/sdk/python/pulumi_gcp/binaryauthorization/attestor_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "attestor", attestor) pulumi.set(__self__, "policy_data", policy_data) @@ -73,18 +61,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -108,18 +84,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if attestor is not None: pulumi.set(__self__, "attestor", attestor) @@ -173,18 +137,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -265,6 +217,54 @@ def __init__(__self__, ``` + ## google\\_binary\\_authorization\\_attestor\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.binaryauthorization.AttestorIamPolicy("policy", + project=attestor["project"], + attestor=attestor["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_binary\\_authorization\\_attestor\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.binaryauthorization.AttestorIamBinding("binding", + project=attestor["project"], + attestor=attestor["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_binary\\_authorization\\_attestor\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.binaryauthorization.AttestorIamMember("member", + project=attestor["project"], + attestor=attestor["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -308,18 +308,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -390,6 +378,54 @@ def __init__(__self__, ``` + ## google\\_binary\\_authorization\\_attestor\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.binaryauthorization.AttestorIamPolicy("policy", + project=attestor["project"], + attestor=attestor["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_binary\\_authorization\\_attestor\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.binaryauthorization.AttestorIamBinding("binding", + project=attestor["project"], + attestor=attestor["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_binary\\_authorization\\_attestor\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.binaryauthorization.AttestorIamMember("member", + project=attestor["project"], + attestor=attestor["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -488,18 +524,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -542,18 +566,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/certificateauthority/ca_pool_iam_binding.py b/sdk/python/pulumi_gcp/certificateauthority/ca_pool_iam_binding.py index 751fc23c11..62208033dd 100644 --- a/sdk/python/pulumi_gcp/certificateauthority/ca_pool_iam_binding.py +++ b/sdk/python/pulumi_gcp/certificateauthority/ca_pool_iam_binding.py @@ -25,18 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a CaPoolIamBinding resource. :param pulumi.Input[str] ca_pool: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['CaPoolIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] location: Location of the CaPool. A full list of valid locations can be found by - running `gcloud privateca locations list`. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -47,6 +36,16 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['CaPoolIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] location: Location of the CaPool. A full list of valid locations can be found by + running `gcloud privateca locations list`. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "ca_pool", ca_pool) pulumi.set(__self__, "members", members) @@ -73,6 +72,19 @@ def ca_pool(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -126,18 +138,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -165,10 +165,7 @@ def __init__(__self__, *, :param pulumi.Input[str] location: Location of the CaPool. A full list of valid locations can be found by running `gcloud privateca locations list`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -179,6 +176,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -252,6 +251,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -264,18 +276,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -430,6 +430,109 @@ def __init__(__self__, ``` + ## google\\_privateca\\_ca\\_pool\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + )]) + policy = gcp.certificateauthority.CaPoolIamPolicy("policy", + ca_pool=default["id"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.certificateauthority.CaPoolIamPolicy("policy", + ca_pool=default["id"], + policy_data=admin.policy_data) + ``` + + ## google\\_privateca\\_ca\\_pool\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CaPoolIamBinding("binding", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CaPoolIamBinding("binding", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_privateca\\_ca\\_pool\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CaPoolIamMember("member", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CaPoolIamMember("member", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + member="user:jane@example.com", + condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -474,10 +577,7 @@ def __init__(__self__, :param pulumi.Input[str] location: Location of the CaPool. A full list of valid locations can be found by running `gcloud privateca locations list`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -488,6 +588,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -618,6 +720,109 @@ def __init__(__self__, ``` + ## google\\_privateca\\_ca\\_pool\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + )]) + policy = gcp.certificateauthority.CaPoolIamPolicy("policy", + ca_pool=default["id"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.certificateauthority.CaPoolIamPolicy("policy", + ca_pool=default["id"], + policy_data=admin.policy_data) + ``` + + ## google\\_privateca\\_ca\\_pool\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CaPoolIamBinding("binding", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CaPoolIamBinding("binding", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_privateca\\_ca\\_pool\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CaPoolIamMember("member", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CaPoolIamMember("member", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + member="user:jane@example.com", + condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -728,10 +933,7 @@ def get(resource_name: str, :param pulumi.Input[str] location: Location of the CaPool. A full list of valid locations can be found by running `gcloud privateca locations list`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -742,6 +944,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -797,16 +1001,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -818,6 +1014,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/certificateauthority/ca_pool_iam_member.py b/sdk/python/pulumi_gcp/certificateauthority/ca_pool_iam_member.py index f1de0c57d3..01d6184766 100644 --- a/sdk/python/pulumi_gcp/certificateauthority/ca_pool_iam_member.py +++ b/sdk/python/pulumi_gcp/certificateauthority/ca_pool_iam_member.py @@ -25,18 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a CaPoolIamMember resource. :param pulumi.Input[str] ca_pool: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['CaPoolIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] location: Location of the CaPool. A full list of valid locations can be found by - running `gcloud privateca locations list`. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -47,6 +36,16 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['CaPoolIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] location: Location of the CaPool. A full list of valid locations can be found by + running `gcloud privateca locations list`. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "ca_pool", ca_pool) pulumi.set(__self__, "member", member) @@ -73,6 +72,19 @@ def ca_pool(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -126,18 +138,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -165,10 +165,7 @@ def __init__(__self__, *, :param pulumi.Input[str] location: Location of the CaPool. A full list of valid locations can be found by running `gcloud privateca locations list`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -179,6 +176,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -252,6 +251,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -264,18 +276,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -430,6 +430,109 @@ def __init__(__self__, ``` + ## google\\_privateca\\_ca\\_pool\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + )]) + policy = gcp.certificateauthority.CaPoolIamPolicy("policy", + ca_pool=default["id"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.certificateauthority.CaPoolIamPolicy("policy", + ca_pool=default["id"], + policy_data=admin.policy_data) + ``` + + ## google\\_privateca\\_ca\\_pool\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CaPoolIamBinding("binding", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CaPoolIamBinding("binding", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_privateca\\_ca\\_pool\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CaPoolIamMember("member", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CaPoolIamMember("member", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + member="user:jane@example.com", + condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -474,10 +577,7 @@ def __init__(__self__, :param pulumi.Input[str] location: Location of the CaPool. A full list of valid locations can be found by running `gcloud privateca locations list`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -488,6 +588,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -618,6 +720,109 @@ def __init__(__self__, ``` + ## google\\_privateca\\_ca\\_pool\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + )]) + policy = gcp.certificateauthority.CaPoolIamPolicy("policy", + ca_pool=default["id"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.certificateauthority.CaPoolIamPolicy("policy", + ca_pool=default["id"], + policy_data=admin.policy_data) + ``` + + ## google\\_privateca\\_ca\\_pool\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CaPoolIamBinding("binding", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CaPoolIamBinding("binding", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_privateca\\_ca\\_pool\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CaPoolIamMember("member", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CaPoolIamMember("member", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + member="user:jane@example.com", + condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -728,10 +933,7 @@ def get(resource_name: str, :param pulumi.Input[str] location: Location of the CaPool. A full list of valid locations can be found by running `gcloud privateca locations list`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -742,6 +944,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `certificateauthority.CaPoolIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -797,16 +1001,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -818,6 +1014,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/certificateauthority/ca_pool_iam_policy.py b/sdk/python/pulumi_gcp/certificateauthority/ca_pool_iam_policy.py index 4be24d156e..c7d9d84fa0 100644 --- a/sdk/python/pulumi_gcp/certificateauthority/ca_pool_iam_policy.py +++ b/sdk/python/pulumi_gcp/certificateauthority/ca_pool_iam_policy.py @@ -28,18 +28,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "ca_pool", ca_pool) pulumi.set(__self__, "policy_data", policy_data) @@ -93,18 +81,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -132,18 +108,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if ca_pool is not None: pulumi.set(__self__, "ca_pool", ca_pool) @@ -213,18 +177,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -363,6 +315,109 @@ def __init__(__self__, ``` + ## google\\_privateca\\_ca\\_pool\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + )]) + policy = gcp.certificateauthority.CaPoolIamPolicy("policy", + ca_pool=default["id"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.certificateauthority.CaPoolIamPolicy("policy", + ca_pool=default["id"], + policy_data=admin.policy_data) + ``` + + ## google\\_privateca\\_ca\\_pool\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CaPoolIamBinding("binding", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CaPoolIamBinding("binding", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_privateca\\_ca\\_pool\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CaPoolIamMember("member", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CaPoolIamMember("member", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + member="user:jane@example.com", + condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -409,18 +464,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -548,6 +591,109 @@ def __init__(__self__, ``` + ## google\\_privateca\\_ca\\_pool\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + )]) + policy = gcp.certificateauthority.CaPoolIamPolicy("policy", + ca_pool=default["id"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.certificateauthority.CaPoolIamPolicy("policy", + ca_pool=default["id"], + policy_data=admin.policy_data) + ``` + + ## google\\_privateca\\_ca\\_pool\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CaPoolIamBinding("binding", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CaPoolIamBinding("binding", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + members=["user:jane@example.com"], + condition=gcp.certificateauthority.CaPoolIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_privateca\\_ca\\_pool\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CaPoolIamMember("member", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CaPoolIamMember("member", + ca_pool=default["id"], + role="roles/privateca.certificateManager", + member="user:jane@example.com", + condition=gcp.certificateauthority.CaPoolIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -652,18 +798,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -717,18 +851,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/certificateauthority/certificate_template_iam_binding.py b/sdk/python/pulumi_gcp/certificateauthority/certificate_template_iam_binding.py index a1bbbd9ee5..95fb1d4853 100644 --- a/sdk/python/pulumi_gcp/certificateauthority/certificate_template_iam_binding.py +++ b/sdk/python/pulumi_gcp/certificateauthority/certificate_template_iam_binding.py @@ -25,15 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a CertificateTemplateIamBinding resource. :param pulumi.Input[str] certificate_template: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['CertificateTemplateIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +36,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['CertificateTemplateIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "certificate_template", certificate_template) pulumi.set(__self__, "members", members) @@ -70,6 +69,19 @@ def certificate_template(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -118,18 +130,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,10 +154,7 @@ def __init__(__self__, *, :param pulumi.Input['CertificateTemplateIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +165,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -236,6 +235,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -248,18 +260,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -414,6 +414,109 @@ def __init__(__self__, ``` + ## google\\_privateca\\_certificate\\_template\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + )]) + policy = gcp.certificateauthority.CertificateTemplateIamPolicy("policy", + certificate_template=default["id"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.certificateauthority.CertificateTemplateIamPolicy("policy", + certificate_template=default["id"], + policy_data=admin.policy_data) + ``` + + ## google\\_privateca\\_certificate\\_template\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CertificateTemplateIamBinding("binding", + certificate_template=default["id"], + role="roles/privateca.templateUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CertificateTemplateIamBinding("binding", + certificate_template=default["id"], + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_privateca\\_certificate\\_template\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CertificateTemplateIamMember("member", + certificate_template=default["id"], + role="roles/privateca.templateUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CertificateTemplateIamMember("member", + certificate_template=default["id"], + role="roles/privateca.templateUser", + member="user:jane@example.com", + condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -455,10 +558,7 @@ def __init__(__self__, :param pulumi.Input[str] certificate_template: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[pulumi.InputType['CertificateTemplateIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -469,6 +569,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -599,6 +701,109 @@ def __init__(__self__, ``` + ## google\\_privateca\\_certificate\\_template\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + )]) + policy = gcp.certificateauthority.CertificateTemplateIamPolicy("policy", + certificate_template=default["id"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.certificateauthority.CertificateTemplateIamPolicy("policy", + certificate_template=default["id"], + policy_data=admin.policy_data) + ``` + + ## google\\_privateca\\_certificate\\_template\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CertificateTemplateIamBinding("binding", + certificate_template=default["id"], + role="roles/privateca.templateUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CertificateTemplateIamBinding("binding", + certificate_template=default["id"], + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_privateca\\_certificate\\_template\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CertificateTemplateIamMember("member", + certificate_template=default["id"], + role="roles/privateca.templateUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CertificateTemplateIamMember("member", + certificate_template=default["id"], + role="roles/privateca.templateUser", + member="user:jane@example.com", + condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -706,10 +911,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['CertificateTemplateIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -720,6 +922,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -770,16 +974,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -791,6 +987,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/certificateauthority/certificate_template_iam_member.py b/sdk/python/pulumi_gcp/certificateauthority/certificate_template_iam_member.py index d69812d640..a911573c23 100644 --- a/sdk/python/pulumi_gcp/certificateauthority/certificate_template_iam_member.py +++ b/sdk/python/pulumi_gcp/certificateauthority/certificate_template_iam_member.py @@ -25,15 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a CertificateTemplateIamMember resource. :param pulumi.Input[str] certificate_template: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['CertificateTemplateIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +36,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['CertificateTemplateIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "certificate_template", certificate_template) pulumi.set(__self__, "member", member) @@ -70,6 +69,19 @@ def certificate_template(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -118,18 +130,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,10 +154,7 @@ def __init__(__self__, *, :param pulumi.Input['CertificateTemplateIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +165,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -236,6 +235,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -248,18 +260,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -414,6 +414,109 @@ def __init__(__self__, ``` + ## google\\_privateca\\_certificate\\_template\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + )]) + policy = gcp.certificateauthority.CertificateTemplateIamPolicy("policy", + certificate_template=default["id"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.certificateauthority.CertificateTemplateIamPolicy("policy", + certificate_template=default["id"], + policy_data=admin.policy_data) + ``` + + ## google\\_privateca\\_certificate\\_template\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CertificateTemplateIamBinding("binding", + certificate_template=default["id"], + role="roles/privateca.templateUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CertificateTemplateIamBinding("binding", + certificate_template=default["id"], + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_privateca\\_certificate\\_template\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CertificateTemplateIamMember("member", + certificate_template=default["id"], + role="roles/privateca.templateUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CertificateTemplateIamMember("member", + certificate_template=default["id"], + role="roles/privateca.templateUser", + member="user:jane@example.com", + condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -455,10 +558,7 @@ def __init__(__self__, :param pulumi.Input[str] certificate_template: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[pulumi.InputType['CertificateTemplateIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -469,6 +569,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -599,6 +701,109 @@ def __init__(__self__, ``` + ## google\\_privateca\\_certificate\\_template\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + )]) + policy = gcp.certificateauthority.CertificateTemplateIamPolicy("policy", + certificate_template=default["id"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.certificateauthority.CertificateTemplateIamPolicy("policy", + certificate_template=default["id"], + policy_data=admin.policy_data) + ``` + + ## google\\_privateca\\_certificate\\_template\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CertificateTemplateIamBinding("binding", + certificate_template=default["id"], + role="roles/privateca.templateUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CertificateTemplateIamBinding("binding", + certificate_template=default["id"], + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_privateca\\_certificate\\_template\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CertificateTemplateIamMember("member", + certificate_template=default["id"], + role="roles/privateca.templateUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CertificateTemplateIamMember("member", + certificate_template=default["id"], + role="roles/privateca.templateUser", + member="user:jane@example.com", + condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -706,10 +911,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['CertificateTemplateIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -720,6 +922,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `certificateauthority.CertificateTemplateIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -770,16 +974,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -791,6 +987,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/certificateauthority/certificate_template_iam_policy.py b/sdk/python/pulumi_gcp/certificateauthority/certificate_template_iam_policy.py index b809ee3044..0c1699e762 100644 --- a/sdk/python/pulumi_gcp/certificateauthority/certificate_template_iam_policy.py +++ b/sdk/python/pulumi_gcp/certificateauthority/certificate_template_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "certificate_template", certificate_template) pulumi.set(__self__, "policy_data", policy_data) @@ -85,18 +73,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -121,18 +97,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if certificate_template is not None: pulumi.set(__self__, "certificate_template", certificate_template) @@ -197,18 +161,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -347,6 +299,109 @@ def __init__(__self__, ``` + ## google\\_privateca\\_certificate\\_template\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + )]) + policy = gcp.certificateauthority.CertificateTemplateIamPolicy("policy", + certificate_template=default["id"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.certificateauthority.CertificateTemplateIamPolicy("policy", + certificate_template=default["id"], + policy_data=admin.policy_data) + ``` + + ## google\\_privateca\\_certificate\\_template\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CertificateTemplateIamBinding("binding", + certificate_template=default["id"], + role="roles/privateca.templateUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CertificateTemplateIamBinding("binding", + certificate_template=default["id"], + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_privateca\\_certificate\\_template\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CertificateTemplateIamMember("member", + certificate_template=default["id"], + role="roles/privateca.templateUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CertificateTemplateIamMember("member", + certificate_template=default["id"], + role="roles/privateca.templateUser", + member="user:jane@example.com", + condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -390,18 +445,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -529,6 +572,109 @@ def __init__(__self__, ``` + ## google\\_privateca\\_certificate\\_template\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + )]) + policy = gcp.certificateauthority.CertificateTemplateIamPolicy("policy", + certificate_template=default["id"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.certificateauthority.CertificateTemplateIamPolicy("policy", + certificate_template=default["id"], + policy_data=admin.policy_data) + ``` + + ## google\\_privateca\\_certificate\\_template\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CertificateTemplateIamBinding("binding", + certificate_template=default["id"], + role="roles/privateca.templateUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.certificateauthority.CertificateTemplateIamBinding("binding", + certificate_template=default["id"], + role="roles/privateca.templateUser", + members=["user:jane@example.com"], + condition=gcp.certificateauthority.CertificateTemplateIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_privateca\\_certificate\\_template\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CertificateTemplateIamMember("member", + certificate_template=default["id"], + role="roles/privateca.templateUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.certificateauthority.CertificateTemplateIamMember("member", + certificate_template=default["id"], + role="roles/privateca.templateUser", + member="user:jane@example.com", + condition=gcp.certificateauthority.CertificateTemplateIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -630,18 +776,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -690,18 +824,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudbuildv2/connection_iam_binding.py b/sdk/python/pulumi_gcp/cloudbuildv2/connection_iam_binding.py index c5a13f5bb3..63b02abdd3 100644 --- a/sdk/python/pulumi_gcp/cloudbuildv2/connection_iam_binding.py +++ b/sdk/python/pulumi_gcp/cloudbuildv2/connection_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a ConnectionIAMBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -117,18 +129,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,11 +151,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering ConnectionIAMBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +162,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -221,6 +220,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,57 @@ def __init__(__self__, ``` + ## google\\_cloudbuildv2\\_connection\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/cloudbuild.connectionViewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudbuildv2.ConnectionIAMPolicy("policy", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudbuildv2\\_connection\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudbuildv2.ConnectionIAMBinding("binding", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + role="roles/cloudbuild.connectionViewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudbuildv2\\_connection\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudbuildv2.ConnectionIAMMember("member", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + role="roles/cloudbuild.connectionViewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,11 +449,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +460,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_cloudbuildv2\\_connection\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/cloudbuild.connectionViewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudbuildv2.ConnectionIAMPolicy("policy", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudbuildv2\\_connection\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudbuildv2.ConnectionIAMBinding("binding", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + role="roles/cloudbuild.connectionViewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudbuildv2\\_connection\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudbuildv2.ConnectionIAMMember("member", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + role="roles/cloudbuild.connectionViewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -594,11 +695,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +706,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -650,6 +750,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -666,18 +779,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudbuildv2/connection_iam_member.py b/sdk/python/pulumi_gcp/cloudbuildv2/connection_iam_member.py index 7246f2dc75..16c5bba58f 100644 --- a/sdk/python/pulumi_gcp/cloudbuildv2/connection_iam_member.py +++ b/sdk/python/pulumi_gcp/cloudbuildv2/connection_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a ConnectionIAMMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -117,18 +129,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,11 +151,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering ConnectionIAMMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +162,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -221,6 +220,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,57 @@ def __init__(__self__, ``` + ## google\\_cloudbuildv2\\_connection\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/cloudbuild.connectionViewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudbuildv2.ConnectionIAMPolicy("policy", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudbuildv2\\_connection\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudbuildv2.ConnectionIAMBinding("binding", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + role="roles/cloudbuild.connectionViewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudbuildv2\\_connection\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudbuildv2.ConnectionIAMMember("member", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + role="roles/cloudbuild.connectionViewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,11 +449,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +460,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_cloudbuildv2\\_connection\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/cloudbuild.connectionViewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudbuildv2.ConnectionIAMPolicy("policy", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudbuildv2\\_connection\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudbuildv2.ConnectionIAMBinding("binding", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + role="roles/cloudbuild.connectionViewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudbuildv2\\_connection\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudbuildv2.ConnectionIAMMember("member", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + role="roles/cloudbuild.connectionViewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -594,11 +695,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +706,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudbuildv2.ConnectionIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -650,6 +750,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -666,18 +779,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudbuildv2/connection_iam_policy.py b/sdk/python/pulumi_gcp/cloudbuildv2/connection_iam_policy.py index fdbd1b4e9f..69b395b6fa 100644 --- a/sdk/python/pulumi_gcp/cloudbuildv2/connection_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudbuildv2/connection_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if location is not None: @@ -90,18 +78,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -127,18 +103,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -206,18 +170,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -302,6 +254,57 @@ def __init__(__self__, ``` + ## google\\_cloudbuildv2\\_connection\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/cloudbuild.connectionViewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudbuildv2.ConnectionIAMPolicy("policy", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudbuildv2\\_connection\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudbuildv2.ConnectionIAMBinding("binding", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + role="roles/cloudbuild.connectionViewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudbuildv2\\_connection\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudbuildv2.ConnectionIAMMember("member", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + role="roles/cloudbuild.connectionViewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -348,18 +351,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -433,6 +424,57 @@ def __init__(__self__, ``` + ## google\\_cloudbuildv2\\_connection\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/cloudbuild.connectionViewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudbuildv2.ConnectionIAMPolicy("policy", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudbuildv2\\_connection\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudbuildv2.ConnectionIAMBinding("binding", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + role="roles/cloudbuild.connectionViewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudbuildv2\\_connection\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudbuildv2.ConnectionIAMMember("member", + project=my_connection["project"], + location=my_connection["location"], + name=my_connection["name"], + role="roles/cloudbuild.connectionViewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -535,18 +577,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -598,18 +628,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudfunctions/function_iam_binding.py b/sdk/python/pulumi_gcp/cloudfunctions/function_iam_binding.py index e4e5cb4e9a..ce64e3798f 100644 --- a/sdk/python/pulumi_gcp/cloudfunctions/function_iam_binding.py +++ b/sdk/python/pulumi_gcp/cloudfunctions/function_iam_binding.py @@ -25,13 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a FunctionIamBinding resource. :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudfunctions.FunctionIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +36,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudfunctions.FunctionIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -71,6 +70,19 @@ def cloud_function(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -106,18 +118,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,10 +154,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering FunctionIamBinding resources. :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +165,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -226,6 +225,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -238,18 +250,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -364,6 +364,57 @@ def __init__(__self__, ``` + ## google\\_cloudfunctions\\_function\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudfunctions.FunctionIamPolicy("policy", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudfunctions\\_function\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudfunctions.FunctionIamBinding("binding", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudfunctions\\_function\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudfunctions.FunctionIamMember("member", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -405,10 +456,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -419,6 +467,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -498,6 +548,57 @@ def __init__(__self__, ``` + ## google\\_cloudfunctions\\_function\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudfunctions.FunctionIamPolicy("policy", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudfunctions\\_function\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudfunctions.FunctionIamBinding("binding", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudfunctions\\_function\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudfunctions.FunctionIamMember("member", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -605,10 +706,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -619,6 +717,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -663,16 +763,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -684,6 +776,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/cloudfunctions/function_iam_member.py b/sdk/python/pulumi_gcp/cloudfunctions/function_iam_member.py index c53194fc26..a7c0c3adaa 100644 --- a/sdk/python/pulumi_gcp/cloudfunctions/function_iam_member.py +++ b/sdk/python/pulumi_gcp/cloudfunctions/function_iam_member.py @@ -25,13 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a FunctionIamMember resource. :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudfunctions.FunctionIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +36,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudfunctions.FunctionIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -71,6 +70,19 @@ def cloud_function(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -106,18 +118,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,10 +154,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering FunctionIamMember resources. :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +165,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -226,6 +225,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -238,18 +250,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -364,6 +364,57 @@ def __init__(__self__, ``` + ## google\\_cloudfunctions\\_function\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudfunctions.FunctionIamPolicy("policy", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudfunctions\\_function\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudfunctions.FunctionIamBinding("binding", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudfunctions\\_function\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudfunctions.FunctionIamMember("member", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -405,10 +456,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -419,6 +467,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -498,6 +548,57 @@ def __init__(__self__, ``` + ## google\\_cloudfunctions\\_function\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudfunctions.FunctionIamPolicy("policy", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudfunctions\\_function\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudfunctions.FunctionIamBinding("binding", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudfunctions\\_function\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudfunctions.FunctionIamMember("member", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -605,10 +706,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -619,6 +717,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -663,16 +763,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -684,6 +776,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/cloudfunctions/function_iam_policy.py b/sdk/python/pulumi_gcp/cloudfunctions/function_iam_policy.py index 1020961025..c051bae1db 100644 --- a/sdk/python/pulumi_gcp/cloudfunctions/function_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudfunctions/function_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -79,18 +67,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -129,18 +105,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -199,18 +163,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -309,6 +261,57 @@ def __init__(__self__, ``` + ## google\\_cloudfunctions\\_function\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudfunctions.FunctionIamPolicy("policy", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudfunctions\\_function\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudfunctions.FunctionIamBinding("binding", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudfunctions\\_function\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudfunctions.FunctionIamMember("member", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -354,18 +357,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -442,6 +433,57 @@ def __init__(__self__, ``` + ## google\\_cloudfunctions\\_function\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudfunctions.FunctionIamPolicy("policy", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudfunctions\\_function\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudfunctions.FunctionIamBinding("binding", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudfunctions\\_function\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudfunctions.FunctionIamMember("member", + project=function["project"], + region=function["region"], + cloud_function=function["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -545,18 +587,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The location of this cloud function. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -603,18 +633,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudfunctionsv2/function_iam_binding.py b/sdk/python/pulumi_gcp/cloudfunctionsv2/function_iam_binding.py index a53f5a7652..44b9b9bfc9 100644 --- a/sdk/python/pulumi_gcp/cloudfunctionsv2/function_iam_binding.py +++ b/sdk/python/pulumi_gcp/cloudfunctionsv2/function_iam_binding.py @@ -25,14 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a FunctionIamBinding resource. :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location of this cloud function. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +36,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location of this cloud function. Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "cloud_function", cloud_function) pulumi.set(__self__, "members", members) @@ -69,6 +68,19 @@ def cloud_function(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -116,18 +128,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,10 +151,7 @@ def __init__(__self__, *, :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of this cloud function. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -165,6 +162,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -232,6 +231,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -244,18 +256,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -356,6 +356,57 @@ def __init__(__self__, ``` + ## google\\_cloudfunctions2\\_function\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudfunctionsv2.FunctionIamPolicy("policy", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudfunctions2\\_function\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudfunctionsv2.FunctionIamBinding("binding", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudfunctions2\\_function\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudfunctionsv2.FunctionIamMember("member", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,10 +449,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The location of this cloud function. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -412,6 +460,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -488,6 +538,57 @@ def __init__(__self__, ``` + ## google\\_cloudfunctions2\\_function\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudfunctionsv2.FunctionIamPolicy("policy", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudfunctions2\\_function\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudfunctionsv2.FunctionIamBinding("binding", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudfunctions2\\_function\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudfunctionsv2.FunctionIamMember("member", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -596,10 +697,7 @@ def get(resource_name: str, :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of this cloud function. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -610,6 +708,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -659,16 +759,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -680,6 +772,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/cloudfunctionsv2/function_iam_member.py b/sdk/python/pulumi_gcp/cloudfunctionsv2/function_iam_member.py index b36e9314cb..76d12d70f6 100644 --- a/sdk/python/pulumi_gcp/cloudfunctionsv2/function_iam_member.py +++ b/sdk/python/pulumi_gcp/cloudfunctionsv2/function_iam_member.py @@ -25,14 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a FunctionIamMember resource. :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location of this cloud function. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +36,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location of this cloud function. Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "cloud_function", cloud_function) pulumi.set(__self__, "member", member) @@ -69,6 +68,19 @@ def cloud_function(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -116,18 +128,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,10 +151,7 @@ def __init__(__self__, *, :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of this cloud function. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -165,6 +162,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -232,6 +231,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -244,18 +256,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -356,6 +356,57 @@ def __init__(__self__, ``` + ## google\\_cloudfunctions2\\_function\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudfunctionsv2.FunctionIamPolicy("policy", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudfunctions2\\_function\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudfunctionsv2.FunctionIamBinding("binding", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudfunctions2\\_function\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudfunctionsv2.FunctionIamMember("member", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,10 +449,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The location of this cloud function. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -412,6 +460,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -488,6 +538,57 @@ def __init__(__self__, ``` + ## google\\_cloudfunctions2\\_function\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudfunctionsv2.FunctionIamPolicy("policy", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudfunctions2\\_function\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudfunctionsv2.FunctionIamBinding("binding", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudfunctions2\\_function\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudfunctionsv2.FunctionIamMember("member", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -596,10 +697,7 @@ def get(resource_name: str, :param pulumi.Input[str] cloud_function: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of this cloud function. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -610,6 +708,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudfunctionsv2.FunctionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -659,16 +759,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -680,6 +772,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/cloudfunctionsv2/function_iam_policy.py b/sdk/python/pulumi_gcp/cloudfunctionsv2/function_iam_policy.py index e51f654d9e..9c1da02e78 100644 --- a/sdk/python/pulumi_gcp/cloudfunctionsv2/function_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudfunctionsv2/function_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, :param pulumi.Input[str] location: The location of this cloud function. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "cloud_function", cloud_function) pulumi.set(__self__, "policy_data", policy_data) @@ -89,18 +77,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -126,18 +102,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if cloud_function is not None: pulumi.set(__self__, "cloud_function", cloud_function) @@ -205,18 +169,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -301,6 +253,57 @@ def __init__(__self__, ``` + ## google\\_cloudfunctions2\\_function\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudfunctionsv2.FunctionIamPolicy("policy", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudfunctions2\\_function\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudfunctionsv2.FunctionIamBinding("binding", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudfunctions2\\_function\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudfunctionsv2.FunctionIamMember("member", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -347,18 +350,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -432,6 +423,57 @@ def __init__(__self__, ``` + ## google\\_cloudfunctions2\\_function\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudfunctionsv2.FunctionIamPolicy("policy", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloudfunctions2\\_function\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudfunctionsv2.FunctionIamBinding("binding", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloudfunctions2\\_function\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudfunctionsv2.FunctionIamMember("member", + project=function["project"], + location=function["location"], + cloud_function=function["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -536,18 +578,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -599,18 +629,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudrun/iam_binding.py b/sdk/python/pulumi_gcp/cloudrun/iam_binding.py index 67ad7a4ace..4e382b3fb3 100644 --- a/sdk/python/pulumi_gcp/cloudrun/iam_binding.py +++ b/sdk/python/pulumi_gcp/cloudrun/iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a IamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] location: The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] location: The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -57,6 +56,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -116,18 +128,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -150,10 +150,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering IamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,6 +161,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -220,6 +219,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -232,18 +244,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -356,6 +356,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrun.IamPolicy("policy", + location=default["location"], + project=default["project"], + service=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrun.IamBinding("binding", + location=default["location"], + project=default["project"], + service=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrun.IamMember("member", + location=default["location"], + project=default["project"], + service=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -397,10 +448,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -411,6 +459,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -488,6 +538,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrun.IamPolicy("policy", + location=default["location"], + project=default["project"], + service=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrun.IamBinding("binding", + location=default["location"], + project=default["project"], + service=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrun.IamMember("member", + location=default["location"], + project=default["project"], + service=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -595,10 +696,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +707,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -651,16 +751,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -672,6 +764,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/cloudrun/iam_member.py b/sdk/python/pulumi_gcp/cloudrun/iam_member.py index 0e02de2658..4e2e99ec89 100644 --- a/sdk/python/pulumi_gcp/cloudrun/iam_member.py +++ b/sdk/python/pulumi_gcp/cloudrun/iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a IamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] location: The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] location: The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -57,6 +56,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -116,18 +128,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -150,10 +150,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering IamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,6 +161,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -220,6 +219,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -232,18 +244,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -356,6 +356,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrun.IamPolicy("policy", + location=default["location"], + project=default["project"], + service=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrun.IamBinding("binding", + location=default["location"], + project=default["project"], + service=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrun.IamMember("member", + location=default["location"], + project=default["project"], + service=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -397,10 +448,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -411,6 +459,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -488,6 +538,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrun.IamPolicy("policy", + location=default["location"], + project=default["project"], + service=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrun.IamBinding("binding", + location=default["location"], + project=default["project"], + service=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrun.IamMember("member", + location=default["location"], + project=default["project"], + service=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -595,10 +696,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +707,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrun.IamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -651,16 +751,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -672,6 +764,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/cloudrun/iam_policy.py b/sdk/python/pulumi_gcp/cloudrun/iam_policy.py index 3ee7e7e3c7..809be2e9af 100644 --- a/sdk/python/pulumi_gcp/cloudrun/iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudrun/iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, :param pulumi.Input[str] location: The location of the cloud run instance. eg us-central1 Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "service", service) @@ -89,18 +77,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -125,18 +101,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] service: Used to find the parent resource to bind the IAM policy to """ if etag is not None: @@ -193,18 +157,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -301,6 +253,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrun.IamPolicy("policy", + location=default["location"], + project=default["project"], + service=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrun.IamBinding("binding", + location=default["location"], + project=default["project"], + service=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrun.IamMember("member", + location=default["location"], + project=default["project"], + service=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -346,18 +349,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] service: Used to find the parent resource to bind the IAM policy to """ ... @@ -432,6 +423,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrun.IamPolicy("policy", + location=default["location"], + project=default["project"], + service=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrun.IamBinding("binding", + location=default["location"], + project=default["project"], + service=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrun.IamMember("member", + location=default["location"], + project=default["project"], + service=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -535,18 +577,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] service: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -591,18 +621,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudrunv2/job_iam_binding.py b/sdk/python/pulumi_gcp/cloudrunv2/job_iam_binding.py index d9defdb663..1b639f21df 100644 --- a/sdk/python/pulumi_gcp/cloudrunv2/job_iam_binding.py +++ b/sdk/python/pulumi_gcp/cloudrunv2/job_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a JobIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location of the cloud run job Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location of the cloud run job Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -117,18 +129,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,11 +151,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering JobIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the cloud run job Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +162,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -221,6 +220,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrunv2.JobIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrunv2.JobIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrunv2.JobIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,11 +449,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location of the cloud run job Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +460,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrunv2.JobIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrunv2.JobIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrunv2.JobIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -594,11 +695,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the cloud run job Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +706,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -650,6 +750,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -666,18 +779,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudrunv2/job_iam_member.py b/sdk/python/pulumi_gcp/cloudrunv2/job_iam_member.py index 892915e069..5adcf00b72 100644 --- a/sdk/python/pulumi_gcp/cloudrunv2/job_iam_member.py +++ b/sdk/python/pulumi_gcp/cloudrunv2/job_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a JobIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location of the cloud run job Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location of the cloud run job Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -117,18 +129,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,11 +151,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering JobIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the cloud run job Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +162,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -221,6 +220,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrunv2.JobIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrunv2.JobIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrunv2.JobIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,11 +449,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location of the cloud run job Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +460,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrunv2.JobIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrunv2.JobIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrunv2.JobIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -594,11 +695,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the cloud run job Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +706,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrunv2.JobIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -650,6 +750,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -666,18 +779,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudrunv2/job_iam_policy.py b/sdk/python/pulumi_gcp/cloudrunv2/job_iam_policy.py index 2544d80b43..0d9206ca77 100644 --- a/sdk/python/pulumi_gcp/cloudrunv2/job_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudrunv2/job_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if location is not None: @@ -90,18 +78,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -127,18 +103,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -206,18 +170,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -302,6 +254,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrunv2.JobIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrunv2.JobIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrunv2.JobIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -348,18 +351,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -433,6 +424,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrunv2.JobIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrunv2.JobIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_v2\\_job\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrunv2.JobIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -535,18 +577,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -598,18 +628,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudrunv2/service_iam_binding.py b/sdk/python/pulumi_gcp/cloudrunv2/service_iam_binding.py index aa252c1eab..afa6eb8ed2 100644 --- a/sdk/python/pulumi_gcp/cloudrunv2/service_iam_binding.py +++ b/sdk/python/pulumi_gcp/cloudrunv2/service_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a ServiceIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location of the cloud run service Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location of the cloud run service Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -117,18 +129,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,11 +151,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering ServiceIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the cloud run service Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +162,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -221,6 +220,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrunv2.ServiceIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrunv2.ServiceIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrunv2.ServiceIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,11 +449,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location of the cloud run service Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +460,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrunv2.ServiceIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrunv2.ServiceIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrunv2.ServiceIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -594,11 +695,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the cloud run service Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +706,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -650,6 +750,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -666,18 +779,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudrunv2/service_iam_member.py b/sdk/python/pulumi_gcp/cloudrunv2/service_iam_member.py index cb51685049..11f9355506 100644 --- a/sdk/python/pulumi_gcp/cloudrunv2/service_iam_member.py +++ b/sdk/python/pulumi_gcp/cloudrunv2/service_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a ServiceIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location of the cloud run service Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location of the cloud run service Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -117,18 +129,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,11 +151,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering ServiceIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the cloud run service Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +162,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -221,6 +220,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrunv2.ServiceIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrunv2.ServiceIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrunv2.ServiceIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,11 +449,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location of the cloud run service Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +460,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrunv2.ServiceIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrunv2.ServiceIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrunv2.ServiceIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -594,11 +695,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the cloud run service Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +706,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudrunv2.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -650,6 +750,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -666,18 +779,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudrunv2/service_iam_policy.py b/sdk/python/pulumi_gcp/cloudrunv2/service_iam_policy.py index 63d4bb3fd4..ff93d78ac3 100644 --- a/sdk/python/pulumi_gcp/cloudrunv2/service_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudrunv2/service_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if location is not None: @@ -90,18 +78,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -127,18 +103,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -206,18 +170,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -302,6 +254,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrunv2.ServiceIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrunv2.ServiceIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrunv2.ServiceIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -348,18 +351,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -433,6 +424,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudrunv2.ServiceIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudrunv2.ServiceIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_run\\_v2\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudrunv2.ServiceIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -535,18 +577,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -598,18 +628,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudtasks/queue_iam_binding.py b/sdk/python/pulumi_gcp/cloudtasks/queue_iam_binding.py index a32151fb09..b796fcb6f6 100644 --- a/sdk/python/pulumi_gcp/cloudtasks/queue_iam_binding.py +++ b/sdk/python/pulumi_gcp/cloudtasks/queue_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a QueueIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location of the queue Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location of the queue Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -117,18 +129,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,11 +151,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering QueueIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the queue Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +162,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -221,6 +220,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_tasks\\_queue\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudtasks.QueueIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_tasks\\_queue\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudtasks.QueueIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_tasks\\_queue\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudtasks.QueueIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,11 +449,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location of the queue Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +460,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_tasks\\_queue\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudtasks.QueueIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_tasks\\_queue\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudtasks.QueueIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_tasks\\_queue\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudtasks.QueueIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -594,11 +695,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the queue Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +706,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -650,6 +750,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -666,18 +779,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudtasks/queue_iam_member.py b/sdk/python/pulumi_gcp/cloudtasks/queue_iam_member.py index 14a1061e04..1cd06c7b81 100644 --- a/sdk/python/pulumi_gcp/cloudtasks/queue_iam_member.py +++ b/sdk/python/pulumi_gcp/cloudtasks/queue_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a QueueIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location of the queue Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location of the queue Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -117,18 +129,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,11 +151,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering QueueIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the queue Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +162,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -221,6 +220,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_tasks\\_queue\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudtasks.QueueIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_tasks\\_queue\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudtasks.QueueIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_tasks\\_queue\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudtasks.QueueIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,11 +449,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location of the queue Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +460,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_tasks\\_queue\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudtasks.QueueIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_tasks\\_queue\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudtasks.QueueIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_tasks\\_queue\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudtasks.QueueIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -594,11 +695,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location of the queue Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +706,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `cloudtasks.QueueIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -650,6 +750,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -666,18 +779,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/cloudtasks/queue_iam_policy.py b/sdk/python/pulumi_gcp/cloudtasks/queue_iam_policy.py index 1313cd23df..16b9bb3781 100644 --- a/sdk/python/pulumi_gcp/cloudtasks/queue_iam_policy.py +++ b/sdk/python/pulumi_gcp/cloudtasks/queue_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if location is not None: @@ -90,18 +78,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -127,18 +103,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -206,18 +170,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -302,6 +254,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_tasks\\_queue\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudtasks.QueueIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_tasks\\_queue\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudtasks.QueueIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_tasks\\_queue\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudtasks.QueueIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -348,18 +351,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -433,6 +424,57 @@ def __init__(__self__, ``` + ## google\\_cloud\\_tasks\\_queue\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.cloudtasks.QueueIamPolicy("policy", + project=default["project"], + location=default["location"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_cloud\\_tasks\\_queue\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.cloudtasks.QueueIamBinding("binding", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_cloud\\_tasks\\_queue\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.cloudtasks.QueueIamMember("member", + project=default["project"], + location=default["location"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -535,18 +577,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -598,18 +628,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/backend_bucket_iam_binding.py b/sdk/python/pulumi_gcp/compute/backend_bucket_iam_binding.py index 6de71b17cb..866e8a4e04 100644 --- a/sdk/python/pulumi_gcp/compute/backend_bucket_iam_binding.py +++ b/sdk/python/pulumi_gcp/compute/backend_bucket_iam_binding.py @@ -23,14 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a BackendBucketIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +34,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -54,6 +53,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -101,18 +113,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -133,11 +133,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering BackendBucketIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -148,6 +144,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -189,6 +188,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -213,18 +225,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -297,11 +297,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -312,6 +308,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -422,11 +421,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -437,6 +432,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -469,6 +467,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -485,18 +496,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/backend_bucket_iam_member.py b/sdk/python/pulumi_gcp/compute/backend_bucket_iam_member.py index b1071184b0..48645b0871 100644 --- a/sdk/python/pulumi_gcp/compute/backend_bucket_iam_member.py +++ b/sdk/python/pulumi_gcp/compute/backend_bucket_iam_member.py @@ -23,14 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a BackendBucketIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +34,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -54,6 +53,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -101,18 +113,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -133,11 +133,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering BackendBucketIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -148,6 +144,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -189,6 +188,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -213,18 +225,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -297,11 +297,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -312,6 +308,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -422,11 +421,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -437,6 +432,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.BackendBucketIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -469,6 +467,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -485,18 +496,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/backend_bucket_iam_policy.py b/sdk/python/pulumi_gcp/compute/backend_bucket_iam_policy.py index 8605d3fc87..0f126dd567 100644 --- a/sdk/python/pulumi_gcp/compute/backend_bucket_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/backend_bucket_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if name is not None: @@ -74,18 +62,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -109,18 +85,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -174,18 +138,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -247,18 +199,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -363,18 +303,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -417,18 +345,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/backend_service_iam_binding.py b/sdk/python/pulumi_gcp/compute/backend_service_iam_binding.py index f7f1ac95d7..15510c040f 100644 --- a/sdk/python/pulumi_gcp/compute/backend_service_iam_binding.py +++ b/sdk/python/pulumi_gcp/compute/backend_service_iam_binding.py @@ -23,16 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a BackendServiceIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['BackendServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +34,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['BackendServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -56,6 +55,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -107,18 +119,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -141,11 +141,7 @@ def __init__(__self__, *, :param pulumi.Input['BackendServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,6 +152,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -201,6 +200,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -225,18 +237,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -311,11 +311,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['BackendServiceIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -326,6 +322,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -438,11 +437,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['BackendServiceIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -453,6 +448,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +487,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -505,18 +516,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/backend_service_iam_member.py b/sdk/python/pulumi_gcp/compute/backend_service_iam_member.py index f1032f7c60..9c413ef57c 100644 --- a/sdk/python/pulumi_gcp/compute/backend_service_iam_member.py +++ b/sdk/python/pulumi_gcp/compute/backend_service_iam_member.py @@ -23,16 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a BackendServiceIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['BackendServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +34,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['BackendServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -56,6 +55,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -107,18 +119,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -141,11 +141,7 @@ def __init__(__self__, *, :param pulumi.Input['BackendServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -156,6 +152,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -201,6 +200,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -225,18 +237,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -311,11 +311,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['BackendServiceIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -326,6 +322,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -438,11 +437,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['BackendServiceIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -453,6 +448,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.BackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +487,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -505,18 +516,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/backend_service_iam_policy.py b/sdk/python/pulumi_gcp/compute/backend_service_iam_policy.py index 17f82f5dbf..0f618c2cf1 100644 --- a/sdk/python/pulumi_gcp/compute/backend_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/backend_service_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if name is not None: @@ -74,18 +62,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -109,18 +85,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -174,18 +138,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -247,18 +199,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -363,18 +303,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -417,18 +345,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/disk_iam_binding.py b/sdk/python/pulumi_gcp/compute/disk_iam_binding.py index 064222fd75..92acca474d 100644 --- a/sdk/python/pulumi_gcp/compute/disk_iam_binding.py +++ b/sdk/python/pulumi_gcp/compute/disk_iam_binding.py @@ -24,14 +24,7 @@ def __init__(__self__, *, zone: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a DiskIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +35,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] zone: A reference to the zone where the disk resides. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. @@ -60,6 +59,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -107,18 +119,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,11 +154,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering DiskIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +165,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -215,6 +214,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -239,18 +251,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -365,6 +365,57 @@ def __init__(__self__, ``` + ## google\\_compute\\_disk\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.DiskIamPolicy("policy", + project=default["project"], + zone=default["zone"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_disk\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.DiskIamBinding("binding", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_disk\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.DiskIamMember("member", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -405,11 +456,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -420,6 +467,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -499,6 +549,57 @@ def __init__(__self__, ``` + ## google\\_compute\\_disk\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.DiskIamPolicy("policy", + project=default["project"], + zone=default["zone"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_disk\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.DiskIamBinding("binding", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_disk\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.DiskIamMember("member", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -603,11 +704,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -618,6 +715,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -654,6 +754,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -670,18 +783,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/disk_iam_member.py b/sdk/python/pulumi_gcp/compute/disk_iam_member.py index 4ef3693175..9de810ba36 100644 --- a/sdk/python/pulumi_gcp/compute/disk_iam_member.py +++ b/sdk/python/pulumi_gcp/compute/disk_iam_member.py @@ -24,14 +24,7 @@ def __init__(__self__, *, zone: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a DiskIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +35,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] zone: A reference to the zone where the disk resides. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. @@ -60,6 +59,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -107,18 +119,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,11 +154,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering DiskIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +165,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -215,6 +214,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -239,18 +251,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -365,6 +365,57 @@ def __init__(__self__, ``` + ## google\\_compute\\_disk\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.DiskIamPolicy("policy", + project=default["project"], + zone=default["zone"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_disk\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.DiskIamBinding("binding", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_disk\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.DiskIamMember("member", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -405,11 +456,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -420,6 +467,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -499,6 +549,57 @@ def __init__(__self__, ``` + ## google\\_compute\\_disk\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.DiskIamPolicy("policy", + project=default["project"], + zone=default["zone"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_disk\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.DiskIamBinding("binding", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_disk\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.DiskIamMember("member", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -603,11 +704,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -618,6 +715,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -654,6 +754,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -670,18 +783,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/disk_iam_policy.py b/sdk/python/pulumi_gcp/compute/disk_iam_policy.py index 2bed4f3c94..4d71d0a98e 100644 --- a/sdk/python/pulumi_gcp/compute/disk_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/disk_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] zone: A reference to the zone where the disk resides. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. @@ -80,18 +68,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -130,18 +106,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] zone: A reference to the zone where the disk resides. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. @@ -200,18 +164,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -310,6 +262,57 @@ def __init__(__self__, ``` + ## google\\_compute\\_disk\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.DiskIamPolicy("policy", + project=default["project"], + zone=default["zone"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_disk\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.DiskIamBinding("binding", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_disk\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.DiskIamMember("member", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -355,18 +358,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] zone: A reference to the zone where the disk resides. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. @@ -443,6 +434,57 @@ def __init__(__self__, ``` + ## google\\_compute\\_disk\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.DiskIamPolicy("policy", + project=default["project"], + zone=default["zone"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_disk\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.DiskIamBinding("binding", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_disk\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.DiskIamMember("member", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -544,18 +586,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] zone: A reference to the zone where the disk resides. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. @@ -602,18 +632,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/image_iam_binding.py b/sdk/python/pulumi_gcp/compute/image_iam_binding.py index 1035accaa2..fa0333a6f2 100644 --- a/sdk/python/pulumi_gcp/compute/image_iam_binding.py +++ b/sdk/python/pulumi_gcp/compute/image_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a ImageIamBinding resource. :param pulumi.Input[str] image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['ImageIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['ImageIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "image", image) pulumi.set(__self__, "members", members) @@ -67,6 +66,19 @@ def image(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -106,18 +118,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -141,10 +141,7 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -155,6 +152,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -212,6 +211,19 @@ def image(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -224,18 +236,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -395,6 +395,115 @@ def __init__(__self__, ``` + ## google\\_compute\\_image\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.imageUser", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.ImageIamPolicy("policy", + project=example["project"], + image=example["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.imageUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.ImageIamPolicy("policy", + project=example["project"], + image=example["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_image\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.ImageIamBinding("binding", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.ImageIamBinding("binding", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + members=["user:jane@example.com"], + condition=gcp.compute.ImageIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_image\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.ImageIamMember("member", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.ImageIamMember("member", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + member="user:jane@example.com", + condition=gcp.compute.ImageIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -436,10 +545,7 @@ def __init__(__self__, :param pulumi.Input[pulumi.InputType['ImageIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -450,6 +556,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -586,6 +694,115 @@ def __init__(__self__, ``` + ## google\\_compute\\_image\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.imageUser", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.ImageIamPolicy("policy", + project=example["project"], + image=example["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.imageUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.ImageIamPolicy("policy", + project=example["project"], + image=example["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_image\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.ImageIamBinding("binding", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.ImageIamBinding("binding", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + members=["user:jane@example.com"], + condition=gcp.compute.ImageIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_image\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.ImageIamMember("member", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.ImageIamMember("member", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + member="user:jane@example.com", + condition=gcp.compute.ImageIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -690,10 +907,7 @@ def get(resource_name: str, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -704,6 +918,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -748,16 +964,8 @@ def image(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -769,6 +977,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/compute/image_iam_member.py b/sdk/python/pulumi_gcp/compute/image_iam_member.py index 2835d16513..8025d24120 100644 --- a/sdk/python/pulumi_gcp/compute/image_iam_member.py +++ b/sdk/python/pulumi_gcp/compute/image_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a ImageIamMember resource. :param pulumi.Input[str] image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['ImageIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['ImageIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "image", image) pulumi.set(__self__, "member", member) @@ -67,6 +66,19 @@ def image(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -106,18 +118,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -141,10 +141,7 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -155,6 +152,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -212,6 +211,19 @@ def image(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -224,18 +236,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -395,6 +395,115 @@ def __init__(__self__, ``` + ## google\\_compute\\_image\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.imageUser", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.ImageIamPolicy("policy", + project=example["project"], + image=example["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.imageUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.ImageIamPolicy("policy", + project=example["project"], + image=example["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_image\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.ImageIamBinding("binding", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.ImageIamBinding("binding", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + members=["user:jane@example.com"], + condition=gcp.compute.ImageIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_image\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.ImageIamMember("member", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.ImageIamMember("member", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + member="user:jane@example.com", + condition=gcp.compute.ImageIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -436,10 +545,7 @@ def __init__(__self__, :param pulumi.Input[pulumi.InputType['ImageIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -450,6 +556,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -586,6 +694,115 @@ def __init__(__self__, ``` + ## google\\_compute\\_image\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.imageUser", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.ImageIamPolicy("policy", + project=example["project"], + image=example["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.imageUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.ImageIamPolicy("policy", + project=example["project"], + image=example["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_image\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.ImageIamBinding("binding", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.ImageIamBinding("binding", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + members=["user:jane@example.com"], + condition=gcp.compute.ImageIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_image\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.ImageIamMember("member", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.ImageIamMember("member", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + member="user:jane@example.com", + condition=gcp.compute.ImageIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -690,10 +907,7 @@ def get(resource_name: str, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -704,6 +918,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.ImageIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -748,16 +964,8 @@ def image(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -769,6 +977,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/compute/image_iam_policy.py b/sdk/python/pulumi_gcp/compute/image_iam_policy.py index 3cf3c86c9b..1e44cbb478 100644 --- a/sdk/python/pulumi_gcp/compute/image_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/image_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "image", image) pulumi.set(__self__, "policy_data", policy_data) @@ -73,18 +61,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -108,18 +84,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -173,18 +137,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -328,6 +280,115 @@ def __init__(__self__, ``` + ## google\\_compute\\_image\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.imageUser", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.ImageIamPolicy("policy", + project=example["project"], + image=example["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.imageUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.ImageIamPolicy("policy", + project=example["project"], + image=example["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_image\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.ImageIamBinding("binding", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.ImageIamBinding("binding", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + members=["user:jane@example.com"], + condition=gcp.compute.ImageIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_image\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.ImageIamMember("member", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.ImageIamMember("member", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + member="user:jane@example.com", + condition=gcp.compute.ImageIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -371,18 +432,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -516,6 +565,115 @@ def __init__(__self__, ``` + ## google\\_compute\\_image\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.imageUser", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.ImageIamPolicy("policy", + project=example["project"], + image=example["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.imageUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.ImageIamPolicy("policy", + project=example["project"], + image=example["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_image\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.ImageIamBinding("binding", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.ImageIamBinding("binding", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + members=["user:jane@example.com"], + condition=gcp.compute.ImageIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_image\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.ImageIamMember("member", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.ImageIamMember("member", + project=example["project"], + image=example["name"], + role="roles/compute.imageUser", + member="user:jane@example.com", + condition=gcp.compute.ImageIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -614,18 +772,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -668,18 +814,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/instance_iam_binding.py b/sdk/python/pulumi_gcp/compute/instance_iam_binding.py index d8e2eeaf0a..c70de39351 100644 --- a/sdk/python/pulumi_gcp/compute/instance_iam_binding.py +++ b/sdk/python/pulumi_gcp/compute/instance_iam_binding.py @@ -25,15 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a InstanceIAMBinding resource. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['InstanceIAMBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +36,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['InstanceIAMBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] zone: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. @@ -73,6 +72,19 @@ def instance_name(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -112,18 +124,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -162,10 +162,7 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -176,6 +173,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -238,6 +237,19 @@ def instance_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -250,18 +262,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -442,6 +442,121 @@ def __init__(__self__, ``` + ## google\\_compute\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.osLogin", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.InstanceIAMPolicy("policy", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.osLogin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.InstanceIAMPolicy("policy", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.InstanceIAMBinding("binding", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.InstanceIAMBinding("binding", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + members=["user:jane@example.com"], + condition=gcp.compute.InstanceIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.InstanceIAMMember("member", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.InstanceIAMMember("member", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + member="user:jane@example.com", + condition=gcp.compute.InstanceIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -485,10 +600,7 @@ def __init__(__self__, :param pulumi.Input[pulumi.InputType['InstanceIAMBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -499,6 +611,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -644,6 +758,121 @@ def __init__(__self__, ``` + ## google\\_compute\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.osLogin", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.InstanceIAMPolicy("policy", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.osLogin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.InstanceIAMPolicy("policy", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.InstanceIAMBinding("binding", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.InstanceIAMBinding("binding", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + members=["user:jane@example.com"], + condition=gcp.compute.InstanceIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.InstanceIAMMember("member", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.InstanceIAMMember("member", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + member="user:jane@example.com", + condition=gcp.compute.InstanceIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -753,10 +982,7 @@ def get(resource_name: str, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -767,6 +993,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -815,16 +1043,8 @@ def instance_name(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -836,6 +1056,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/compute/instance_iam_member.py b/sdk/python/pulumi_gcp/compute/instance_iam_member.py index 0a6f64915e..822a030988 100644 --- a/sdk/python/pulumi_gcp/compute/instance_iam_member.py +++ b/sdk/python/pulumi_gcp/compute/instance_iam_member.py @@ -25,15 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a InstanceIAMMember resource. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['InstanceIAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +36,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['InstanceIAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] zone: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. @@ -73,6 +72,19 @@ def instance_name(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -112,18 +124,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -162,10 +162,7 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -176,6 +173,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -238,6 +237,19 @@ def instance_name(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -250,18 +262,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -442,6 +442,121 @@ def __init__(__self__, ``` + ## google\\_compute\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.osLogin", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.InstanceIAMPolicy("policy", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.osLogin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.InstanceIAMPolicy("policy", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.InstanceIAMBinding("binding", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.InstanceIAMBinding("binding", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + members=["user:jane@example.com"], + condition=gcp.compute.InstanceIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.InstanceIAMMember("member", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.InstanceIAMMember("member", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + member="user:jane@example.com", + condition=gcp.compute.InstanceIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -485,10 +600,7 @@ def __init__(__self__, :param pulumi.Input[pulumi.InputType['InstanceIAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -499,6 +611,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -644,6 +758,121 @@ def __init__(__self__, ``` + ## google\\_compute\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.osLogin", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.InstanceIAMPolicy("policy", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.osLogin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.InstanceIAMPolicy("policy", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.InstanceIAMBinding("binding", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.InstanceIAMBinding("binding", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + members=["user:jane@example.com"], + condition=gcp.compute.InstanceIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.InstanceIAMMember("member", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.InstanceIAMMember("member", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + member="user:jane@example.com", + condition=gcp.compute.InstanceIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -753,10 +982,7 @@ def get(resource_name: str, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -767,6 +993,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.InstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -815,16 +1043,8 @@ def instance_name(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -836,6 +1056,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/compute/instance_iam_policy.py b/sdk/python/pulumi_gcp/compute/instance_iam_policy.py index dece85fcb3..d5600f7d43 100644 --- a/sdk/python/pulumi_gcp/compute/instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/instance_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] zone: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. @@ -79,18 +67,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -129,18 +105,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] zone: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. @@ -199,18 +163,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -375,6 +327,121 @@ def __init__(__self__, ``` + ## google\\_compute\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.osLogin", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.InstanceIAMPolicy("policy", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.osLogin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.InstanceIAMPolicy("policy", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.InstanceIAMBinding("binding", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.InstanceIAMBinding("binding", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + members=["user:jane@example.com"], + condition=gcp.compute.InstanceIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.InstanceIAMMember("member", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.InstanceIAMMember("member", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + member="user:jane@example.com", + condition=gcp.compute.InstanceIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -420,18 +487,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] zone: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. @@ -574,6 +629,121 @@ def __init__(__self__, ``` + ## google\\_compute\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.osLogin", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.InstanceIAMPolicy("policy", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.osLogin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.InstanceIAMPolicy("policy", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.InstanceIAMBinding("binding", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.InstanceIAMBinding("binding", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + members=["user:jane@example.com"], + condition=gcp.compute.InstanceIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.InstanceIAMMember("member", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.InstanceIAMMember("member", + project=default["project"], + zone=default["zone"], + instance_name=default["name"], + role="roles/compute.osLogin", + member="user:jane@example.com", + condition=gcp.compute.InstanceIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -677,18 +847,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] zone: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no zone is provided in the parent identifier and no zone is specified, it is taken from the provider configuration. @@ -735,18 +893,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/machine_image_iam_binding.py b/sdk/python/pulumi_gcp/compute/machine_image_iam_binding.py index a4f49f4f69..1249043dc9 100644 --- a/sdk/python/pulumi_gcp/compute/machine_image_iam_binding.py +++ b/sdk/python/pulumi_gcp/compute/machine_image_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a MachineImageIamBinding resource. :param pulumi.Input[str] machine_image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['MachineImageIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['MachineImageIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "machine_image", machine_image) pulumi.set(__self__, "members", members) @@ -67,6 +66,19 @@ def machine_image(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -106,18 +118,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -141,10 +141,7 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] machine_image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -155,6 +152,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -212,6 +211,19 @@ def machine_image(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -224,18 +236,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -394,6 +394,115 @@ def __init__(__self__, ``` + ## google\\_compute\\_machine\\_image\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.MachineImageIamPolicy("policy", + project=image["project"], + machine_image=image["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.MachineImageIamPolicy("policy", + project=image["project"], + machine_image=image["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_machine\\_image\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.MachineImageIamBinding("binding", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.MachineImageIamBinding("binding", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.compute.MachineImageIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_machine\\_image\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.MachineImageIamMember("member", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.MachineImageIamMember("member", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + member="user:jane@example.com", + condition=gcp.compute.MachineImageIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -435,10 +544,7 @@ def __init__(__self__, :param pulumi.Input[pulumi.InputType['MachineImageIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] machine_image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -449,6 +555,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -584,6 +692,115 @@ def __init__(__self__, ``` + ## google\\_compute\\_machine\\_image\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.MachineImageIamPolicy("policy", + project=image["project"], + machine_image=image["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.MachineImageIamPolicy("policy", + project=image["project"], + machine_image=image["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_machine\\_image\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.MachineImageIamBinding("binding", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.MachineImageIamBinding("binding", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.compute.MachineImageIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_machine\\_image\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.MachineImageIamMember("member", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.MachineImageIamMember("member", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + member="user:jane@example.com", + condition=gcp.compute.MachineImageIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -688,10 +905,7 @@ def get(resource_name: str, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] machine_image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -702,6 +916,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -746,16 +962,8 @@ def machine_image(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -767,6 +975,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/compute/machine_image_iam_member.py b/sdk/python/pulumi_gcp/compute/machine_image_iam_member.py index e704c13eef..ec744aedfa 100644 --- a/sdk/python/pulumi_gcp/compute/machine_image_iam_member.py +++ b/sdk/python/pulumi_gcp/compute/machine_image_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a MachineImageIamMember resource. :param pulumi.Input[str] machine_image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['MachineImageIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['MachineImageIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "machine_image", machine_image) pulumi.set(__self__, "member", member) @@ -67,6 +66,19 @@ def machine_image(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -106,18 +118,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -141,10 +141,7 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] machine_image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -155,6 +152,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -212,6 +211,19 @@ def machine_image(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -224,18 +236,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -394,6 +394,115 @@ def __init__(__self__, ``` + ## google\\_compute\\_machine\\_image\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.MachineImageIamPolicy("policy", + project=image["project"], + machine_image=image["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.MachineImageIamPolicy("policy", + project=image["project"], + machine_image=image["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_machine\\_image\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.MachineImageIamBinding("binding", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.MachineImageIamBinding("binding", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.compute.MachineImageIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_machine\\_image\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.MachineImageIamMember("member", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.MachineImageIamMember("member", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + member="user:jane@example.com", + condition=gcp.compute.MachineImageIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -435,10 +544,7 @@ def __init__(__self__, :param pulumi.Input[pulumi.InputType['MachineImageIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] machine_image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -449,6 +555,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -584,6 +692,115 @@ def __init__(__self__, ``` + ## google\\_compute\\_machine\\_image\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.MachineImageIamPolicy("policy", + project=image["project"], + machine_image=image["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.MachineImageIamPolicy("policy", + project=image["project"], + machine_image=image["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_machine\\_image\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.MachineImageIamBinding("binding", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.MachineImageIamBinding("binding", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.compute.MachineImageIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_machine\\_image\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.MachineImageIamMember("member", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.MachineImageIamMember("member", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + member="user:jane@example.com", + condition=gcp.compute.MachineImageIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -688,10 +905,7 @@ def get(resource_name: str, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] machine_image: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -702,6 +916,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.MachineImageIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -746,16 +962,8 @@ def machine_image(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -767,6 +975,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/compute/machine_image_iam_policy.py b/sdk/python/pulumi_gcp/compute/machine_image_iam_policy.py index d3315dfaed..8c65b20bbc 100644 --- a/sdk/python/pulumi_gcp/compute/machine_image_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/machine_image_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "machine_image", machine_image) pulumi.set(__self__, "policy_data", policy_data) @@ -73,18 +61,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -108,18 +84,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -173,18 +137,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -327,6 +279,115 @@ def __init__(__self__, ``` + ## google\\_compute\\_machine\\_image\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.MachineImageIamPolicy("policy", + project=image["project"], + machine_image=image["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.MachineImageIamPolicy("policy", + project=image["project"], + machine_image=image["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_machine\\_image\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.MachineImageIamBinding("binding", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.MachineImageIamBinding("binding", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.compute.MachineImageIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_machine\\_image\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.MachineImageIamMember("member", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.MachineImageIamMember("member", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + member="user:jane@example.com", + condition=gcp.compute.MachineImageIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -370,18 +431,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -514,6 +563,115 @@ def __init__(__self__, ``` + ## google\\_compute\\_machine\\_image\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.MachineImageIamPolicy("policy", + project=image["project"], + machine_image=image["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.MachineImageIamPolicy("policy", + project=image["project"], + machine_image=image["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_machine\\_image\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.MachineImageIamBinding("binding", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.MachineImageIamBinding("binding", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.compute.MachineImageIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_machine\\_image\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.MachineImageIamMember("member", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.MachineImageIamMember("member", + project=image["project"], + machine_image=image["name"], + role="roles/compute.admin", + member="user:jane@example.com", + condition=gcp.compute.MachineImageIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -612,18 +770,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -666,18 +812,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/region_backend_service_iam_binding.py b/sdk/python/pulumi_gcp/compute/region_backend_service_iam_binding.py index fd67700538..0c8662188d 100644 --- a/sdk/python/pulumi_gcp/compute/region_backend_service_iam_binding.py +++ b/sdk/python/pulumi_gcp/compute/region_backend_service_iam_binding.py @@ -24,16 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a RegionBackendServiceIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.RegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['RegionBackendServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.RegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['RegionBackendServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The Region in which the created backend service should reside. If it is not provided, the provider region is used. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -64,6 +63,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -115,18 +127,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -166,11 +166,7 @@ def __init__(__self__, *, :param pulumi.Input['RegionBackendServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -181,6 +177,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The Region in which the created backend service should reside. If it is not provided, the provider region is used. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -233,6 +232,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -257,18 +269,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -362,11 +362,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['RegionBackendServiceIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -377,6 +373,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The Region in which the created backend service should reside. If it is not provided, the provider region is used. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -499,11 +498,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['RegionBackendServiceIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -514,6 +509,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The Region in which the created backend service should reside. If it is not provided, the provider region is used. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -556,6 +554,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -572,18 +583,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/region_backend_service_iam_member.py b/sdk/python/pulumi_gcp/compute/region_backend_service_iam_member.py index d4f9aa60cb..91607f865b 100644 --- a/sdk/python/pulumi_gcp/compute/region_backend_service_iam_member.py +++ b/sdk/python/pulumi_gcp/compute/region_backend_service_iam_member.py @@ -24,16 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a RegionBackendServiceIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.RegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['RegionBackendServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.RegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['RegionBackendServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The Region in which the created backend service should reside. If it is not provided, the provider region is used. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -64,6 +63,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -115,18 +127,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -166,11 +166,7 @@ def __init__(__self__, *, :param pulumi.Input['RegionBackendServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -181,6 +177,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The Region in which the created backend service should reside. If it is not provided, the provider region is used. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -233,6 +232,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -257,18 +269,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -362,11 +362,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['RegionBackendServiceIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -377,6 +373,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The Region in which the created backend service should reside. If it is not provided, the provider region is used. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -499,11 +498,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['RegionBackendServiceIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -514,6 +509,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The Region in which the created backend service should reside. If it is not provided, the provider region is used. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -556,6 +554,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -572,18 +583,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/region_backend_service_iam_policy.py b/sdk/python/pulumi_gcp/compute/region_backend_service_iam_policy.py index 9380bf8d93..1b63f16df7 100644 --- a/sdk/python/pulumi_gcp/compute/region_backend_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/region_backend_service_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The Region in which the created backend service should reside. If it is not provided, the provider region is used. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -82,18 +70,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -134,18 +110,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The Region in which the created backend service should reside. If it is not provided, the provider region is used. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -206,18 +170,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -298,18 +250,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The Region in which the created backend service should reside. If it is not provided, the provider region is used. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -424,18 +364,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The Region in which the created backend service should reside. If it is not provided, the provider region is used. Used to find the parent resource to bind the IAM policy to. If not specified, @@ -484,18 +412,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/region_disk_iam_binding.py b/sdk/python/pulumi_gcp/compute/region_disk_iam_binding.py index bdeb834c2e..005faa57d7 100644 --- a/sdk/python/pulumi_gcp/compute/region_disk_iam_binding.py +++ b/sdk/python/pulumi_gcp/compute/region_disk_iam_binding.py @@ -24,14 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a RegionDiskIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +35,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -57,6 +56,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -104,18 +116,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -146,11 +146,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering RegionDiskIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -161,6 +157,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -204,6 +203,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -228,18 +240,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -349,6 +349,57 @@ def __init__(__self__, ``` + ## google\\_compute\\_disk\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.DiskIamPolicy("policy", + project=default["project"], + zone=default["zone"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_disk\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.DiskIamBinding("binding", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_disk\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.DiskIamMember("member", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -389,11 +440,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -404,6 +451,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -480,6 +530,57 @@ def __init__(__self__, ``` + ## google\\_compute\\_disk\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.DiskIamPolicy("policy", + project=default["project"], + zone=default["zone"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_disk\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.DiskIamBinding("binding", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_disk\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.DiskIamMember("member", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -584,11 +685,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -599,6 +696,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -632,6 +732,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -648,18 +761,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/region_disk_iam_member.py b/sdk/python/pulumi_gcp/compute/region_disk_iam_member.py index be5534ae9b..388ac3e5f1 100644 --- a/sdk/python/pulumi_gcp/compute/region_disk_iam_member.py +++ b/sdk/python/pulumi_gcp/compute/region_disk_iam_member.py @@ -24,14 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a RegionDiskIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +35,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -57,6 +56,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -104,18 +116,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -146,11 +146,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering RegionDiskIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -161,6 +157,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -204,6 +203,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -228,18 +240,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -349,6 +349,57 @@ def __init__(__self__, ``` + ## google\\_compute\\_disk\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.DiskIamPolicy("policy", + project=default["project"], + zone=default["zone"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_disk\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.DiskIamBinding("binding", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_disk\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.DiskIamMember("member", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -389,11 +440,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -404,6 +451,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -480,6 +530,57 @@ def __init__(__self__, ``` + ## google\\_compute\\_disk\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.DiskIamPolicy("policy", + project=default["project"], + zone=default["zone"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_disk\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.DiskIamBinding("binding", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_disk\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.DiskIamMember("member", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -584,11 +685,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -599,6 +696,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.DiskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -632,6 +732,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -648,18 +761,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/region_disk_iam_policy.py b/sdk/python/pulumi_gcp/compute/region_disk_iam_policy.py index 5735a3fd34..9703d5ece0 100644 --- a/sdk/python/pulumi_gcp/compute/region_disk_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/region_disk_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if name is not None: @@ -77,18 +65,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -122,18 +98,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -189,18 +153,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -294,6 +246,57 @@ def __init__(__self__, ``` + ## google\\_compute\\_disk\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.DiskIamPolicy("policy", + project=default["project"], + zone=default["zone"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_disk\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.DiskIamBinding("binding", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_disk\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.DiskIamMember("member", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -339,18 +342,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -424,6 +415,57 @@ def __init__(__self__, ``` + ## google\\_compute\\_disk\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.DiskIamPolicy("policy", + project=default["project"], + zone=default["zone"], + name=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_disk\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.DiskIamBinding("binding", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_disk\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.DiskIamMember("member", + project=default["project"], + zone=default["zone"], + name=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -525,18 +567,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -580,18 +610,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/snapshot_iam_binding.py b/sdk/python/pulumi_gcp/compute/snapshot_iam_binding.py index 254d156bc3..605d29db56 100644 --- a/sdk/python/pulumi_gcp/compute/snapshot_iam_binding.py +++ b/sdk/python/pulumi_gcp/compute/snapshot_iam_binding.py @@ -23,14 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a SnapshotIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +34,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -54,6 +53,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -101,18 +113,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -133,11 +133,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering SnapshotIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -148,6 +144,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -189,6 +188,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -213,18 +225,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -321,6 +321,54 @@ def __init__(__self__, ``` + ## google\\_compute\\_snapshot\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.SnapshotIamPolicy("policy", + project=snapshot["project"], + name=snapshot["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_snapshot\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SnapshotIamBinding("binding", + project=snapshot["project"], + name=snapshot["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_snapshot\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SnapshotIamMember("member", + project=snapshot["project"], + name=snapshot["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -359,11 +407,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -374,6 +418,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -447,6 +494,54 @@ def __init__(__self__, ``` + ## google\\_compute\\_snapshot\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.SnapshotIamPolicy("policy", + project=snapshot["project"], + name=snapshot["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_snapshot\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SnapshotIamBinding("binding", + project=snapshot["project"], + name=snapshot["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_snapshot\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SnapshotIamMember("member", + project=snapshot["project"], + name=snapshot["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -546,11 +641,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -561,6 +652,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -593,6 +687,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -609,18 +716,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/snapshot_iam_member.py b/sdk/python/pulumi_gcp/compute/snapshot_iam_member.py index f095d5b8b5..04a71af182 100644 --- a/sdk/python/pulumi_gcp/compute/snapshot_iam_member.py +++ b/sdk/python/pulumi_gcp/compute/snapshot_iam_member.py @@ -23,14 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a SnapshotIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +34,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -54,6 +53,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -101,18 +113,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -133,11 +133,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering SnapshotIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -148,6 +144,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -189,6 +188,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -213,18 +225,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -321,6 +321,54 @@ def __init__(__self__, ``` + ## google\\_compute\\_snapshot\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.SnapshotIamPolicy("policy", + project=snapshot["project"], + name=snapshot["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_snapshot\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SnapshotIamBinding("binding", + project=snapshot["project"], + name=snapshot["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_snapshot\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SnapshotIamMember("member", + project=snapshot["project"], + name=snapshot["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -359,11 +407,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -374,6 +418,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -447,6 +494,54 @@ def __init__(__self__, ``` + ## google\\_compute\\_snapshot\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.SnapshotIamPolicy("policy", + project=snapshot["project"], + name=snapshot["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_snapshot\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SnapshotIamBinding("binding", + project=snapshot["project"], + name=snapshot["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_snapshot\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SnapshotIamMember("member", + project=snapshot["project"], + name=snapshot["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -546,11 +641,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -561,6 +652,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `compute.SnapshotIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -593,6 +687,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -609,18 +716,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/snapshot_iam_policy.py b/sdk/python/pulumi_gcp/compute/snapshot_iam_policy.py index e0c23dcc10..2da9bee3b5 100644 --- a/sdk/python/pulumi_gcp/compute/snapshot_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/snapshot_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if name is not None: @@ -74,18 +62,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -109,18 +85,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -174,18 +138,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -266,6 +218,54 @@ def __init__(__self__, ``` + ## google\\_compute\\_snapshot\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.SnapshotIamPolicy("policy", + project=snapshot["project"], + name=snapshot["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_snapshot\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SnapshotIamBinding("binding", + project=snapshot["project"], + name=snapshot["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_snapshot\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SnapshotIamMember("member", + project=snapshot["project"], + name=snapshot["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -309,18 +309,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -391,6 +379,54 @@ def __init__(__self__, ``` + ## google\\_compute\\_snapshot\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.SnapshotIamPolicy("policy", + project=snapshot["project"], + name=snapshot["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_compute\\_snapshot\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SnapshotIamBinding("binding", + project=snapshot["project"], + name=snapshot["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_compute\\_snapshot\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SnapshotIamMember("member", + project=snapshot["project"], + name=snapshot["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -487,18 +523,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -541,18 +565,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/compute/subnetwork_iam_binding.py b/sdk/python/pulumi_gcp/compute/subnetwork_iam_binding.py index 1663569992..e8e41f8e54 100644 --- a/sdk/python/pulumi_gcp/compute/subnetwork_iam_binding.py +++ b/sdk/python/pulumi_gcp/compute/subnetwork_iam_binding.py @@ -24,16 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a SubnetworkIAMBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.SubnetworkIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] subnetwork: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input['SubnetworkIAMBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.SubnetworkIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] subnetwork: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input['SubnetworkIAMBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The GCP region for this subnetwork. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -62,6 +61,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -113,18 +125,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -163,10 +163,7 @@ def __init__(__self__, *, :param pulumi.Input['SubnetworkIAMBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +174,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The GCP region for this subnetwork. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -229,6 +228,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -241,18 +253,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -446,6 +446,121 @@ def __init__(__self__, ``` + ## google\\_compute\\_subnetwork\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.networkUser", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.SubnetworkIAMPolicy("policy", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.SubnetworkIAMPolicy("policy", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_subnetwork\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SubnetworkIAMBinding("binding", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SubnetworkIAMBinding("binding", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.compute.SubnetworkIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_subnetwork\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SubnetworkIAMMember("member", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SubnetworkIAMMember("member", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + member="user:jane@example.com", + condition=gcp.compute.SubnetworkIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -488,10 +603,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['SubnetworkIAMBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -502,6 +614,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The GCP region for this subnetwork. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -649,6 +763,121 @@ def __init__(__self__, ``` + ## google\\_compute\\_subnetwork\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.networkUser", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.SubnetworkIAMPolicy("policy", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.SubnetworkIAMPolicy("policy", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_subnetwork\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SubnetworkIAMBinding("binding", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SubnetworkIAMBinding("binding", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.compute.SubnetworkIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_subnetwork\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SubnetworkIAMMember("member", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SubnetworkIAMMember("member", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + member="user:jane@example.com", + condition=gcp.compute.SubnetworkIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -757,10 +986,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['SubnetworkIAMBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -771,6 +997,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The GCP region for this subnetwork. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -813,16 +1041,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -834,6 +1054,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/compute/subnetwork_iam_member.py b/sdk/python/pulumi_gcp/compute/subnetwork_iam_member.py index f1b7007c97..d9a810c08d 100644 --- a/sdk/python/pulumi_gcp/compute/subnetwork_iam_member.py +++ b/sdk/python/pulumi_gcp/compute/subnetwork_iam_member.py @@ -24,16 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a SubnetworkIAMMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `compute.SubnetworkIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] subnetwork: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input['SubnetworkIAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `compute.SubnetworkIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] subnetwork: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input['SubnetworkIAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The GCP region for this subnetwork. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -62,6 +61,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -113,18 +125,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -163,10 +163,7 @@ def __init__(__self__, *, :param pulumi.Input['SubnetworkIAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -177,6 +174,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The GCP region for this subnetwork. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -229,6 +228,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -241,18 +253,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -446,6 +446,121 @@ def __init__(__self__, ``` + ## google\\_compute\\_subnetwork\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.networkUser", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.SubnetworkIAMPolicy("policy", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.SubnetworkIAMPolicy("policy", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_subnetwork\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SubnetworkIAMBinding("binding", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SubnetworkIAMBinding("binding", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.compute.SubnetworkIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_subnetwork\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SubnetworkIAMMember("member", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SubnetworkIAMMember("member", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + member="user:jane@example.com", + condition=gcp.compute.SubnetworkIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -488,10 +603,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['SubnetworkIAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -502,6 +614,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The GCP region for this subnetwork. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -649,6 +763,121 @@ def __init__(__self__, ``` + ## google\\_compute\\_subnetwork\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.networkUser", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.SubnetworkIAMPolicy("policy", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.SubnetworkIAMPolicy("policy", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_subnetwork\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SubnetworkIAMBinding("binding", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SubnetworkIAMBinding("binding", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.compute.SubnetworkIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_subnetwork\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SubnetworkIAMMember("member", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SubnetworkIAMMember("member", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + member="user:jane@example.com", + condition=gcp.compute.SubnetworkIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -757,10 +986,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['SubnetworkIAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -771,6 +997,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The GCP region for this subnetwork. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -813,16 +1041,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -834,6 +1054,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/compute/subnetwork_iam_policy.py b/sdk/python/pulumi_gcp/compute/subnetwork_iam_policy.py index d1f47fc16f..ad2a4d6f32 100644 --- a/sdk/python/pulumi_gcp/compute/subnetwork_iam_policy.py +++ b/sdk/python/pulumi_gcp/compute/subnetwork_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, :param pulumi.Input[str] subnetwork: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The GCP region for this subnetwork. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -80,18 +68,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -130,18 +106,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The GCP region for this subnetwork. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -190,18 +154,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -379,6 +331,121 @@ def __init__(__self__, ``` + ## google\\_compute\\_subnetwork\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.networkUser", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.SubnetworkIAMPolicy("policy", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.SubnetworkIAMPolicy("policy", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_subnetwork\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SubnetworkIAMBinding("binding", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SubnetworkIAMBinding("binding", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.compute.SubnetworkIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_subnetwork\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SubnetworkIAMMember("member", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SubnetworkIAMMember("member", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + member="user:jane@example.com", + condition=gcp.compute.SubnetworkIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -423,18 +490,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The GCP region for this subnetwork. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -579,6 +634,121 @@ def __init__(__self__, ``` + ## google\\_compute\\_subnetwork\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.networkUser", + members=["user:jane@example.com"], + )]) + policy = gcp.compute.SubnetworkIAMPolicy("policy", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.compute.SubnetworkIAMPolicy("policy", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_compute\\_subnetwork\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SubnetworkIAMBinding("binding", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.compute.SubnetworkIAMBinding("binding", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.compute.SubnetworkIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_compute\\_subnetwork\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SubnetworkIAMMember("member", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.compute.SubnetworkIAMMember("member", + project=network_with_private_secondary_ip_ranges["project"], + region=network_with_private_secondary_ip_ranges["region"], + subnetwork=network_with_private_secondary_ip_ranges["name"], + role="roles/compute.networkUser", + member="user:jane@example.com", + condition=gcp.compute.SubnetworkIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -681,18 +851,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The GCP region for this subnetwork. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -733,18 +891,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/containeranalysis/note_iam_binding.py b/sdk/python/pulumi_gcp/containeranalysis/note_iam_binding.py index 1cab0c3b23..45d2cd76ad 100644 --- a/sdk/python/pulumi_gcp/containeranalysis/note_iam_binding.py +++ b/sdk/python/pulumi_gcp/containeranalysis/note_iam_binding.py @@ -23,14 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a NoteIamBinding resource. - :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +34,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] role: The role that should be applied. Only one + `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "note", note) @@ -53,6 +52,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -100,18 +112,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -132,11 +132,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering NoteIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -147,6 +143,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -188,6 +187,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -212,18 +224,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -320,6 +320,54 @@ def __init__(__self__, ``` + ## google\\_container\\_analysis\\_note\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/containeranalysis.notes.occurrences.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.containeranalysis.NoteIamPolicy("policy", + project=note["project"], + note=note["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_container\\_analysis\\_note\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.containeranalysis.NoteIamBinding("binding", + project=note["project"], + note=note["name"], + role="roles/containeranalysis.notes.occurrences.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_container\\_analysis\\_note\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.containeranalysis.NoteIamMember("member", + project=note["project"], + note=note["name"], + role="roles/containeranalysis.notes.occurrences.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -358,11 +406,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -373,6 +417,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -446,6 +493,54 @@ def __init__(__self__, ``` + ## google\\_container\\_analysis\\_note\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/containeranalysis.notes.occurrences.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.containeranalysis.NoteIamPolicy("policy", + project=note["project"], + note=note["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_container\\_analysis\\_note\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.containeranalysis.NoteIamBinding("binding", + project=note["project"], + note=note["name"], + role="roles/containeranalysis.notes.occurrences.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_container\\_analysis\\_note\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.containeranalysis.NoteIamMember("member", + project=note["project"], + note=note["name"], + role="roles/containeranalysis.notes.occurrences.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -547,11 +642,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -562,6 +653,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -594,6 +688,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -610,18 +717,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/containeranalysis/note_iam_member.py b/sdk/python/pulumi_gcp/containeranalysis/note_iam_member.py index 5bfeb3a0cf..3bf0eede3d 100644 --- a/sdk/python/pulumi_gcp/containeranalysis/note_iam_member.py +++ b/sdk/python/pulumi_gcp/containeranalysis/note_iam_member.py @@ -23,14 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a NoteIamMember resource. - :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +34,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] role: The role that should be applied. Only one + `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "note", note) @@ -53,6 +52,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -100,18 +112,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -132,11 +132,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering NoteIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -147,6 +143,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -188,6 +187,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -212,18 +224,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -320,6 +320,54 @@ def __init__(__self__, ``` + ## google\\_container\\_analysis\\_note\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/containeranalysis.notes.occurrences.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.containeranalysis.NoteIamPolicy("policy", + project=note["project"], + note=note["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_container\\_analysis\\_note\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.containeranalysis.NoteIamBinding("binding", + project=note["project"], + note=note["name"], + role="roles/containeranalysis.notes.occurrences.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_container\\_analysis\\_note\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.containeranalysis.NoteIamMember("member", + project=note["project"], + note=note["name"], + role="roles/containeranalysis.notes.occurrences.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -358,11 +406,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -373,6 +417,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -446,6 +493,54 @@ def __init__(__self__, ``` + ## google\\_container\\_analysis\\_note\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/containeranalysis.notes.occurrences.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.containeranalysis.NoteIamPolicy("policy", + project=note["project"], + note=note["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_container\\_analysis\\_note\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.containeranalysis.NoteIamBinding("binding", + project=note["project"], + note=note["name"], + role="roles/containeranalysis.notes.occurrences.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_container\\_analysis\\_note\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.containeranalysis.NoteIamMember("member", + project=note["project"], + note=note["name"], + role="roles/containeranalysis.notes.occurrences.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -547,11 +642,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -562,6 +653,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] note: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -594,6 +688,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -610,18 +717,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/containeranalysis/note_iam_policy.py b/sdk/python/pulumi_gcp/containeranalysis/note_iam_policy.py index 91a07207df..eef71d0be0 100644 --- a/sdk/python/pulumi_gcp/containeranalysis/note_iam_policy.py +++ b/sdk/python/pulumi_gcp/containeranalysis/note_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "note", note) pulumi.set(__self__, "policy_data", policy_data) @@ -73,18 +61,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -108,18 +84,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -173,18 +137,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -265,6 +217,54 @@ def __init__(__self__, ``` + ## google\\_container\\_analysis\\_note\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/containeranalysis.notes.occurrences.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.containeranalysis.NoteIamPolicy("policy", + project=note["project"], + note=note["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_container\\_analysis\\_note\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.containeranalysis.NoteIamBinding("binding", + project=note["project"], + note=note["name"], + role="roles/containeranalysis.notes.occurrences.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_container\\_analysis\\_note\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.containeranalysis.NoteIamMember("member", + project=note["project"], + note=note["name"], + role="roles/containeranalysis.notes.occurrences.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -308,18 +308,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -390,6 +378,54 @@ def __init__(__self__, ``` + ## google\\_container\\_analysis\\_note\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/containeranalysis.notes.occurrences.viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.containeranalysis.NoteIamPolicy("policy", + project=note["project"], + note=note["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_container\\_analysis\\_note\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.containeranalysis.NoteIamBinding("binding", + project=note["project"], + note=note["name"], + role="roles/containeranalysis.notes.occurrences.viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_container\\_analysis\\_note\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.containeranalysis.NoteIamMember("member", + project=note["project"], + note=note["name"], + role="roles/containeranalysis.notes.occurrences.viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -488,18 +524,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -542,18 +566,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/datacatalog/entry_group_iam_binding.py b/sdk/python/pulumi_gcp/datacatalog/entry_group_iam_binding.py index 8b9c881620..c1364ca5bd 100644 --- a/sdk/python/pulumi_gcp/datacatalog/entry_group_iam_binding.py +++ b/sdk/python/pulumi_gcp/datacatalog/entry_group_iam_binding.py @@ -25,13 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a EntryGroupIamBinding resource. :param pulumi.Input[str] entry_group: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `datacatalog.EntryGroupIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +36,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `datacatalog.EntryGroupIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "entry_group", entry_group) pulumi.set(__self__, "members", members) @@ -68,6 +67,19 @@ def entry_group(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -103,18 +115,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -146,10 +146,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering EntryGroupIamBinding resources. :param pulumi.Input[str] entry_group: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +157,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.EntryGroupIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -215,6 +214,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -227,18 +239,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -342,6 +342,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.EntryGroupIamPolicy("policy", + entry_group=basic_entry_group["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.EntryGroupIamBinding("binding", + entry_group=basic_entry_group["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.EntryGroupIamMember("member", + entry_group=basic_entry_group["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -383,10 +428,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] entry_group: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -397,6 +439,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.EntryGroupIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -467,6 +511,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.EntryGroupIamPolicy("policy", + entry_group=basic_entry_group["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.EntryGroupIamBinding("binding", + entry_group=basic_entry_group["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.EntryGroupIamMember("member", + entry_group=basic_entry_group["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -574,10 +663,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] entry_group: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -588,6 +674,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.EntryGroupIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -629,16 +717,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -650,6 +730,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/datacatalog/entry_group_iam_member.py b/sdk/python/pulumi_gcp/datacatalog/entry_group_iam_member.py index 0776297bb3..bf1e92cac9 100644 --- a/sdk/python/pulumi_gcp/datacatalog/entry_group_iam_member.py +++ b/sdk/python/pulumi_gcp/datacatalog/entry_group_iam_member.py @@ -25,13 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a EntryGroupIamMember resource. :param pulumi.Input[str] entry_group: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `datacatalog.EntryGroupIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +36,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `datacatalog.EntryGroupIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "entry_group", entry_group) pulumi.set(__self__, "member", member) @@ -68,6 +67,19 @@ def entry_group(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -103,18 +115,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -146,10 +146,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering EntryGroupIamMember resources. :param pulumi.Input[str] entry_group: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +157,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.EntryGroupIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -215,6 +214,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -227,18 +239,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -342,6 +342,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.EntryGroupIamPolicy("policy", + entry_group=basic_entry_group["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.EntryGroupIamBinding("binding", + entry_group=basic_entry_group["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.EntryGroupIamMember("member", + entry_group=basic_entry_group["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -383,10 +428,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] entry_group: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -397,6 +439,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.EntryGroupIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -467,6 +511,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.EntryGroupIamPolicy("policy", + entry_group=basic_entry_group["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.EntryGroupIamBinding("binding", + entry_group=basic_entry_group["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.EntryGroupIamMember("member", + entry_group=basic_entry_group["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -574,10 +663,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] entry_group: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -588,6 +674,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.EntryGroupIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -629,16 +717,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -650,6 +730,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/datacatalog/entry_group_iam_policy.py b/sdk/python/pulumi_gcp/datacatalog/entry_group_iam_policy.py index 3893aee3b3..416ea44dc3 100644 --- a/sdk/python/pulumi_gcp/datacatalog/entry_group_iam_policy.py +++ b/sdk/python/pulumi_gcp/datacatalog/entry_group_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "entry_group", entry_group) pulumi.set(__self__, "policy_data", policy_data) @@ -76,18 +64,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -121,18 +97,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if entry_group is not None: pulumi.set(__self__, "entry_group", entry_group) @@ -188,18 +152,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -287,6 +239,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.EntryGroupIamPolicy("policy", + entry_group=basic_entry_group["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.EntryGroupIamBinding("binding", + entry_group=basic_entry_group["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.EntryGroupIamMember("member", + entry_group=basic_entry_group["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -332,18 +329,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -411,6 +396,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.EntryGroupIamPolicy("policy", + entry_group=basic_entry_group["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.EntryGroupIamBinding("binding", + entry_group=basic_entry_group["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_entry\\_group\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.EntryGroupIamMember("member", + entry_group=basic_entry_group["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -514,18 +544,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -569,18 +587,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/datacatalog/policy_tag_iam_binding.py b/sdk/python/pulumi_gcp/datacatalog/policy_tag_iam_binding.py index 6d556a6b0d..46457a7188 100644 --- a/sdk/python/pulumi_gcp/datacatalog/policy_tag_iam_binding.py +++ b/sdk/python/pulumi_gcp/datacatalog/policy_tag_iam_binding.py @@ -22,9 +22,7 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['PolicyTagIamBindingConditionArgs']] = None): """ The set of arguments for constructing a PolicyTagIamBinding resource. - :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -35,6 +33,7 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -48,19 +47,8 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: - return pulumi.get(self, "members") - - @members.setter - def members(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): - pulumi.set(self, "members", value) - - @property - @pulumi.getter(name="policyTag") - def policy_tag(self) -> pulumi.Input[str]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -72,6 +60,18 @@ def policy_tag(self) -> pulumi.Input[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @members.setter + def members(self, value: pulumi.Input[Sequence[pulumi.Input[str]]]): + pulumi.set(self, "members", value) + + @property + @pulumi.getter(name="policyTag") + def policy_tag(self) -> pulumi.Input[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "policy_tag") @policy_tag.setter @@ -113,9 +113,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering PolicyTagIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -126,6 +124,7 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -165,19 +164,8 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - return pulumi.get(self, "members") - - @members.setter - def members(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "members", value) - - @property - @pulumi.getter(name="policyTag") - def policy_tag(self) -> Optional[pulumi.Input[str]]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -189,6 +177,18 @@ def policy_tag(self) -> Optional[pulumi.Input[str]]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @members.setter + def members(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "members", value) + + @property + @pulumi.getter(name="policyTag") + def policy_tag(self) -> Optional[pulumi.Input[str]]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "policy_tag") @policy_tag.setter @@ -280,6 +280,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.PolicyTagIamPolicy("policy", + policy_tag=basic_policy_tag["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.PolicyTagIamBinding("binding", + policy_tag=basic_policy_tag["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.PolicyTagIamMember("member", + policy_tag=basic_policy_tag["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -314,9 +359,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -327,6 +370,7 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -397,6 +441,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.PolicyTagIamPolicy("policy", + policy_tag=basic_policy_tag["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.PolicyTagIamBinding("binding", + policy_tag=basic_policy_tag["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.PolicyTagIamMember("member", + policy_tag=basic_policy_tag["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -491,9 +580,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -504,6 +591,7 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -535,15 +623,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter(name="policyTag") - def policy_tag(self) -> pulumi.Output[str]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -555,6 +636,14 @@ def policy_tag(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter(name="policyTag") + def policy_tag(self) -> pulumi.Output[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "policy_tag") @property diff --git a/sdk/python/pulumi_gcp/datacatalog/policy_tag_iam_member.py b/sdk/python/pulumi_gcp/datacatalog/policy_tag_iam_member.py index 063e2751d0..aec2c5bc97 100644 --- a/sdk/python/pulumi_gcp/datacatalog/policy_tag_iam_member.py +++ b/sdk/python/pulumi_gcp/datacatalog/policy_tag_iam_member.py @@ -22,9 +22,7 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['PolicyTagIamMemberConditionArgs']] = None): """ The set of arguments for constructing a PolicyTagIamMember resource. - :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -35,6 +33,7 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -48,19 +47,8 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: - return pulumi.get(self, "member") - - @member.setter - def member(self, value: pulumi.Input[str]): - pulumi.set(self, "member", value) - - @property - @pulumi.getter(name="policyTag") - def policy_tag(self) -> pulumi.Input[str]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -72,6 +60,18 @@ def policy_tag(self) -> pulumi.Input[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @member.setter + def member(self, value: pulumi.Input[str]): + pulumi.set(self, "member", value) + + @property + @pulumi.getter(name="policyTag") + def policy_tag(self) -> pulumi.Input[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "policy_tag") @policy_tag.setter @@ -113,9 +113,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering PolicyTagIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -126,6 +124,7 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -165,19 +164,8 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "member") - - @member.setter - def member(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "member", value) - - @property - @pulumi.getter(name="policyTag") - def policy_tag(self) -> Optional[pulumi.Input[str]]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -189,6 +177,18 @@ def policy_tag(self) -> Optional[pulumi.Input[str]]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @member.setter + def member(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "member", value) + + @property + @pulumi.getter(name="policyTag") + def policy_tag(self) -> Optional[pulumi.Input[str]]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "policy_tag") @policy_tag.setter @@ -280,6 +280,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.PolicyTagIamPolicy("policy", + policy_tag=basic_policy_tag["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.PolicyTagIamBinding("binding", + policy_tag=basic_policy_tag["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.PolicyTagIamMember("member", + policy_tag=basic_policy_tag["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -314,9 +359,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -327,6 +370,7 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -397,6 +441,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.PolicyTagIamPolicy("policy", + policy_tag=basic_policy_tag["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.PolicyTagIamBinding("binding", + policy_tag=basic_policy_tag["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.PolicyTagIamMember("member", + policy_tag=basic_policy_tag["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -491,9 +580,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -504,6 +591,7 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.PolicyTagIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -535,15 +623,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter(name="policyTag") - def policy_tag(self) -> pulumi.Output[str]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -555,6 +636,14 @@ def policy_tag(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter(name="policyTag") + def policy_tag(self) -> pulumi.Output[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "policy_tag") @property diff --git a/sdk/python/pulumi_gcp/datacatalog/policy_tag_iam_policy.py b/sdk/python/pulumi_gcp/datacatalog/policy_tag_iam_policy.py index ab15ae623d..7a10cf35e6 100644 --- a/sdk/python/pulumi_gcp/datacatalog/policy_tag_iam_policy.py +++ b/sdk/python/pulumi_gcp/datacatalog/policy_tag_iam_policy.py @@ -21,18 +21,6 @@ def __init__(__self__, *, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "policy_tag", policy_tag) @@ -55,18 +43,6 @@ def policy_data(self, value: pulumi.Input[str]): def policy_tag(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "policy_tag") @@ -87,18 +63,6 @@ def __init__(__self__, *, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -137,18 +101,6 @@ def policy_data(self, value: Optional[pulumi.Input[str]]): def policy_tag(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "policy_tag") @@ -225,6 +177,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.PolicyTagIamPolicy("policy", + policy_tag=basic_policy_tag["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.PolicyTagIamBinding("binding", + policy_tag=basic_policy_tag["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.PolicyTagIamMember("member", + policy_tag=basic_policy_tag["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -262,18 +259,6 @@ def __init__(__self__, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -341,6 +326,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.PolicyTagIamPolicy("policy", + policy_tag=basic_policy_tag["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.PolicyTagIamBinding("binding", + policy_tag=basic_policy_tag["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_policy\\_tag\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.PolicyTagIamMember("member", + policy_tag=basic_policy_tag["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -430,18 +460,6 @@ def get(resource_name: str, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] policy_tag: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -474,18 +492,6 @@ def policy_data(self) -> pulumi.Output[str]: def policy_tag(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "policy_tag") diff --git a/sdk/python/pulumi_gcp/datacatalog/tag_template_iam_binding.py b/sdk/python/pulumi_gcp/datacatalog/tag_template_iam_binding.py index b02761c3d8..3ddd5f5762 100644 --- a/sdk/python/pulumi_gcp/datacatalog/tag_template_iam_binding.py +++ b/sdk/python/pulumi_gcp/datacatalog/tag_template_iam_binding.py @@ -24,14 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a TagTemplateIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `datacatalog.TagTemplateIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_template: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +35,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `datacatalog.TagTemplateIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_template: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -56,6 +55,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -103,18 +115,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -145,10 +145,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering TagTemplateIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -159,6 +156,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.TagTemplateIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -203,6 +202,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -215,18 +227,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -342,6 +342,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.TagTemplateIamPolicy("policy", + tag_template=basic_tag_template["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.TagTemplateIamBinding("binding", + tag_template=basic_tag_template["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.TagTemplateIamMember("member", + tag_template=basic_tag_template["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -382,10 +427,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -396,6 +438,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.TagTemplateIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -467,6 +511,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.TagTemplateIamPolicy("policy", + tag_template=basic_tag_template["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.TagTemplateIamBinding("binding", + tag_template=basic_tag_template["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.TagTemplateIamMember("member", + tag_template=basic_tag_template["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -573,10 +662,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -587,6 +673,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.TagTemplateIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -621,16 +709,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -642,6 +722,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/datacatalog/tag_template_iam_member.py b/sdk/python/pulumi_gcp/datacatalog/tag_template_iam_member.py index 35ac6ac445..05195d5d83 100644 --- a/sdk/python/pulumi_gcp/datacatalog/tag_template_iam_member.py +++ b/sdk/python/pulumi_gcp/datacatalog/tag_template_iam_member.py @@ -24,14 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a TagTemplateIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `datacatalog.TagTemplateIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_template: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +35,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `datacatalog.TagTemplateIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_template: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -56,6 +55,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -103,18 +115,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -145,10 +145,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering TagTemplateIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -159,6 +156,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.TagTemplateIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -203,6 +202,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -215,18 +227,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -342,6 +342,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.TagTemplateIamPolicy("policy", + tag_template=basic_tag_template["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.TagTemplateIamBinding("binding", + tag_template=basic_tag_template["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.TagTemplateIamMember("member", + tag_template=basic_tag_template["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -382,10 +427,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -396,6 +438,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.TagTemplateIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -467,6 +511,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.TagTemplateIamPolicy("policy", + tag_template=basic_tag_template["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.TagTemplateIamBinding("binding", + tag_template=basic_tag_template["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.TagTemplateIamMember("member", + tag_template=basic_tag_template["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -573,10 +662,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -587,6 +673,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.TagTemplateIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -621,16 +709,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -642,6 +722,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/datacatalog/tag_template_iam_policy.py b/sdk/python/pulumi_gcp/datacatalog/tag_template_iam_policy.py index c80266ed5c..4d51adea2b 100644 --- a/sdk/python/pulumi_gcp/datacatalog/tag_template_iam_policy.py +++ b/sdk/python/pulumi_gcp/datacatalog/tag_template_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, :param pulumi.Input[str] tag_template: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "tag_template", tag_template) @@ -76,18 +64,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -120,18 +96,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] tag_template: Used to find the parent resource to bind the IAM policy to """ if etag is not None: @@ -176,18 +140,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -287,6 +239,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.TagTemplateIamPolicy("policy", + tag_template=basic_tag_template["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.TagTemplateIamBinding("binding", + tag_template=basic_tag_template["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.TagTemplateIamMember("member", + tag_template=basic_tag_template["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -331,18 +328,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] tag_template: Used to find the parent resource to bind the IAM policy to """ ... @@ -411,6 +396,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.TagTemplateIamPolicy("policy", + tag_template=basic_tag_template["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.TagTemplateIamBinding("binding", + tag_template=basic_tag_template["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_tag\\_template\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.TagTemplateIamMember("member", + tag_template=basic_tag_template["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -513,18 +543,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] tag_template: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -561,18 +579,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/datacatalog/taxonomy_iam_binding.py b/sdk/python/pulumi_gcp/datacatalog/taxonomy_iam_binding.py index 3280e6e0dc..7f14126824 100644 --- a/sdk/python/pulumi_gcp/datacatalog/taxonomy_iam_binding.py +++ b/sdk/python/pulumi_gcp/datacatalog/taxonomy_iam_binding.py @@ -24,14 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a TaxonomyIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `datacatalog.TaxonomyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] taxonomy: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +35,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `datacatalog.TaxonomyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] taxonomy: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -56,6 +55,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -103,18 +115,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -145,10 +145,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering TaxonomyIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -159,6 +156,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.TaxonomyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -203,6 +202,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -215,18 +227,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -342,6 +342,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.TaxonomyIamPolicy("policy", + taxonomy=basic_taxonomy["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.TaxonomyIamBinding("binding", + taxonomy=basic_taxonomy["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.TaxonomyIamMember("member", + taxonomy=basic_taxonomy["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -382,10 +427,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -396,6 +438,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.TaxonomyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -467,6 +511,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.TaxonomyIamPolicy("policy", + taxonomy=basic_taxonomy["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.TaxonomyIamBinding("binding", + taxonomy=basic_taxonomy["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.TaxonomyIamMember("member", + taxonomy=basic_taxonomy["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -573,10 +662,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -587,6 +673,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.TaxonomyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -621,16 +709,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -642,6 +722,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/datacatalog/taxonomy_iam_member.py b/sdk/python/pulumi_gcp/datacatalog/taxonomy_iam_member.py index bf9deceb47..adcb26a2ab 100644 --- a/sdk/python/pulumi_gcp/datacatalog/taxonomy_iam_member.py +++ b/sdk/python/pulumi_gcp/datacatalog/taxonomy_iam_member.py @@ -24,14 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a TaxonomyIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `datacatalog.TaxonomyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] taxonomy: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +35,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `datacatalog.TaxonomyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] taxonomy: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -56,6 +55,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -103,18 +115,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -145,10 +145,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering TaxonomyIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -159,6 +156,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.TaxonomyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -203,6 +202,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -215,18 +227,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -342,6 +342,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.TaxonomyIamPolicy("policy", + taxonomy=basic_taxonomy["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.TaxonomyIamBinding("binding", + taxonomy=basic_taxonomy["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.TaxonomyIamMember("member", + taxonomy=basic_taxonomy["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -382,10 +427,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -396,6 +438,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.TaxonomyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -467,6 +511,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.TaxonomyIamPolicy("policy", + taxonomy=basic_taxonomy["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.TaxonomyIamBinding("binding", + taxonomy=basic_taxonomy["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.TaxonomyIamMember("member", + taxonomy=basic_taxonomy["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -573,10 +662,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -587,6 +673,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `datacatalog.TaxonomyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -621,16 +709,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -642,6 +722,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/datacatalog/taxonomy_iam_policy.py b/sdk/python/pulumi_gcp/datacatalog/taxonomy_iam_policy.py index 2288607a50..b71ed80627 100644 --- a/sdk/python/pulumi_gcp/datacatalog/taxonomy_iam_policy.py +++ b/sdk/python/pulumi_gcp/datacatalog/taxonomy_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, :param pulumi.Input[str] taxonomy: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "taxonomy", taxonomy) @@ -76,18 +64,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -120,18 +96,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] taxonomy: Used to find the parent resource to bind the IAM policy to """ if etag is not None: @@ -176,18 +140,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -287,6 +239,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.TaxonomyIamPolicy("policy", + taxonomy=basic_taxonomy["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.TaxonomyIamBinding("binding", + taxonomy=basic_taxonomy["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.TaxonomyIamMember("member", + taxonomy=basic_taxonomy["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -331,18 +328,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] taxonomy: Used to find the parent resource to bind the IAM policy to """ ... @@ -411,6 +396,51 @@ def __init__(__self__, ``` + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.datacatalog.TaxonomyIamPolicy("policy", + taxonomy=basic_taxonomy["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.datacatalog.TaxonomyIamBinding("binding", + taxonomy=basic_taxonomy["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_data\\_catalog\\_taxonomy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.datacatalog.TaxonomyIamMember("member", + taxonomy=basic_taxonomy["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -513,18 +543,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] taxonomy: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -561,18 +579,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/dataplex/asset_iam_binding.py b/sdk/python/pulumi_gcp/dataplex/asset_iam_binding.py index f36c426414..7ec7a0b622 100644 --- a/sdk/python/pulumi_gcp/dataplex/asset_iam_binding.py +++ b/sdk/python/pulumi_gcp/dataplex/asset_iam_binding.py @@ -27,13 +27,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a AssetIamBinding resource. :param pulumi.Input[str] asset: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +38,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "asset", asset) pulumi.set(__self__, "dataplex_zone", dataplex_zone) @@ -90,6 +89,19 @@ def lake(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -134,18 +146,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -170,10 +170,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering AssetIamBinding resources. :param pulumi.Input[str] asset: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -184,6 +181,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -270,6 +269,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -282,18 +294,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -402,6 +402,63 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_asset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.AssetIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_asset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.AssetIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_asset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.AssetIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -443,10 +500,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] asset: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -457,6 +511,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -539,6 +595,63 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_asset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.AssetIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_asset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.AssetIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_asset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.AssetIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -656,10 +769,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] asset: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -670,6 +780,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -728,16 +840,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -749,6 +853,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataplex/asset_iam_member.py b/sdk/python/pulumi_gcp/dataplex/asset_iam_member.py index bdb06771c9..f19b5276cb 100644 --- a/sdk/python/pulumi_gcp/dataplex/asset_iam_member.py +++ b/sdk/python/pulumi_gcp/dataplex/asset_iam_member.py @@ -27,13 +27,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a AssetIamMember resource. :param pulumi.Input[str] asset: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +38,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "asset", asset) pulumi.set(__self__, "dataplex_zone", dataplex_zone) @@ -90,6 +89,19 @@ def lake(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -134,18 +146,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -170,10 +170,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering AssetIamMember resources. :param pulumi.Input[str] asset: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -184,6 +181,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -270,6 +269,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -282,18 +294,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -402,6 +402,63 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_asset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.AssetIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_asset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.AssetIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_asset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.AssetIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -443,10 +500,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] asset: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -457,6 +511,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -539,6 +595,63 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_asset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.AssetIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_asset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.AssetIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_asset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.AssetIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -656,10 +769,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] asset: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -670,6 +780,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.AssetIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -728,16 +840,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -749,6 +853,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataplex/asset_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/asset_iam_policy.py index 331697b85a..363dd73a29 100644 --- a/sdk/python/pulumi_gcp/dataplex/asset_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/asset_iam_policy.py @@ -27,18 +27,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "asset", asset) pulumi.set(__self__, "dataplex_zone", dataplex_zone) @@ -107,18 +95,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -145,18 +121,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if asset is not None: pulumi.set(__self__, "asset", asset) @@ -243,18 +207,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -347,6 +299,63 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_asset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.AssetIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_asset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.AssetIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_asset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.AssetIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -392,18 +401,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -483,6 +480,63 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_asset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.AssetIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_asset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.AssetIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_asset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.AssetIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["dataplexZone"], + asset=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -596,18 +650,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -668,18 +710,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/dataplex/datascan_iam_binding.py b/sdk/python/pulumi_gcp/dataplex/datascan_iam_binding.py index 47c4f4de80..83ef25b22d 100644 --- a/sdk/python/pulumi_gcp/dataplex/datascan_iam_binding.py +++ b/sdk/python/pulumi_gcp/dataplex/datascan_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a DatascanIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location where the data scan should reside. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location where the data scan should reside. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "data_scan_id", data_scan_id) pulumi.set(__self__, "members", members) @@ -66,6 +65,19 @@ def data_scan_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -114,18 +126,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -149,10 +149,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the data scan should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -163,6 +160,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -228,6 +227,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -240,18 +252,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -352,6 +352,57 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_datascan\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.DatascanIamPolicy("policy", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_datascan\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.DatascanIamBinding("binding", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_datascan\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.DatascanIamMember("member", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -394,10 +445,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location where the data scan should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -408,6 +456,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -484,6 +534,57 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_datascan\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.DatascanIamPolicy("policy", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_datascan\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.DatascanIamBinding("binding", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_datascan\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.DatascanIamMember("member", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -592,10 +693,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the data scan should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -606,6 +704,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -653,16 +753,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -674,6 +766,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataplex/datascan_iam_member.py b/sdk/python/pulumi_gcp/dataplex/datascan_iam_member.py index 2b5176f511..f05bfeb60e 100644 --- a/sdk/python/pulumi_gcp/dataplex/datascan_iam_member.py +++ b/sdk/python/pulumi_gcp/dataplex/datascan_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a DatascanIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location where the data scan should reside. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location where the data scan should reside. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "data_scan_id", data_scan_id) pulumi.set(__self__, "member", member) @@ -66,6 +65,19 @@ def data_scan_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -114,18 +126,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -149,10 +149,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the data scan should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -163,6 +160,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -228,6 +227,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -240,18 +252,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -352,6 +352,57 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_datascan\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.DatascanIamPolicy("policy", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_datascan\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.DatascanIamBinding("binding", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_datascan\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.DatascanIamMember("member", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -394,10 +445,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location where the data scan should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -408,6 +456,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -484,6 +534,57 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_datascan\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.DatascanIamPolicy("policy", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_datascan\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.DatascanIamBinding("binding", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_datascan\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.DatascanIamMember("member", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -592,10 +693,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the data scan should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -606,6 +704,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.DatascanIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -653,16 +753,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -674,6 +766,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataplex/datascan_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/datascan_iam_policy.py index 94e43b1f23..2c0da17323 100644 --- a/sdk/python/pulumi_gcp/dataplex/datascan_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/datascan_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "data_scan_id", data_scan_id) pulumi.set(__self__, "policy_data", policy_data) @@ -87,18 +75,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -124,18 +100,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if data_scan_id is not None: pulumi.set(__self__, "data_scan_id", data_scan_id) @@ -201,18 +165,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -297,6 +249,57 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_datascan\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.DatascanIamPolicy("policy", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_datascan\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.DatascanIamBinding("binding", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_datascan\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.DatascanIamMember("member", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -343,18 +346,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -428,6 +419,57 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_datascan\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.DatascanIamPolicy("policy", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_datascan\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.DatascanIamBinding("binding", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_datascan\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.DatascanIamMember("member", + project=basic_profile["project"], + location=basic_profile["location"], + data_scan_id=basic_profile["dataScanId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -532,18 +574,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -593,18 +623,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/dataplex/lake_iam_binding.py b/sdk/python/pulumi_gcp/dataplex/lake_iam_binding.py index 18092edf0f..703f461a07 100644 --- a/sdk/python/pulumi_gcp/dataplex/lake_iam_binding.py +++ b/sdk/python/pulumi_gcp/dataplex/lake_iam_binding.py @@ -25,13 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a LakeIamBinding resource. :param pulumi.Input[str] lake: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +36,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "lake", lake) pulumi.set(__self__, "members", members) @@ -68,6 +67,19 @@ def lake(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -112,18 +124,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -146,10 +146,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering LakeIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] lake: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +157,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -224,6 +223,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -236,18 +248,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -348,6 +348,57 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_lake\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.LakeIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_lake\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.LakeIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_lake\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.LakeIamMember("member", + project=example["project"], + location=example["location"], + lake=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -389,10 +440,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] lake: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -403,6 +451,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -479,6 +529,57 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_lake\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.LakeIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_lake\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.LakeIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_lake\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.LakeIamMember("member", + project=example["project"], + location=example["location"], + lake=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -586,10 +687,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] lake: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -600,6 +698,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -646,16 +746,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -667,6 +759,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataplex/lake_iam_member.py b/sdk/python/pulumi_gcp/dataplex/lake_iam_member.py index de6237e943..936162a9e3 100644 --- a/sdk/python/pulumi_gcp/dataplex/lake_iam_member.py +++ b/sdk/python/pulumi_gcp/dataplex/lake_iam_member.py @@ -25,13 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a LakeIamMember resource. :param pulumi.Input[str] lake: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +36,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "lake", lake) pulumi.set(__self__, "member", member) @@ -68,6 +67,19 @@ def lake(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -112,18 +124,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -146,10 +146,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering LakeIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] lake: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -160,6 +157,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -224,6 +223,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -236,18 +248,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -348,6 +348,57 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_lake\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.LakeIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_lake\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.LakeIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_lake\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.LakeIamMember("member", + project=example["project"], + location=example["location"], + lake=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -389,10 +440,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] lake: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -403,6 +451,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -479,6 +529,57 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_lake\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.LakeIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_lake\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.LakeIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_lake\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.LakeIamMember("member", + project=example["project"], + location=example["location"], + lake=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -586,10 +687,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] lake: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -600,6 +698,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.LakeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -646,16 +746,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -667,6 +759,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataplex/lake_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/lake_iam_policy.py index 0d10687792..327bdcaa7e 100644 --- a/sdk/python/pulumi_gcp/dataplex/lake_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/lake_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "lake", lake) pulumi.set(__self__, "policy_data", policy_data) @@ -85,18 +73,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -121,18 +97,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -197,18 +161,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -293,6 +245,57 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_lake\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.LakeIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_lake\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.LakeIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_lake\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.LakeIamMember("member", + project=example["project"], + location=example["location"], + lake=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -338,18 +341,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -423,6 +414,57 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_lake\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.LakeIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_lake\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.LakeIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_lake\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.LakeIamMember("member", + project=example["project"], + location=example["location"], + lake=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -526,18 +568,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -586,18 +616,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/dataplex/task_iam_binding.py b/sdk/python/pulumi_gcp/dataplex/task_iam_binding.py index 0a035ae55b..d8849fca11 100644 --- a/sdk/python/pulumi_gcp/dataplex/task_iam_binding.py +++ b/sdk/python/pulumi_gcp/dataplex/task_iam_binding.py @@ -27,15 +27,7 @@ def __init__(__self__, *, The set of arguments for constructing a TaskIamBinding resource. :param pulumi.Input[str] lake: The lake in which the task will be created in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location in which the task will be created in. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -46,6 +38,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location in which the task will be created in. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "lake", lake) pulumi.set(__self__, "members", members) @@ -74,6 +73,19 @@ def lake(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -131,18 +143,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -169,10 +169,7 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The location in which the task will be created in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -183,6 +180,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -254,6 +253,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -266,18 +278,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -391,6 +391,60 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_task\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.TaskIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_task\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.TaskIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_task\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.TaskIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -435,10 +489,7 @@ def __init__(__self__, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The location in which the task will be created in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -449,6 +500,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -528,6 +581,60 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_task\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.TaskIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_task\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.TaskIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_task\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.TaskIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -643,10 +750,7 @@ def get(resource_name: str, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The location in which the task will be created in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -657,6 +761,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -709,16 +815,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -730,6 +828,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataplex/task_iam_member.py b/sdk/python/pulumi_gcp/dataplex/task_iam_member.py index 3a910308ed..ef36b8d9ee 100644 --- a/sdk/python/pulumi_gcp/dataplex/task_iam_member.py +++ b/sdk/python/pulumi_gcp/dataplex/task_iam_member.py @@ -27,15 +27,7 @@ def __init__(__self__, *, The set of arguments for constructing a TaskIamMember resource. :param pulumi.Input[str] lake: The lake in which the task will be created in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location in which the task will be created in. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -46,6 +38,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location in which the task will be created in. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "lake", lake) pulumi.set(__self__, "member", member) @@ -74,6 +73,19 @@ def lake(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -131,18 +143,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -169,10 +169,7 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The location in which the task will be created in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -183,6 +180,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -254,6 +253,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -266,18 +278,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -391,6 +391,60 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_task\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.TaskIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_task\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.TaskIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_task\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.TaskIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -435,10 +489,7 @@ def __init__(__self__, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The location in which the task will be created in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -449,6 +500,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -528,6 +581,60 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_task\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.TaskIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_task\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.TaskIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_task\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.TaskIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -643,10 +750,7 @@ def get(resource_name: str, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: The location in which the task will be created in. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -657,6 +761,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.TaskIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -709,16 +815,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -730,6 +828,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataplex/task_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/task_iam_policy.py index eb1991f03c..7d33597aa8 100644 --- a/sdk/python/pulumi_gcp/dataplex/task_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/task_iam_policy.py @@ -29,18 +29,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "lake", lake) pulumi.set(__self__, "policy_data", policy_data) @@ -104,18 +92,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -144,18 +120,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -227,18 +191,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -336,6 +288,60 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_task\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.TaskIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_task\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.TaskIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_task\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.TaskIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -384,18 +390,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -472,6 +466,60 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_task\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.TaskIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_task\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.TaskIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_task\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.TaskIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + task_id=example["taskId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -583,18 +631,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -649,18 +685,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/dataplex/zone_iam_binding.py b/sdk/python/pulumi_gcp/dataplex/zone_iam_binding.py index b0c4cd8ddb..29a8edb860 100644 --- a/sdk/python/pulumi_gcp/dataplex/zone_iam_binding.py +++ b/sdk/python/pulumi_gcp/dataplex/zone_iam_binding.py @@ -26,13 +26,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a ZoneIamBinding resource. :param pulumi.Input[str] dataplex_zone: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +37,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "dataplex_zone", dataplex_zone) pulumi.set(__self__, "lake", lake) @@ -79,6 +78,19 @@ def lake(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -123,18 +135,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -158,10 +158,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering ZoneIamBinding resources. :param pulumi.Input[str] dataplex_zone: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -172,6 +169,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -247,6 +246,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -259,18 +271,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -375,6 +375,60 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_zone\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.ZoneIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_zone\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.ZoneIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_zone\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.ZoneIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -416,10 +470,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] dataplex_zone: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -430,6 +481,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -509,6 +562,60 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_zone\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.ZoneIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_zone\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.ZoneIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_zone\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.ZoneIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -621,10 +728,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] dataplex_zone: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -635,6 +739,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -687,16 +793,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -708,6 +806,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataplex/zone_iam_member.py b/sdk/python/pulumi_gcp/dataplex/zone_iam_member.py index c81f648fee..bef380f32c 100644 --- a/sdk/python/pulumi_gcp/dataplex/zone_iam_member.py +++ b/sdk/python/pulumi_gcp/dataplex/zone_iam_member.py @@ -26,13 +26,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a ZoneIamMember resource. :param pulumi.Input[str] dataplex_zone: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +37,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "dataplex_zone", dataplex_zone) pulumi.set(__self__, "lake", lake) @@ -79,6 +78,19 @@ def lake(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -123,18 +135,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -158,10 +158,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering ZoneIamMember resources. :param pulumi.Input[str] dataplex_zone: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -172,6 +169,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -247,6 +246,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -259,18 +271,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -375,6 +375,60 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_zone\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.ZoneIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_zone\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.ZoneIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_zone\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.ZoneIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -416,10 +470,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] dataplex_zone: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -430,6 +481,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -509,6 +562,60 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_zone\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.ZoneIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_zone\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.ZoneIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_zone\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.ZoneIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -621,10 +728,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] dataplex_zone: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -635,6 +739,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataplex.ZoneIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -687,16 +793,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -708,6 +806,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataplex/zone_iam_policy.py b/sdk/python/pulumi_gcp/dataplex/zone_iam_policy.py index b48362eadb..33fc1e39b8 100644 --- a/sdk/python/pulumi_gcp/dataplex/zone_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataplex/zone_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "dataplex_zone", dataplex_zone) pulumi.set(__self__, "lake", lake) @@ -96,18 +84,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -133,18 +109,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if dataplex_zone is not None: pulumi.set(__self__, "dataplex_zone", dataplex_zone) @@ -220,18 +184,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -320,6 +272,60 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_zone\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.ZoneIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_zone\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.ZoneIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_zone\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.ZoneIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -365,18 +371,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -453,6 +447,60 @@ def __init__(__self__, ``` + ## google\\_dataplex\\_zone\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataplex.ZoneIamPolicy("policy", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataplex\\_zone\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataplex.ZoneIamBinding("binding", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataplex\\_zone\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataplex.ZoneIamMember("member", + project=example["project"], + location=example["location"], + lake=example["lake"], + dataplex_zone=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -561,18 +609,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -627,18 +663,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/dataproc/autoscaling_policy_iam_binding.py b/sdk/python/pulumi_gcp/dataproc/autoscaling_policy_iam_binding.py index 2c3d4554b3..77a7a1fe83 100644 --- a/sdk/python/pulumi_gcp/dataproc/autoscaling_policy_iam_binding.py +++ b/sdk/python/pulumi_gcp/dataproc/autoscaling_policy_iam_binding.py @@ -24,6 +24,17 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a AutoscalingPolicyIamBinding resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters. @@ -36,18 +47,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "policy_id", policy_id) @@ -62,6 +61,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -126,18 +138,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -162,14 +162,7 @@ def __init__(__self__, *, :param pulumi.Input[str] location: The location where the autoscaling policy should reside. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - 3 and 50 characters. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -180,6 +173,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + 3 and 50 characters. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -237,6 +236,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -264,18 +276,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -376,6 +376,57 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataproc.AutoscalingPolicyIamPolicy("policy", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataproc.AutoscalingPolicyIamBinding("binding", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataproc.AutoscalingPolicyIamMember("member", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -419,14 +470,7 @@ def __init__(__self__, :param pulumi.Input[str] location: The location where the autoscaling policy should reside. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - 3 and 50 characters. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -437,6 +481,12 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + 3 and 50 characters. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -513,6 +563,57 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataproc.AutoscalingPolicyIamPolicy("policy", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataproc.AutoscalingPolicyIamBinding("binding", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataproc.AutoscalingPolicyIamMember("member", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -622,14 +723,7 @@ def get(resource_name: str, :param pulumi.Input[str] location: The location where the autoscaling policy should reside. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - 3 and 50 characters. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -640,6 +734,12 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + 3 and 50 characters. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -683,6 +783,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -702,18 +815,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/dataproc/autoscaling_policy_iam_member.py b/sdk/python/pulumi_gcp/dataproc/autoscaling_policy_iam_member.py index a3228c2638..b0f59c8dad 100644 --- a/sdk/python/pulumi_gcp/dataproc/autoscaling_policy_iam_member.py +++ b/sdk/python/pulumi_gcp/dataproc/autoscaling_policy_iam_member.py @@ -24,6 +24,17 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a AutoscalingPolicyIamMember resource. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between 3 and 50 characters. @@ -36,18 +47,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "policy_id", policy_id) @@ -62,6 +61,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -126,18 +138,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -162,14 +162,7 @@ def __init__(__self__, *, :param pulumi.Input[str] location: The location where the autoscaling policy should reside. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - 3 and 50 characters. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -180,6 +173,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + 3 and 50 characters. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -237,6 +236,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -264,18 +276,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -376,6 +376,57 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataproc.AutoscalingPolicyIamPolicy("policy", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataproc.AutoscalingPolicyIamBinding("binding", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataproc.AutoscalingPolicyIamMember("member", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -419,14 +470,7 @@ def __init__(__self__, :param pulumi.Input[str] location: The location where the autoscaling policy should reside. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - 3 and 50 characters. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -437,6 +481,12 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + 3 and 50 characters. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -513,6 +563,57 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataproc.AutoscalingPolicyIamPolicy("policy", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataproc.AutoscalingPolicyIamBinding("binding", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataproc.AutoscalingPolicyIamMember("member", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -622,14 +723,7 @@ def get(resource_name: str, :param pulumi.Input[str] location: The location where the autoscaling policy should reside. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), - and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between - 3 and 50 characters. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -640,6 +734,12 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] policy_id: The policy id. The id must contain only letters (a-z, A-Z), numbers (0-9), underscores (_), + and hyphens (-). Cannot begin or end with underscore or hyphen. Must consist of between + 3 and 50 characters. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.AutoscalingPolicyIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -683,6 +783,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -702,18 +815,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/dataproc/autoscaling_policy_iam_policy.py b/sdk/python/pulumi_gcp/dataproc/autoscaling_policy_iam_policy.py index e4e67bf4ef..8ee8d7488e 100644 --- a/sdk/python/pulumi_gcp/dataproc/autoscaling_policy_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataproc/autoscaling_policy_iam_policy.py @@ -31,18 +31,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "policy_id", policy_id) @@ -99,18 +87,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -141,18 +117,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -225,18 +189,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -321,6 +273,57 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataproc.AutoscalingPolicyIamPolicy("policy", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataproc.AutoscalingPolicyIamBinding("binding", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataproc.AutoscalingPolicyIamMember("member", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -372,18 +375,6 @@ def __init__(__self__, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -457,6 +448,57 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataproc.AutoscalingPolicyIamPolicy("policy", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataproc.AutoscalingPolicyIamBinding("binding", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_autoscaling\\_policy\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataproc.AutoscalingPolicyIamMember("member", + project=basic["project"], + location=basic["location"], + policy_id=basic["policyId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -566,18 +608,6 @@ def get(resource_name: str, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -634,18 +664,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/dataproc/cluster_iam_binding.py b/sdk/python/pulumi_gcp/dataproc/cluster_iam_binding.py index 86326c6203..079ec4048d 100644 --- a/sdk/python/pulumi_gcp/dataproc/cluster_iam_binding.py +++ b/sdk/python/pulumi_gcp/dataproc/cluster_iam_binding.py @@ -27,8 +27,7 @@ def __init__(__self__, *, :param pulumi.Input[str] cluster: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -63,15 +62,6 @@ def cluster(self) -> pulumi.Input[str]: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "cluster") @@ -82,6 +72,16 @@ def cluster(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -155,8 +155,8 @@ def __init__(__self__, *, :param pulumi.Input[str] cluster: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the clusters's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,7 +164,6 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the clusters's IAM policy. :param pulumi.Input[str] project: The project in which the cluster belongs. If it is not provided, the provider will use a default. :param pulumi.Input[str] region: The region in which the cluster belongs. If it @@ -197,15 +196,6 @@ def cluster(self) -> Optional[pulumi.Input[str]]: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "cluster") @@ -237,6 +227,16 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -356,6 +356,53 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_cluster\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.dataproc.ClusterIAMPolicy("editor", + project="your-project", + region="your-region", + cluster="your-dataproc-cluster", + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_cluster\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.ClusterIAMBinding("editor", + cluster="your-dataproc-cluster", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_cluster\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.ClusterIAMMember("editor", + cluster="your-dataproc-cluster", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -387,8 +434,7 @@ def __init__(__self__, :param pulumi.Input[str] cluster: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -470,6 +516,53 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_cluster\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.dataproc.ClusterIAMPolicy("editor", + project="your-project", + region="your-region", + cluster="your-dataproc-cluster", + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_cluster\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.ClusterIAMBinding("editor", + cluster="your-dataproc-cluster", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_cluster\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.ClusterIAMMember("editor", + cluster="your-dataproc-cluster", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -566,8 +659,8 @@ def get(resource_name: str, :param pulumi.Input[str] cluster: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the clusters's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -575,7 +668,6 @@ def get(resource_name: str, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the clusters's IAM policy. :param pulumi.Input[str] project: The project in which the cluster belongs. If it is not provided, the provider will use a default. :param pulumi.Input[str] region: The region in which the cluster belongs. If it @@ -606,15 +698,6 @@ def cluster(self) -> pulumi.Output[str]: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "cluster") @@ -634,6 +717,16 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/dataproc/cluster_iam_member.py b/sdk/python/pulumi_gcp/dataproc/cluster_iam_member.py index f63c8dfd99..dfb959475f 100644 --- a/sdk/python/pulumi_gcp/dataproc/cluster_iam_member.py +++ b/sdk/python/pulumi_gcp/dataproc/cluster_iam_member.py @@ -27,8 +27,7 @@ def __init__(__self__, *, :param pulumi.Input[str] cluster: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -63,15 +62,6 @@ def cluster(self) -> pulumi.Input[str]: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "cluster") @@ -82,6 +72,16 @@ def cluster(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -155,8 +155,8 @@ def __init__(__self__, *, :param pulumi.Input[str] cluster: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the clusters's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,7 +164,6 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the clusters's IAM policy. :param pulumi.Input[str] project: The project in which the cluster belongs. If it is not provided, the provider will use a default. :param pulumi.Input[str] region: The region in which the cluster belongs. If it @@ -197,15 +196,6 @@ def cluster(self) -> Optional[pulumi.Input[str]]: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "cluster") @@ -237,6 +227,16 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -356,6 +356,53 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_cluster\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.dataproc.ClusterIAMPolicy("editor", + project="your-project", + region="your-region", + cluster="your-dataproc-cluster", + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_cluster\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.ClusterIAMBinding("editor", + cluster="your-dataproc-cluster", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_cluster\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.ClusterIAMMember("editor", + cluster="your-dataproc-cluster", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -387,8 +434,7 @@ def __init__(__self__, :param pulumi.Input[str] cluster: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -470,6 +516,53 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_cluster\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.dataproc.ClusterIAMPolicy("editor", + project="your-project", + region="your-region", + cluster="your-dataproc-cluster", + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_cluster\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.ClusterIAMBinding("editor", + cluster="your-dataproc-cluster", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_cluster\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.ClusterIAMMember("editor", + cluster="your-dataproc-cluster", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -566,8 +659,8 @@ def get(resource_name: str, :param pulumi.Input[str] cluster: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the clusters's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -575,7 +668,6 @@ def get(resource_name: str, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the clusters's IAM policy. :param pulumi.Input[str] project: The project in which the cluster belongs. If it is not provided, the provider will use a default. :param pulumi.Input[str] region: The region in which the cluster belongs. If it @@ -606,15 +698,6 @@ def cluster(self) -> pulumi.Output[str]: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "cluster") @@ -634,6 +717,16 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/dataproc/cluster_iam_policy.py b/sdk/python/pulumi_gcp/dataproc/cluster_iam_policy.py index 6dafe5011c..d9be91b26a 100644 --- a/sdk/python/pulumi_gcp/dataproc/cluster_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataproc/cluster_iam_policy.py @@ -23,15 +23,6 @@ def __init__(__self__, *, :param pulumi.Input[str] cluster: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. - - - @@ -54,15 +45,6 @@ def cluster(self) -> pulumi.Input[str]: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "cluster") @@ -124,15 +106,6 @@ def __init__(__self__, *, :param pulumi.Input[str] cluster: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] etag: (Computed) The etag of the clusters's IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -160,15 +133,6 @@ def cluster(self) -> Optional[pulumi.Input[str]]: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "cluster") @@ -297,6 +261,53 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_cluster\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.dataproc.ClusterIAMPolicy("editor", + project="your-project", + region="your-region", + cluster="your-dataproc-cluster", + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_cluster\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.ClusterIAMBinding("editor", + cluster="your-dataproc-cluster", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_cluster\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.ClusterIAMMember("editor", + cluster="your-dataproc-cluster", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -328,15 +339,6 @@ def __init__(__self__, :param pulumi.Input[str] cluster: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. - - - @@ -409,6 +411,53 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_cluster\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.dataproc.ClusterIAMPolicy("editor", + project="your-project", + region="your-region", + cluster="your-dataproc-cluster", + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_cluster\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.ClusterIAMBinding("editor", + cluster="your-dataproc-cluster", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_cluster\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.ClusterIAMMember("editor", + cluster="your-dataproc-cluster", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -497,15 +546,6 @@ def get(resource_name: str, :param pulumi.Input[str] cluster: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] etag: (Computed) The etag of the clusters's IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -533,15 +573,6 @@ def cluster(self) -> pulumi.Output[str]: The name or relative resource id of the cluster to manage IAM policies for. For `dataproc.ClusterIAMMember` or `dataproc.ClusterIAMBinding`: - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "cluster") diff --git a/sdk/python/pulumi_gcp/dataproc/job_iam_binding.py b/sdk/python/pulumi_gcp/dataproc/job_iam_binding.py index b59647f784..e862bd7968 100644 --- a/sdk/python/pulumi_gcp/dataproc/job_iam_binding.py +++ b/sdk/python/pulumi_gcp/dataproc/job_iam_binding.py @@ -24,6 +24,14 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a JobIAMBinding resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.JobIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -56,6 +64,16 @@ def job_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -127,6 +145,14 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering JobIAMBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the jobs's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the job belongs. If it is not provided, the provider will use a default. :param pulumi.Input[str] region: The region in which the job belongs. If it @@ -185,6 +211,16 @@ def job_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -304,6 +340,53 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_job\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.dataproc.JobIAMPolicy("editor", + project="your-project", + region="your-region", + job_id="your-dataproc-job", + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_job\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.JobIAMBinding("editor", + job_id="your-dataproc-job", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_job\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.JobIAMMember("editor", + job_id="your-dataproc-job", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -332,6 +415,14 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the job belongs. If it is not provided, the provider will use a default. :param pulumi.Input[str] region: The region in which the job belongs. If it @@ -406,6 +497,53 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_job\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.dataproc.JobIAMPolicy("editor", + project="your-project", + region="your-region", + job_id="your-dataproc-job", + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_job\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.JobIAMBinding("editor", + job_id="your-dataproc-job", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_job\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.JobIAMMember("editor", + job_id="your-dataproc-job", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -500,6 +638,14 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the jobs's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the job belongs. If it is not provided, the provider will use a default. :param pulumi.Input[str] region: The region in which the job belongs. If it @@ -544,6 +690,16 @@ def job_id(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/dataproc/job_iam_member.py b/sdk/python/pulumi_gcp/dataproc/job_iam_member.py index 3109c06940..9b5a0b92e7 100644 --- a/sdk/python/pulumi_gcp/dataproc/job_iam_member.py +++ b/sdk/python/pulumi_gcp/dataproc/job_iam_member.py @@ -24,6 +24,14 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a JobIAMMember resource. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.JobIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -56,6 +64,16 @@ def job_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -127,6 +145,14 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering JobIAMMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the jobs's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the job belongs. If it is not provided, the provider will use a default. :param pulumi.Input[str] region: The region in which the job belongs. If it @@ -185,6 +211,16 @@ def job_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -304,6 +340,53 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_job\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.dataproc.JobIAMPolicy("editor", + project="your-project", + region="your-region", + job_id="your-dataproc-job", + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_job\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.JobIAMBinding("editor", + job_id="your-dataproc-job", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_job\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.JobIAMMember("editor", + job_id="your-dataproc-job", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -332,6 +415,14 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the job belongs. If it is not provided, the provider will use a default. :param pulumi.Input[str] region: The region in which the job belongs. If it @@ -406,6 +497,53 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_job\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.dataproc.JobIAMPolicy("editor", + project="your-project", + region="your-region", + job_id="your-dataproc-job", + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_job\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.JobIAMBinding("editor", + job_id="your-dataproc-job", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_job\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.JobIAMMember("editor", + job_id="your-dataproc-job", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -500,6 +638,14 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the jobs's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the job belongs. If it is not provided, the provider will use a default. :param pulumi.Input[str] region: The region in which the job belongs. If it @@ -544,6 +690,16 @@ def job_id(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/dataproc/job_iam_policy.py b/sdk/python/pulumi_gcp/dataproc/job_iam_policy.py index 43711b4aab..48446c4878 100644 --- a/sdk/python/pulumi_gcp/dataproc/job_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataproc/job_iam_policy.py @@ -245,6 +245,53 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_job\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.dataproc.JobIAMPolicy("editor", + project="your-project", + region="your-region", + job_id="your-dataproc-job", + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_job\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.JobIAMBinding("editor", + job_id="your-dataproc-job", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_job\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.JobIAMMember("editor", + job_id="your-dataproc-job", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -345,6 +392,53 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_job\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.dataproc.JobIAMPolicy("editor", + project="your-project", + region="your-region", + job_id="your-dataproc-job", + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_job\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.JobIAMBinding("editor", + job_id="your-dataproc-job", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_job\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.dataproc.JobIAMMember("editor", + job_id="your-dataproc-job", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies diff --git a/sdk/python/pulumi_gcp/dataproc/metastore_federation_iam_binding.py b/sdk/python/pulumi_gcp/dataproc/metastore_federation_iam_binding.py index e363f83e37..15cc815305 100644 --- a/sdk/python/pulumi_gcp/dataproc/metastore_federation_iam_binding.py +++ b/sdk/python/pulumi_gcp/dataproc/metastore_federation_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a MetastoreFederationIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location where the metastore federation should reside. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location where the metastore federation should reside. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "federation_id", federation_id) pulumi.set(__self__, "members", members) @@ -66,6 +65,19 @@ def federation_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -114,18 +126,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -149,10 +149,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the metastore federation should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -163,6 +160,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -228,6 +227,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -240,18 +252,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -329,10 +329,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location where the metastore federation should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -343,6 +340,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -462,10 +461,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the metastore federation should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -476,6 +472,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -523,16 +521,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -544,6 +534,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataproc/metastore_federation_iam_member.py b/sdk/python/pulumi_gcp/dataproc/metastore_federation_iam_member.py index efba90f308..db5aefa39d 100644 --- a/sdk/python/pulumi_gcp/dataproc/metastore_federation_iam_member.py +++ b/sdk/python/pulumi_gcp/dataproc/metastore_federation_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a MetastoreFederationIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location where the metastore federation should reside. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location where the metastore federation should reside. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "federation_id", federation_id) pulumi.set(__self__, "member", member) @@ -66,6 +65,19 @@ def federation_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -114,18 +126,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -149,10 +149,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the metastore federation should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -163,6 +160,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -228,6 +227,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -240,18 +252,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -329,10 +329,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location where the metastore federation should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -343,6 +340,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -462,10 +461,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the metastore federation should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -476,6 +472,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.MetastoreFederationIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -523,16 +521,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -544,6 +534,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataproc/metastore_federation_iam_policy.py b/sdk/python/pulumi_gcp/dataproc/metastore_federation_iam_policy.py index d7411c8464..50ccc1e0bb 100644 --- a/sdk/python/pulumi_gcp/dataproc/metastore_federation_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataproc/metastore_federation_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "federation_id", federation_id) pulumi.set(__self__, "policy_data", policy_data) @@ -87,18 +75,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -124,18 +100,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -201,18 +165,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -278,18 +230,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -402,18 +342,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -463,18 +391,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/dataproc/metastore_service_iam_binding.py b/sdk/python/pulumi_gcp/dataproc/metastore_service_iam_binding.py index 077d30d945..272fa46743 100644 --- a/sdk/python/pulumi_gcp/dataproc/metastore_service_iam_binding.py +++ b/sdk/python/pulumi_gcp/dataproc/metastore_service_iam_binding.py @@ -24,16 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a MetastoreServiceIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location where the metastore service should reside. - The default value is `global`. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location where the metastore service should reside. + The default value is `global`. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -116,18 +128,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -152,10 +152,7 @@ def __init__(__self__, *, :param pulumi.Input[str] location: The location where the metastore service should reside. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +163,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -223,6 +222,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -235,18 +247,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -356,6 +356,57 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_metastore\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataproc.MetastoreServiceIamPolicy("policy", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_metastore\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataproc.MetastoreServiceIamBinding("binding", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_metastore\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataproc.MetastoreServiceIamMember("member", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -399,10 +450,7 @@ def __init__(__self__, :param pulumi.Input[str] location: The location where the metastore service should reside. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +461,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_metastore\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataproc.MetastoreServiceIamPolicy("policy", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_metastore\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataproc.MetastoreServiceIamBinding("binding", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_metastore\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataproc.MetastoreServiceIamMember("member", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -598,10 +699,7 @@ def get(resource_name: str, :param pulumi.Input[str] location: The location where the metastore service should reside. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -612,6 +710,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -655,16 +755,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -676,6 +768,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataproc/metastore_service_iam_member.py b/sdk/python/pulumi_gcp/dataproc/metastore_service_iam_member.py index 3f169360f1..fa0c185e0d 100644 --- a/sdk/python/pulumi_gcp/dataproc/metastore_service_iam_member.py +++ b/sdk/python/pulumi_gcp/dataproc/metastore_service_iam_member.py @@ -24,16 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a MetastoreServiceIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location where the metastore service should reside. - The default value is `global`. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location where the metastore service should reside. + The default value is `global`. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -116,18 +128,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -152,10 +152,7 @@ def __init__(__self__, *, :param pulumi.Input[str] location: The location where the metastore service should reside. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +163,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -223,6 +222,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -235,18 +247,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -356,6 +356,57 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_metastore\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataproc.MetastoreServiceIamPolicy("policy", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_metastore\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataproc.MetastoreServiceIamBinding("binding", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_metastore\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataproc.MetastoreServiceIamMember("member", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -399,10 +450,7 @@ def __init__(__self__, :param pulumi.Input[str] location: The location where the metastore service should reside. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +461,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_metastore\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataproc.MetastoreServiceIamPolicy("policy", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_metastore\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataproc.MetastoreServiceIamBinding("binding", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_metastore\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataproc.MetastoreServiceIamMember("member", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -598,10 +699,7 @@ def get(resource_name: str, :param pulumi.Input[str] location: The location where the metastore service should reside. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -612,6 +710,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dataproc.MetastoreServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -655,16 +755,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -676,6 +768,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dataproc/metastore_service_iam_policy.py b/sdk/python/pulumi_gcp/dataproc/metastore_service_iam_policy.py index 110a2502ae..b4256f604a 100644 --- a/sdk/python/pulumi_gcp/dataproc/metastore_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/dataproc/metastore_service_iam_policy.py @@ -27,18 +27,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "service_id", service_id) @@ -89,18 +77,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -127,18 +103,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -196,18 +160,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -301,6 +253,57 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_metastore\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataproc.MetastoreServiceIamPolicy("policy", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_metastore\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataproc.MetastoreServiceIamBinding("binding", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_metastore\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataproc.MetastoreServiceIamMember("member", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -348,18 +351,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -433,6 +424,57 @@ def __init__(__self__, ``` + ## google\\_dataproc\\_metastore\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dataproc.MetastoreServiceIamPolicy("policy", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dataproc\\_metastore\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dataproc.MetastoreServiceIamBinding("binding", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dataproc\\_metastore\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dataproc.MetastoreServiceIamMember("member", + project=default["project"], + location=default["location"], + service_id=default["serviceId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -538,18 +580,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -595,18 +625,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/dns/dns_managed_zone_iam_binding.py b/sdk/python/pulumi_gcp/dns/dns_managed_zone_iam_binding.py index 799d45b0d2..4134e61e25 100644 --- a/sdk/python/pulumi_gcp/dns/dns_managed_zone_iam_binding.py +++ b/sdk/python/pulumi_gcp/dns/dns_managed_zone_iam_binding.py @@ -24,13 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a DnsManagedZoneIamBinding resource. :param pulumi.Input[str] managed_zone: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +35,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "managed_zone", managed_zone) pulumi.set(__self__, "members", members) @@ -65,6 +64,19 @@ def managed_zone(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -100,18 +112,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -133,10 +133,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering DnsManagedZoneIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] managed_zone: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -147,6 +144,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -200,6 +199,19 @@ def managed_zone(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -212,18 +224,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -320,6 +320,54 @@ def __init__(__self__, ``` + ## google\\_dns\\_managed\\_zone\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dns.DnsManagedZoneIamPolicy("policy", + project=default["project"], + managed_zone=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dns\\_managed\\_zone\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dns.DnsManagedZoneIamBinding("binding", + project=default["project"], + managed_zone=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dns\\_managed\\_zone\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dns.DnsManagedZoneIamMember("member", + project=default["project"], + managed_zone=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -359,10 +407,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] managed_zone: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -373,6 +418,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -446,6 +493,54 @@ def __init__(__self__, ``` + ## google\\_dns\\_managed\\_zone\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dns.DnsManagedZoneIamPolicy("policy", + project=default["project"], + managed_zone=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dns\\_managed\\_zone\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dns.DnsManagedZoneIamBinding("binding", + project=default["project"], + managed_zone=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dns\\_managed\\_zone\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dns.DnsManagedZoneIamMember("member", + project=default["project"], + managed_zone=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -548,10 +643,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] managed_zone: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -562,6 +654,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -602,16 +696,8 @@ def managed_zone(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -623,6 +709,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dns/dns_managed_zone_iam_member.py b/sdk/python/pulumi_gcp/dns/dns_managed_zone_iam_member.py index b76f8ee0b8..d2f1b8d938 100644 --- a/sdk/python/pulumi_gcp/dns/dns_managed_zone_iam_member.py +++ b/sdk/python/pulumi_gcp/dns/dns_managed_zone_iam_member.py @@ -24,13 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a DnsManagedZoneIamMember resource. :param pulumi.Input[str] managed_zone: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +35,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "managed_zone", managed_zone) pulumi.set(__self__, "member", member) @@ -65,6 +64,19 @@ def managed_zone(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -100,18 +112,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -133,10 +133,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering DnsManagedZoneIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] managed_zone: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -147,6 +144,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -200,6 +199,19 @@ def managed_zone(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -212,18 +224,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -320,6 +320,54 @@ def __init__(__self__, ``` + ## google\\_dns\\_managed\\_zone\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dns.DnsManagedZoneIamPolicy("policy", + project=default["project"], + managed_zone=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dns\\_managed\\_zone\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dns.DnsManagedZoneIamBinding("binding", + project=default["project"], + managed_zone=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dns\\_managed\\_zone\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dns.DnsManagedZoneIamMember("member", + project=default["project"], + managed_zone=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -359,10 +407,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] managed_zone: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -373,6 +418,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -446,6 +493,54 @@ def __init__(__self__, ``` + ## google\\_dns\\_managed\\_zone\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dns.DnsManagedZoneIamPolicy("policy", + project=default["project"], + managed_zone=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dns\\_managed\\_zone\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dns.DnsManagedZoneIamBinding("binding", + project=default["project"], + managed_zone=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dns\\_managed\\_zone\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dns.DnsManagedZoneIamMember("member", + project=default["project"], + managed_zone=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -548,10 +643,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] managed_zone: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -562,6 +654,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `dns.DnsManagedZoneIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -602,16 +696,8 @@ def managed_zone(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -623,6 +709,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/dns/dns_managed_zone_iam_policy.py b/sdk/python/pulumi_gcp/dns/dns_managed_zone_iam_policy.py index e25186a093..20664939d4 100644 --- a/sdk/python/pulumi_gcp/dns/dns_managed_zone_iam_policy.py +++ b/sdk/python/pulumi_gcp/dns/dns_managed_zone_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "managed_zone", managed_zone) pulumi.set(__self__, "policy_data", policy_data) @@ -73,18 +61,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -108,18 +84,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -173,18 +137,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -265,6 +217,54 @@ def __init__(__self__, ``` + ## google\\_dns\\_managed\\_zone\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dns.DnsManagedZoneIamPolicy("policy", + project=default["project"], + managed_zone=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dns\\_managed\\_zone\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dns.DnsManagedZoneIamBinding("binding", + project=default["project"], + managed_zone=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dns\\_managed\\_zone\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dns.DnsManagedZoneIamMember("member", + project=default["project"], + managed_zone=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -308,18 +308,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -390,6 +378,54 @@ def __init__(__self__, ``` + ## google\\_dns\\_managed\\_zone\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.dns.DnsManagedZoneIamPolicy("policy", + project=default["project"], + managed_zone=default["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_dns\\_managed\\_zone\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.dns.DnsManagedZoneIamBinding("binding", + project=default["project"], + managed_zone=default["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_dns\\_managed\\_zone\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.dns.DnsManagedZoneIamMember("member", + project=default["project"], + managed_zone=default["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -488,18 +524,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -542,18 +566,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/endpoints/consumers_iam_binding.py b/sdk/python/pulumi_gcp/endpoints/consumers_iam_binding.py index b6b4f2e840..7ffad14748 100644 --- a/sdk/python/pulumi_gcp/endpoints/consumers_iam_binding.py +++ b/sdk/python/pulumi_gcp/endpoints/consumers_iam_binding.py @@ -23,6 +23,17 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['ConsumersIamBindingConditionArgs']] = None): """ The set of arguments for constructing a ConsumersIamBinding resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -46,6 +57,19 @@ def consumer_project(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -97,6 +121,17 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering ConsumersIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -147,6 +182,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -241,6 +289,17 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -369,6 +428,17 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -406,6 +476,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/endpoints/consumers_iam_member.py b/sdk/python/pulumi_gcp/endpoints/consumers_iam_member.py index 7f88d93656..14d76ea316 100644 --- a/sdk/python/pulumi_gcp/endpoints/consumers_iam_member.py +++ b/sdk/python/pulumi_gcp/endpoints/consumers_iam_member.py @@ -23,6 +23,17 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['ConsumersIamMemberConditionArgs']] = None): """ The set of arguments for constructing a ConsumersIamMember resource. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -46,6 +57,19 @@ def consumer_project(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -97,6 +121,17 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering ConsumersIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -147,6 +182,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -241,6 +289,17 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -369,6 +428,17 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ConsumersIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -406,6 +476,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/endpoints/service_iam_binding.py b/sdk/python/pulumi_gcp/endpoints/service_iam_binding.py index 048fb52389..18ab689508 100644 --- a/sdk/python/pulumi_gcp/endpoints/service_iam_binding.py +++ b/sdk/python/pulumi_gcp/endpoints/service_iam_binding.py @@ -22,6 +22,17 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['ServiceIamBindingConditionArgs']] = None): """ The set of arguments for constructing a ServiceIamBinding resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -35,6 +46,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -85,6 +109,17 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering ServiceIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -124,6 +159,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -224,6 +272,51 @@ def __init__(__self__, ``` + ## google\\_endpoints\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.endpoints.ServiceIamPolicy("policy", + service_name=endpoints_service["serviceName"], + policy_data=admin.policy_data) + ``` + + + ## google\\_endpoints\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.endpoints.ServiceIamBinding("binding", + service_name=endpoints_service["serviceName"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_endpoints\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.endpoints.ServiceIamMember("member", + service_name=endpoints_service["serviceName"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -260,6 +353,17 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -330,6 +434,51 @@ def __init__(__self__, ``` + ## google\\_endpoints\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.endpoints.ServiceIamPolicy("policy", + service_name=endpoints_service["serviceName"], + policy_data=admin.policy_data) + ``` + + + ## google\\_endpoints\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.endpoints.ServiceIamBinding("binding", + service_name=endpoints_service["serviceName"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_endpoints\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.endpoints.ServiceIamMember("member", + service_name=endpoints_service["serviceName"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -426,6 +575,17 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -457,6 +617,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/endpoints/service_iam_member.py b/sdk/python/pulumi_gcp/endpoints/service_iam_member.py index db9e714f68..c69cb39907 100644 --- a/sdk/python/pulumi_gcp/endpoints/service_iam_member.py +++ b/sdk/python/pulumi_gcp/endpoints/service_iam_member.py @@ -22,6 +22,17 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['ServiceIamMemberConditionArgs']] = None): """ The set of arguments for constructing a ServiceIamMember resource. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -35,6 +46,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -85,6 +109,17 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering ServiceIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -124,6 +159,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -224,6 +272,51 @@ def __init__(__self__, ``` + ## google\\_endpoints\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.endpoints.ServiceIamPolicy("policy", + service_name=endpoints_service["serviceName"], + policy_data=admin.policy_data) + ``` + + + ## google\\_endpoints\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.endpoints.ServiceIamBinding("binding", + service_name=endpoints_service["serviceName"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_endpoints\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.endpoints.ServiceIamMember("member", + service_name=endpoints_service["serviceName"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -260,6 +353,17 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -330,6 +434,51 @@ def __init__(__self__, ``` + ## google\\_endpoints\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.endpoints.ServiceIamPolicy("policy", + service_name=endpoints_service["serviceName"], + policy_data=admin.policy_data) + ``` + + + ## google\\_endpoints\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.endpoints.ServiceIamBinding("binding", + service_name=endpoints_service["serviceName"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_endpoints\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.endpoints.ServiceIamMember("member", + service_name=endpoints_service["serviceName"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -426,6 +575,17 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] role: The role that should be applied. Only one `endpoints.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -457,6 +617,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/endpoints/service_iam_policy.py b/sdk/python/pulumi_gcp/endpoints/service_iam_policy.py index 95f1f4a0ee..3b4f5adb99 100644 --- a/sdk/python/pulumi_gcp/endpoints/service_iam_policy.py +++ b/sdk/python/pulumi_gcp/endpoints/service_iam_policy.py @@ -169,6 +169,51 @@ def __init__(__self__, ``` + ## google\\_endpoints\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.endpoints.ServiceIamPolicy("policy", + service_name=endpoints_service["serviceName"], + policy_data=admin.policy_data) + ``` + + + ## google\\_endpoints\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.endpoints.ServiceIamBinding("binding", + service_name=endpoints_service["serviceName"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_endpoints\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.endpoints.ServiceIamMember("member", + service_name=endpoints_service["serviceName"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -274,6 +319,51 @@ def __init__(__self__, ``` + ## google\\_endpoints\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.endpoints.ServiceIamPolicy("policy", + service_name=endpoints_service["serviceName"], + policy_data=admin.policy_data) + ``` + + + ## google\\_endpoints\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.endpoints.ServiceIamBinding("binding", + service_name=endpoints_service["serviceName"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_endpoints\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.endpoints.ServiceIamMember("member", + service_name=endpoints_service["serviceName"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: diff --git a/sdk/python/pulumi_gcp/folder/iam_audit_config.py b/sdk/python/pulumi_gcp/folder/iam_audit_config.py index 36911cc134..3e98f47a14 100644 --- a/sdk/python/pulumi_gcp/folder/iam_audit_config.py +++ b/sdk/python/pulumi_gcp/folder/iam_audit_config.py @@ -297,6 +297,141 @@ def __init__(__self__, ``` + ## google\\_folder\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your folder + using this resource. Deleting a `folder.IAMPolicy` removes access + from anyone without permissions on its parent folder/organization. Proceed with caution. + It's not recommended to use `folder.IAMPolicy` with your provider folder + to avoid locking yourself out, and it should generally only be used with folders + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + folder = gcp.folder.IAMPolicy("folder", + folder="folders/1234567", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + folder = gcp.folder.IAMPolicy("folder", + folder="folders/1234567", + policy_data=admin.policy_data) + ``` + + + ## google\\_folder\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMBinding("folder", + folder="folders/1234567", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMBinding("folder", + folder="folders/1234567", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.folder.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_folder\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMMember("folder", + folder="folders/1234567", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMMember("folder", + folder="folders/1234567", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.folder.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_folder\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IamAuditConfig("folder", + folder="folders/1234567", + service="allServices", + audit_log_configs=[ + gcp.folder.IamAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.folder.IamAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -485,6 +620,141 @@ def __init__(__self__, ``` + ## google\\_folder\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your folder + using this resource. Deleting a `folder.IAMPolicy` removes access + from anyone without permissions on its parent folder/organization. Proceed with caution. + It's not recommended to use `folder.IAMPolicy` with your provider folder + to avoid locking yourself out, and it should generally only be used with folders + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + folder = gcp.folder.IAMPolicy("folder", + folder="folders/1234567", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + folder = gcp.folder.IAMPolicy("folder", + folder="folders/1234567", + policy_data=admin.policy_data) + ``` + + + ## google\\_folder\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMBinding("folder", + folder="folders/1234567", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMBinding("folder", + folder="folders/1234567", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.folder.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_folder\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMMember("folder", + folder="folders/1234567", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMMember("folder", + folder="folders/1234567", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.folder.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_folder\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IamAuditConfig("folder", + folder="folders/1234567", + service="allServices", + audit_log_configs=[ + gcp.folder.IamAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.folder.IamAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs diff --git a/sdk/python/pulumi_gcp/folder/iam_member.py b/sdk/python/pulumi_gcp/folder/iam_member.py index c9b4f4abac..9e8f9ae964 100644 --- a/sdk/python/pulumi_gcp/folder/iam_member.py +++ b/sdk/python/pulumi_gcp/folder/iam_member.py @@ -23,6 +23,12 @@ def __init__(__self__, *, """ The set of arguments for constructing a IAMMember resource. :param pulumi.Input[str] folder: The resource name of the folder the policy is attached to. Its format is folders/{folder_id}. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] role: The role that should be applied. Only one `folder.IAMBinding` can be used per role. Note that custom roles must be of the format `organizations/{{org_id}}/roles/{{role_id}}`. @@ -50,6 +56,14 @@ def folder(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -98,6 +112,12 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the folder's IAM policy. :param pulumi.Input[str] folder: The resource name of the folder the policy is attached to. Its format is folders/{folder_id}. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] role: The role that should be applied. Only one `folder.IAMBinding` can be used per role. Note that custom roles must be of the format `organizations/{{org_id}}/roles/{{role_id}}`. @@ -153,6 +173,14 @@ def folder(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -334,6 +362,141 @@ def __init__(__self__, ``` + ## google\\_folder\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your folder + using this resource. Deleting a `folder.IAMPolicy` removes access + from anyone without permissions on its parent folder/organization. Proceed with caution. + It's not recommended to use `folder.IAMPolicy` with your provider folder + to avoid locking yourself out, and it should generally only be used with folders + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + folder = gcp.folder.IAMPolicy("folder", + folder="folders/1234567", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + folder = gcp.folder.IAMPolicy("folder", + folder="folders/1234567", + policy_data=admin.policy_data) + ``` + + + ## google\\_folder\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMBinding("folder", + folder="folders/1234567", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMBinding("folder", + folder="folders/1234567", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.folder.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_folder\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMMember("folder", + folder="folders/1234567", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMMember("folder", + folder="folders/1234567", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.folder.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_folder\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IamAuditConfig("folder", + folder="folders/1234567", + service="allServices", + audit_log_configs=[ + gcp.folder.IamAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.folder.IamAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -365,6 +528,12 @@ def __init__(__self__, :param pulumi.Input[pulumi.InputType['IAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] folder: The resource name of the folder the policy is attached to. Its format is folders/{folder_id}. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] role: The role that should be applied. Only one `folder.IAMBinding` can be used per role. Note that custom roles must be of the format `organizations/{{org_id}}/roles/{{role_id}}`. @@ -525,6 +694,141 @@ def __init__(__self__, ``` + ## google\\_folder\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your folder + using this resource. Deleting a `folder.IAMPolicy` removes access + from anyone without permissions on its parent folder/organization. Proceed with caution. + It's not recommended to use `folder.IAMPolicy` with your provider folder + to avoid locking yourself out, and it should generally only be used with folders + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + folder = gcp.folder.IAMPolicy("folder", + folder="folders/1234567", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + folder = gcp.folder.IAMPolicy("folder", + folder="folders/1234567", + policy_data=admin.policy_data) + ``` + + + ## google\\_folder\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMBinding("folder", + folder="folders/1234567", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMBinding("folder", + folder="folders/1234567", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.folder.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_folder\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMMember("folder", + folder="folders/1234567", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMMember("folder", + folder="folders/1234567", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.folder.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_folder\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IamAuditConfig("folder", + folder="folders/1234567", + service="allServices", + audit_log_configs=[ + gcp.folder.IamAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.folder.IamAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -616,6 +920,12 @@ def get(resource_name: str, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the folder's IAM policy. :param pulumi.Input[str] folder: The resource name of the folder the policy is attached to. Its format is folders/{folder_id}. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] role: The role that should be applied. Only one `folder.IAMBinding` can be used per role. Note that custom roles must be of the format `organizations/{{org_id}}/roles/{{role_id}}`. @@ -659,6 +969,14 @@ def folder(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/folder/iam_policy.py b/sdk/python/pulumi_gcp/folder/iam_policy.py index 18fdecce50..00e0f7fcae 100644 --- a/sdk/python/pulumi_gcp/folder/iam_policy.py +++ b/sdk/python/pulumi_gcp/folder/iam_policy.py @@ -291,6 +291,141 @@ def __init__(__self__, ``` + ## google\\_folder\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your folder + using this resource. Deleting a `folder.IAMPolicy` removes access + from anyone without permissions on its parent folder/organization. Proceed with caution. + It's not recommended to use `folder.IAMPolicy` with your provider folder + to avoid locking yourself out, and it should generally only be used with folders + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + folder = gcp.folder.IAMPolicy("folder", + folder="folders/1234567", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + folder = gcp.folder.IAMPolicy("folder", + folder="folders/1234567", + policy_data=admin.policy_data) + ``` + + + ## google\\_folder\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMBinding("folder", + folder="folders/1234567", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMBinding("folder", + folder="folders/1234567", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.folder.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_folder\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMMember("folder", + folder="folders/1234567", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMMember("folder", + folder="folders/1234567", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.folder.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_folder\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IamAuditConfig("folder", + folder="folders/1234567", + service="allServices", + audit_log_configs=[ + gcp.folder.IamAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.folder.IamAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -485,6 +620,141 @@ def __init__(__self__, ``` + ## google\\_folder\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your folder + using this resource. Deleting a `folder.IAMPolicy` removes access + from anyone without permissions on its parent folder/organization. Proceed with caution. + It's not recommended to use `folder.IAMPolicy` with your provider folder + to avoid locking yourself out, and it should generally only be used with folders + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + folder = gcp.folder.IAMPolicy("folder", + folder="folders/1234567", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + folder = gcp.folder.IAMPolicy("folder", + folder="folders/1234567", + policy_data=admin.policy_data) + ``` + + + ## google\\_folder\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMBinding("folder", + folder="folders/1234567", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMBinding("folder", + folder="folders/1234567", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.folder.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_folder\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMMember("folder", + folder="folders/1234567", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IAMMember("folder", + folder="folders/1234567", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.folder.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_folder\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + folder = gcp.folder.IamAuditConfig("folder", + folder="folders/1234567", + service="allServices", + audit_log_configs=[ + gcp.folder.IamAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.folder.IamAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs diff --git a/sdk/python/pulumi_gcp/gkebackup/backup_plan_iam_binding.py b/sdk/python/pulumi_gcp/gkebackup/backup_plan_iam_binding.py index 3ba9958219..5b5eaeb40e 100644 --- a/sdk/python/pulumi_gcp/gkebackup/backup_plan_iam_binding.py +++ b/sdk/python/pulumi_gcp/gkebackup/backup_plan_iam_binding.py @@ -24,16 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a BackupPlanIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The region of the Backup Plan. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The region of the Backup Plan. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -59,6 +58,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -119,18 +131,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,11 +154,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The region of the Backup Plan. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +165,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -225,6 +224,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -249,18 +261,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -361,6 +361,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkebackup.BackupPlanIamPolicy("policy", + project=basic["project"], + location=basic["location"], + name=basic["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkebackup.BackupPlanIamBinding("binding", + project=basic["project"], + location=basic["location"], + name=basic["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkebackup.BackupPlanIamMember("member", + project=basic["project"], + location=basic["location"], + name=basic["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -403,11 +454,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The region of the Backup Plan. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -418,6 +465,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -494,6 +544,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkebackup.BackupPlanIamPolicy("policy", + project=basic["project"], + location=basic["location"], + name=basic["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkebackup.BackupPlanIamBinding("binding", + project=basic["project"], + location=basic["location"], + name=basic["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkebackup.BackupPlanIamMember("member", + project=basic["project"], + location=basic["location"], + name=basic["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -600,11 +701,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The region of the Backup Plan. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -615,6 +712,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -657,6 +757,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -673,18 +786,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/gkebackup/backup_plan_iam_member.py b/sdk/python/pulumi_gcp/gkebackup/backup_plan_iam_member.py index 99b4da8d93..61db86a9b7 100644 --- a/sdk/python/pulumi_gcp/gkebackup/backup_plan_iam_member.py +++ b/sdk/python/pulumi_gcp/gkebackup/backup_plan_iam_member.py @@ -24,16 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a BackupPlanIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The region of the Backup Plan. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The region of the Backup Plan. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -59,6 +58,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -119,18 +131,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,11 +154,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The region of the Backup Plan. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -169,6 +165,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -225,6 +224,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -249,18 +261,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -361,6 +361,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkebackup.BackupPlanIamPolicy("policy", + project=basic["project"], + location=basic["location"], + name=basic["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkebackup.BackupPlanIamBinding("binding", + project=basic["project"], + location=basic["location"], + name=basic["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkebackup.BackupPlanIamMember("member", + project=basic["project"], + location=basic["location"], + name=basic["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -403,11 +454,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The region of the Backup Plan. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -418,6 +465,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -494,6 +544,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkebackup.BackupPlanIamPolicy("policy", + project=basic["project"], + location=basic["location"], + name=basic["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkebackup.BackupPlanIamBinding("binding", + project=basic["project"], + location=basic["location"], + name=basic["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkebackup.BackupPlanIamMember("member", + project=basic["project"], + location=basic["location"], + name=basic["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -600,11 +701,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The region of the Backup Plan. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -615,6 +712,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkebackup.BackupPlanIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -657,6 +757,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -673,18 +786,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/gkebackup/backup_plan_iam_policy.py b/sdk/python/pulumi_gcp/gkebackup/backup_plan_iam_policy.py index 617a8d4631..faf0b82357 100644 --- a/sdk/python/pulumi_gcp/gkebackup/backup_plan_iam_policy.py +++ b/sdk/python/pulumi_gcp/gkebackup/backup_plan_iam_policy.py @@ -27,18 +27,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if location is not None: @@ -92,18 +80,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -130,18 +106,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -210,18 +174,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -306,6 +258,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkebackup.BackupPlanIamPolicy("policy", + project=basic["project"], + location=basic["location"], + name=basic["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkebackup.BackupPlanIamBinding("binding", + project=basic["project"], + location=basic["location"], + name=basic["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkebackup.BackupPlanIamMember("member", + project=basic["project"], + location=basic["location"], + name=basic["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -353,18 +356,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -438,6 +429,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkebackup.BackupPlanIamPolicy("policy", + project=basic["project"], + location=basic["location"], + name=basic["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkebackup.BackupPlanIamBinding("binding", + project=basic["project"], + location=basic["location"], + name=basic["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_backup\\_backup\\_plan\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkebackup.BackupPlanIamMember("member", + project=basic["project"], + location=basic["location"], + name=basic["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -541,18 +583,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -605,18 +635,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/gkehub/feature_iam_binding.py b/sdk/python/pulumi_gcp/gkehub/feature_iam_binding.py index f1be11d3b2..0daa884ed2 100644 --- a/sdk/python/pulumi_gcp/gkehub/feature_iam_binding.py +++ b/sdk/python/pulumi_gcp/gkehub/feature_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a FeatureIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -117,18 +129,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,11 +151,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering FeatureIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +162,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -221,6 +220,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_feature\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.FeatureIamPolicy("policy", + project=feature["project"], + location=feature["location"], + name=feature["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_feature\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.FeatureIamBinding("binding", + project=feature["project"], + location=feature["location"], + name=feature["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_feature\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.FeatureIamMember("member", + project=feature["project"], + location=feature["location"], + name=feature["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,11 +449,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +460,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_feature\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.FeatureIamPolicy("policy", + project=feature["project"], + location=feature["location"], + name=feature["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_feature\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.FeatureIamBinding("binding", + project=feature["project"], + location=feature["location"], + name=feature["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_feature\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.FeatureIamMember("member", + project=feature["project"], + location=feature["location"], + name=feature["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -594,11 +695,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +706,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -650,6 +750,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -666,18 +779,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/gkehub/feature_iam_member.py b/sdk/python/pulumi_gcp/gkehub/feature_iam_member.py index 7cd954cd86..59416a489e 100644 --- a/sdk/python/pulumi_gcp/gkehub/feature_iam_member.py +++ b/sdk/python/pulumi_gcp/gkehub/feature_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a FeatureIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -117,18 +129,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,11 +151,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering FeatureIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +162,9 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -221,6 +220,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_feature\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.FeatureIamPolicy("policy", + project=feature["project"], + location=feature["location"], + name=feature["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_feature\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.FeatureIamBinding("binding", + project=feature["project"], + location=feature["location"], + name=feature["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_feature\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.FeatureIamMember("member", + project=feature["project"], + location=feature["location"], + name=feature["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,11 +449,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +460,9 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_feature\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.FeatureIamPolicy("policy", + project=feature["project"], + location=feature["location"], + name=feature["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_feature\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.FeatureIamBinding("binding", + project=feature["project"], + location=feature["location"], + name=feature["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_feature\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.FeatureIamMember("member", + project=feature["project"], + location=feature["location"], + name=feature["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -594,11 +695,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location for the resource Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +706,9 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.FeatureIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -650,6 +750,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -666,18 +779,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/gkehub/feature_iam_policy.py b/sdk/python/pulumi_gcp/gkehub/feature_iam_policy.py index eef24e7b2d..6a9796d273 100644 --- a/sdk/python/pulumi_gcp/gkehub/feature_iam_policy.py +++ b/sdk/python/pulumi_gcp/gkehub/feature_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if location is not None: @@ -90,18 +78,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -127,18 +103,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -206,18 +170,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -302,6 +254,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_feature\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.FeatureIamPolicy("policy", + project=feature["project"], + location=feature["location"], + name=feature["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_feature\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.FeatureIamBinding("binding", + project=feature["project"], + location=feature["location"], + name=feature["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_feature\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.FeatureIamMember("member", + project=feature["project"], + location=feature["location"], + name=feature["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -348,18 +351,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -433,6 +424,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_feature\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.FeatureIamPolicy("policy", + project=feature["project"], + location=feature["location"], + name=feature["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_feature\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.FeatureIamBinding("binding", + project=feature["project"], + location=feature["location"], + name=feature["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_feature\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.FeatureIamMember("member", + project=feature["project"], + location=feature["location"], + name=feature["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -535,18 +577,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -598,18 +628,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/gkehub/membership_iam_binding.py b/sdk/python/pulumi_gcp/gkehub/membership_iam_binding.py index d06c7b0ea4..fd592fd680 100644 --- a/sdk/python/pulumi_gcp/gkehub/membership_iam_binding.py +++ b/sdk/python/pulumi_gcp/gkehub/membership_iam_binding.py @@ -24,16 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a MembershipIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: Location of the membership. - The default value is `global`. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: Location of the membership. + The default value is `global`. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "membership_id", membership_id) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -116,18 +128,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -152,10 +152,7 @@ def __init__(__self__, *, :param pulumi.Input[str] location: Location of the membership. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +163,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -223,6 +222,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -244,18 +256,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -356,6 +356,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_membership\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.MembershipIamPolicy("policy", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_membership\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.MembershipIamBinding("binding", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_membership\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.MembershipIamMember("member", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -399,10 +450,7 @@ def __init__(__self__, :param pulumi.Input[str] location: Location of the membership. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +461,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_membership\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.MembershipIamPolicy("policy", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_membership\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.MembershipIamBinding("binding", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_membership\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.MembershipIamMember("member", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -598,10 +699,7 @@ def get(resource_name: str, :param pulumi.Input[str] location: Location of the membership. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -612,6 +710,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -655,6 +755,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -668,18 +781,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/gkehub/membership_iam_member.py b/sdk/python/pulumi_gcp/gkehub/membership_iam_member.py index a2b2c55278..769df57453 100644 --- a/sdk/python/pulumi_gcp/gkehub/membership_iam_member.py +++ b/sdk/python/pulumi_gcp/gkehub/membership_iam_member.py @@ -24,16 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a MembershipIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: Location of the membership. - The default value is `global`. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: Location of the membership. + The default value is `global`. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "membership_id", membership_id) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -116,18 +128,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -152,10 +152,7 @@ def __init__(__self__, *, :param pulumi.Input[str] location: Location of the membership. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -166,6 +163,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -223,6 +222,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -244,18 +256,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -356,6 +356,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_membership\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.MembershipIamPolicy("policy", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_membership\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.MembershipIamBinding("binding", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_membership\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.MembershipIamMember("member", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -399,10 +450,7 @@ def __init__(__self__, :param pulumi.Input[str] location: Location of the membership. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +461,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -489,6 +539,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_membership\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.MembershipIamPolicy("policy", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_membership\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.MembershipIamBinding("binding", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_membership\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.MembershipIamMember("member", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -598,10 +699,7 @@ def get(resource_name: str, :param pulumi.Input[str] location: Location of the membership. The default value is `global`. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -612,6 +710,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.MembershipIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -655,6 +755,19 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -668,18 +781,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/gkehub/membership_iam_policy.py b/sdk/python/pulumi_gcp/gkehub/membership_iam_policy.py index 49524bd918..99c5d0d768 100644 --- a/sdk/python/pulumi_gcp/gkehub/membership_iam_policy.py +++ b/sdk/python/pulumi_gcp/gkehub/membership_iam_policy.py @@ -27,18 +27,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "membership_id", membership_id) pulumi.set(__self__, "policy_data", policy_data) @@ -89,18 +77,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -127,18 +103,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -205,18 +169,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -301,6 +253,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_membership\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.MembershipIamPolicy("policy", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_membership\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.MembershipIamBinding("binding", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_membership\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.MembershipIamMember("member", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -348,18 +351,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -433,6 +424,57 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_membership\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.MembershipIamPolicy("policy", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_membership\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.MembershipIamBinding("binding", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_membership\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.MembershipIamMember("member", + project=membership["project"], + location=membership["location"], + membership_id=membership["membershipId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -538,18 +580,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -600,18 +630,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/gkehub/scope_iam_binding.py b/sdk/python/pulumi_gcp/gkehub/scope_iam_binding.py index f6a2b51cb9..063edbfca7 100644 --- a/sdk/python/pulumi_gcp/gkehub/scope_iam_binding.py +++ b/sdk/python/pulumi_gcp/gkehub/scope_iam_binding.py @@ -23,13 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a ScopeIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -40,6 +34,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -52,6 +51,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -96,18 +108,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -128,10 +128,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering ScopeIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -142,6 +139,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -183,6 +182,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -195,18 +207,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -312,6 +312,54 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_scope\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.ScopeIamPolicy("policy", + project=scope["project"], + scope_id=scope["scopeId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_scope\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.ScopeIamBinding("binding", + project=scope["project"], + scope_id=scope["scopeId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_scope\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.ScopeIamMember("member", + project=scope["project"], + scope_id=scope["scopeId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -350,10 +398,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -364,6 +409,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -437,6 +484,54 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_scope\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.ScopeIamPolicy("policy", + project=scope["project"], + scope_id=scope["scopeId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_scope\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.ScopeIamBinding("binding", + project=scope["project"], + scope_id=scope["scopeId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_scope\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.ScopeIamMember("member", + project=scope["project"], + scope_id=scope["scopeId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -538,10 +633,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -552,6 +644,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -584,16 +678,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -605,6 +691,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/gkehub/scope_iam_member.py b/sdk/python/pulumi_gcp/gkehub/scope_iam_member.py index 8234312538..00e79e53a3 100644 --- a/sdk/python/pulumi_gcp/gkehub/scope_iam_member.py +++ b/sdk/python/pulumi_gcp/gkehub/scope_iam_member.py @@ -23,13 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a ScopeIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -40,6 +34,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -52,6 +51,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -96,18 +108,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -128,10 +128,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering ScopeIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -142,6 +139,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -183,6 +182,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -195,18 +207,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -312,6 +312,54 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_scope\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.ScopeIamPolicy("policy", + project=scope["project"], + scope_id=scope["scopeId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_scope\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.ScopeIamBinding("binding", + project=scope["project"], + scope_id=scope["scopeId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_scope\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.ScopeIamMember("member", + project=scope["project"], + scope_id=scope["scopeId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -350,10 +398,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -364,6 +409,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -437,6 +484,54 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_scope\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.ScopeIamPolicy("policy", + project=scope["project"], + scope_id=scope["scopeId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_scope\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.ScopeIamBinding("binding", + project=scope["project"], + scope_id=scope["scopeId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_scope\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.ScopeIamMember("member", + project=scope["project"], + scope_id=scope["scopeId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -538,10 +633,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -552,6 +644,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `gkehub.ScopeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -584,16 +678,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -605,6 +691,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/gkehub/scope_iam_policy.py b/sdk/python/pulumi_gcp/gkehub/scope_iam_policy.py index 568a52157e..5ead201dde 100644 --- a/sdk/python/pulumi_gcp/gkehub/scope_iam_policy.py +++ b/sdk/python/pulumi_gcp/gkehub/scope_iam_policy.py @@ -23,18 +23,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "scope_id", scope_id) @@ -69,18 +57,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -103,18 +79,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -156,18 +120,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -257,6 +209,54 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_scope\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.ScopeIamPolicy("policy", + project=scope["project"], + scope_id=scope["scopeId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_scope\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.ScopeIamBinding("binding", + project=scope["project"], + scope_id=scope["scopeId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_scope\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.ScopeIamMember("member", + project=scope["project"], + scope_id=scope["scopeId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -299,18 +299,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -381,6 +369,54 @@ def __init__(__self__, ``` + ## google\\_gke\\_hub\\_scope\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.gkehub.ScopeIamPolicy("policy", + project=scope["project"], + scope_id=scope["scopeId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_gke\\_hub\\_scope\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.gkehub.ScopeIamBinding("binding", + project=scope["project"], + scope_id=scope["scopeId"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_gke\\_hub\\_scope\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.gkehub.ScopeIamMember("member", + project=scope["project"], + scope_id=scope["scopeId"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -478,18 +514,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -524,18 +548,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/healthcare/consent_store_iam_binding.py b/sdk/python/pulumi_gcp/healthcare/consent_store_iam_binding.py index d0619a4bf0..9e89855230 100644 --- a/sdk/python/pulumi_gcp/healthcare/consent_store_iam_binding.py +++ b/sdk/python/pulumi_gcp/healthcare/consent_store_iam_binding.py @@ -27,8 +27,7 @@ def __init__(__self__, *, :param pulumi.Input[str] dataset: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -69,8 +68,18 @@ def dataset(self) -> pulumi.Input[str]: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "dataset") + + @dataset.setter + def dataset(self, value: pulumi.Input[str]): + pulumi.set(self, "dataset", value) - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -82,15 +91,6 @@ def dataset(self) -> pulumi.Input[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ - return pulumi.get(self, "dataset") - - @dataset.setter - def dataset(self, value: pulumi.Input[str]): - pulumi.set(self, "dataset", value) - - @property - @pulumi.getter - def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: return pulumi.get(self, "members") @members.setter @@ -136,8 +136,8 @@ def __init__(__self__, *, :param pulumi.Input[str] dataset: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -148,7 +148,6 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -194,18 +193,6 @@ def dataset(self) -> Optional[pulumi.Input[str]]: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "dataset") @@ -228,6 +215,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -323,6 +323,54 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_consent\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.healthcare.ConsentStoreIamPolicy("policy", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_consent\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.healthcare.ConsentStoreIamBinding("binding", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_consent\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.healthcare.ConsentStoreIamMember("member", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -363,8 +411,7 @@ def __init__(__self__, :param pulumi.Input[str] dataset: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -448,6 +495,54 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_consent\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.healthcare.ConsentStoreIamPolicy("policy", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_consent\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.healthcare.ConsentStoreIamBinding("binding", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_consent\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.healthcare.ConsentStoreIamMember("member", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -552,8 +647,8 @@ def get(resource_name: str, :param pulumi.Input[str] dataset: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -564,7 +659,6 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -601,18 +695,6 @@ def dataset(self) -> pulumi.Output[str]: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "dataset") @@ -627,6 +709,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/healthcare/consent_store_iam_member.py b/sdk/python/pulumi_gcp/healthcare/consent_store_iam_member.py index 3438adb1bb..8cdf8aa457 100644 --- a/sdk/python/pulumi_gcp/healthcare/consent_store_iam_member.py +++ b/sdk/python/pulumi_gcp/healthcare/consent_store_iam_member.py @@ -27,8 +27,7 @@ def __init__(__self__, *, :param pulumi.Input[str] dataset: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -69,8 +68,18 @@ def dataset(self) -> pulumi.Input[str]: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "dataset") + + @dataset.setter + def dataset(self, value: pulumi.Input[str]): + pulumi.set(self, "dataset", value) - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -82,15 +91,6 @@ def dataset(self) -> pulumi.Input[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ - return pulumi.get(self, "dataset") - - @dataset.setter - def dataset(self, value: pulumi.Input[str]): - pulumi.set(self, "dataset", value) - - @property - @pulumi.getter - def member(self) -> pulumi.Input[str]: return pulumi.get(self, "member") @member.setter @@ -136,8 +136,8 @@ def __init__(__self__, *, :param pulumi.Input[str] dataset: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -148,7 +148,6 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -194,18 +193,6 @@ def dataset(self) -> Optional[pulumi.Input[str]]: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "dataset") @@ -228,6 +215,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -323,6 +323,54 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_consent\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.healthcare.ConsentStoreIamPolicy("policy", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_consent\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.healthcare.ConsentStoreIamBinding("binding", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_consent\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.healthcare.ConsentStoreIamMember("member", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -363,8 +411,7 @@ def __init__(__self__, :param pulumi.Input[str] dataset: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -448,6 +495,54 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_consent\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.healthcare.ConsentStoreIamPolicy("policy", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_consent\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.healthcare.ConsentStoreIamBinding("binding", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_consent\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.healthcare.ConsentStoreIamMember("member", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -552,8 +647,8 @@ def get(resource_name: str, :param pulumi.Input[str] dataset: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -564,7 +659,6 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `healthcare.ConsentStoreIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -601,18 +695,6 @@ def dataset(self) -> pulumi.Output[str]: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "dataset") @@ -627,6 +709,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/healthcare/consent_store_iam_policy.py b/sdk/python/pulumi_gcp/healthcare/consent_store_iam_policy.py index 896675db58..9ecf3ac4ac 100644 --- a/sdk/python/pulumi_gcp/healthcare/consent_store_iam_policy.py +++ b/sdk/python/pulumi_gcp/healthcare/consent_store_iam_policy.py @@ -23,18 +23,6 @@ def __init__(__self__, *, :param pulumi.Input[str] dataset: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -61,18 +49,6 @@ def dataset(self) -> pulumi.Input[str]: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "dataset") @@ -107,18 +83,6 @@ def __init__(__self__, *, :param pulumi.Input[str] dataset: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -151,18 +115,6 @@ def dataset(self) -> Optional[pulumi.Input[str]]: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "dataset") @@ -268,6 +220,54 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_consent\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.healthcare.ConsentStoreIamPolicy("policy", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_consent\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.healthcare.ConsentStoreIamBinding("binding", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_consent\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.healthcare.ConsentStoreIamMember("member", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -308,18 +308,6 @@ def __init__(__self__, :param pulumi.Input[str] dataset: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -392,6 +380,54 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_consent\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.healthcare.ConsentStoreIamPolicy("policy", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_consent\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.healthcare.ConsentStoreIamBinding("binding", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_consent\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.healthcare.ConsentStoreIamMember("member", + dataset=my_consent["dataset"], + consent_store_id=my_consent["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -488,18 +524,6 @@ def get(resource_name: str, :param pulumi.Input[str] dataset: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -529,18 +553,6 @@ def dataset(self) -> pulumi.Output[str]: Identifies the dataset addressed by this request. Must be in the format 'projects/{project}/locations/{location}/datasets/{dataset}' Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "dataset") diff --git a/sdk/python/pulumi_gcp/healthcare/dataset_iam_binding.py b/sdk/python/pulumi_gcp/healthcare/dataset_iam_binding.py index 3bad8d92b8..f2473a0fc4 100644 --- a/sdk/python/pulumi_gcp/healthcare/dataset_iam_binding.py +++ b/sdk/python/pulumi_gcp/healthcare/dataset_iam_binding.py @@ -26,8 +26,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -53,15 +52,6 @@ def dataset_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dataset_id") @@ -72,6 +62,16 @@ def dataset_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -116,8 +116,8 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -125,7 +125,6 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -158,15 +157,6 @@ def dataset_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dataset_id") @@ -189,6 +179,16 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -276,6 +276,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_dataset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + dataset = gcp.healthcare.DatasetIamPolicy("dataset", + dataset_id="your-dataset-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_dataset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.healthcare.DatasetIamBinding("dataset", + dataset_id="your-dataset-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_dataset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.healthcare.DatasetIamMember("dataset", + dataset_id="your-dataset-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -308,8 +353,7 @@ def __init__(__self__, `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -383,6 +427,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_dataset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + dataset = gcp.healthcare.DatasetIamPolicy("dataset", + dataset_id="your-dataset-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_dataset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.healthcare.DatasetIamBinding("dataset", + dataset_id="your-dataset-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_dataset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.healthcare.DatasetIamMember("dataset", + dataset_id="your-dataset-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -474,8 +563,8 @@ def get(resource_name: str, `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -483,7 +572,6 @@ def get(resource_name: str, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -512,15 +600,6 @@ def dataset_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dataset_id") @@ -535,6 +614,16 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/healthcare/dataset_iam_member.py b/sdk/python/pulumi_gcp/healthcare/dataset_iam_member.py index 90bb0e7c5f..861a8c587b 100644 --- a/sdk/python/pulumi_gcp/healthcare/dataset_iam_member.py +++ b/sdk/python/pulumi_gcp/healthcare/dataset_iam_member.py @@ -26,8 +26,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -53,15 +52,6 @@ def dataset_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dataset_id") @@ -72,6 +62,16 @@ def dataset_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -116,8 +116,8 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -125,7 +125,6 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -158,15 +157,6 @@ def dataset_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dataset_id") @@ -189,6 +179,16 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -276,6 +276,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_dataset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + dataset = gcp.healthcare.DatasetIamPolicy("dataset", + dataset_id="your-dataset-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_dataset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.healthcare.DatasetIamBinding("dataset", + dataset_id="your-dataset-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_dataset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.healthcare.DatasetIamMember("dataset", + dataset_id="your-dataset-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -308,8 +353,7 @@ def __init__(__self__, `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -383,6 +427,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_dataset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + dataset = gcp.healthcare.DatasetIamPolicy("dataset", + dataset_id="your-dataset-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_dataset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.healthcare.DatasetIamBinding("dataset", + dataset_id="your-dataset-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_dataset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.healthcare.DatasetIamMember("dataset", + dataset_id="your-dataset-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -474,8 +563,8 @@ def get(resource_name: str, `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -483,7 +572,6 @@ def get(resource_name: str, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `healthcare.DatasetIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -512,15 +600,6 @@ def dataset_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dataset_id") @@ -535,6 +614,16 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/healthcare/dataset_iam_policy.py b/sdk/python/pulumi_gcp/healthcare/dataset_iam_policy.py index d7332c0fea..95747a5c0d 100644 --- a/sdk/python/pulumi_gcp/healthcare/dataset_iam_policy.py +++ b/sdk/python/pulumi_gcp/healthcare/dataset_iam_policy.py @@ -22,15 +22,6 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -45,15 +36,6 @@ def dataset_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dataset_id") @@ -87,15 +69,6 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -115,15 +88,6 @@ def dataset_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dataset_id") @@ -221,6 +185,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_dataset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + dataset = gcp.healthcare.DatasetIamPolicy("dataset", + dataset_id="your-dataset-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_dataset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.healthcare.DatasetIamBinding("dataset", + dataset_id="your-dataset-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_dataset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.healthcare.DatasetIamMember("dataset", + dataset_id="your-dataset-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -253,15 +262,6 @@ def __init__(__self__, `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -327,6 +327,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_dataset\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + dataset = gcp.healthcare.DatasetIamPolicy("dataset", + dataset_id="your-dataset-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_dataset\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.healthcare.DatasetIamBinding("dataset", + dataset_id="your-dataset-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_dataset\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dataset = gcp.healthcare.DatasetIamMember("dataset", + dataset_id="your-dataset-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -410,15 +455,6 @@ def get(resource_name: str, `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] etag: (Computed) The etag of the dataset's IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -440,15 +476,6 @@ def dataset_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{dataset_name}` or `{location_name}/{dataset_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dataset_id") diff --git a/sdk/python/pulumi_gcp/healthcare/dicom_store_iam_binding.py b/sdk/python/pulumi_gcp/healthcare/dicom_store_iam_binding.py index 544b551daa..165613a981 100644 --- a/sdk/python/pulumi_gcp/healthcare/dicom_store_iam_binding.py +++ b/sdk/python/pulumi_gcp/healthcare/dicom_store_iam_binding.py @@ -26,8 +26,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -53,15 +52,6 @@ def dicom_store_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dicom_store_id") @@ -72,6 +62,16 @@ def dicom_store_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -116,8 +116,8 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the DICOM store's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -125,7 +125,6 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the DICOM store's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -158,15 +157,6 @@ def dicom_store_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dicom_store_id") @@ -189,6 +179,16 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -276,6 +276,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_dicom\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + dicom_store = gcp.healthcare.DicomStoreIamPolicy("dicom_store", + dicom_store_id="your-dicom-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_dicom\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dicom_store = gcp.healthcare.DicomStoreIamBinding("dicom_store", + dicom_store_id="your-dicom-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_dicom\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dicom_store = gcp.healthcare.DicomStoreIamMember("dicom_store", + dicom_store_id="your-dicom-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -308,8 +353,7 @@ def __init__(__self__, `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -383,6 +427,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_dicom\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + dicom_store = gcp.healthcare.DicomStoreIamPolicy("dicom_store", + dicom_store_id="your-dicom-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_dicom\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dicom_store = gcp.healthcare.DicomStoreIamBinding("dicom_store", + dicom_store_id="your-dicom-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_dicom\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dicom_store = gcp.healthcare.DicomStoreIamMember("dicom_store", + dicom_store_id="your-dicom-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -474,8 +563,8 @@ def get(resource_name: str, `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the DICOM store's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -483,7 +572,6 @@ def get(resource_name: str, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the DICOM store's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -512,15 +600,6 @@ def dicom_store_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dicom_store_id") @@ -535,6 +614,16 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/healthcare/dicom_store_iam_member.py b/sdk/python/pulumi_gcp/healthcare/dicom_store_iam_member.py index 02b3b39f6a..6e80f34554 100644 --- a/sdk/python/pulumi_gcp/healthcare/dicom_store_iam_member.py +++ b/sdk/python/pulumi_gcp/healthcare/dicom_store_iam_member.py @@ -26,8 +26,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -53,15 +52,6 @@ def dicom_store_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dicom_store_id") @@ -72,6 +62,16 @@ def dicom_store_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -116,8 +116,8 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the DICOM store's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -125,7 +125,6 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the DICOM store's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -158,15 +157,6 @@ def dicom_store_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dicom_store_id") @@ -189,6 +179,16 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -276,6 +276,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_dicom\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + dicom_store = gcp.healthcare.DicomStoreIamPolicy("dicom_store", + dicom_store_id="your-dicom-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_dicom\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dicom_store = gcp.healthcare.DicomStoreIamBinding("dicom_store", + dicom_store_id="your-dicom-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_dicom\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dicom_store = gcp.healthcare.DicomStoreIamMember("dicom_store", + dicom_store_id="your-dicom-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -308,8 +353,7 @@ def __init__(__self__, `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -383,6 +427,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_dicom\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + dicom_store = gcp.healthcare.DicomStoreIamPolicy("dicom_store", + dicom_store_id="your-dicom-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_dicom\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dicom_store = gcp.healthcare.DicomStoreIamBinding("dicom_store", + dicom_store_id="your-dicom-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_dicom\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dicom_store = gcp.healthcare.DicomStoreIamMember("dicom_store", + dicom_store_id="your-dicom-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -474,8 +563,8 @@ def get(resource_name: str, `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the DICOM store's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -483,7 +572,6 @@ def get(resource_name: str, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the DICOM store's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `healthcare.DicomStoreIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -512,15 +600,6 @@ def dicom_store_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dicom_store_id") @@ -535,6 +614,16 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/healthcare/dicom_store_iam_policy.py b/sdk/python/pulumi_gcp/healthcare/dicom_store_iam_policy.py index 4738d71c82..86e258a0e4 100644 --- a/sdk/python/pulumi_gcp/healthcare/dicom_store_iam_policy.py +++ b/sdk/python/pulumi_gcp/healthcare/dicom_store_iam_policy.py @@ -22,15 +22,6 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -45,15 +36,6 @@ def dicom_store_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dicom_store_id") @@ -87,15 +69,6 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] etag: (Computed) The etag of the DICOM store's IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -115,15 +88,6 @@ def dicom_store_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dicom_store_id") @@ -221,6 +185,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_dicom\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + dicom_store = gcp.healthcare.DicomStoreIamPolicy("dicom_store", + dicom_store_id="your-dicom-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_dicom\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dicom_store = gcp.healthcare.DicomStoreIamBinding("dicom_store", + dicom_store_id="your-dicom-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_dicom\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dicom_store = gcp.healthcare.DicomStoreIamMember("dicom_store", + dicom_store_id="your-dicom-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -253,15 +262,6 @@ def __init__(__self__, `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -327,6 +327,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_dicom\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + dicom_store = gcp.healthcare.DicomStoreIamPolicy("dicom_store", + dicom_store_id="your-dicom-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_dicom\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + dicom_store = gcp.healthcare.DicomStoreIamBinding("dicom_store", + dicom_store_id="your-dicom-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_dicom\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + dicom_store = gcp.healthcare.DicomStoreIamMember("dicom_store", + dicom_store_id="your-dicom-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -410,15 +455,6 @@ def get(resource_name: str, `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] etag: (Computed) The etag of the DICOM store's IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -440,15 +476,6 @@ def dicom_store_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{dataset_name}/{dicom_store_name}` or `{location_name}/{dataset_name}/{dicom_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "dicom_store_id") diff --git a/sdk/python/pulumi_gcp/healthcare/fhir_store_iam_binding.py b/sdk/python/pulumi_gcp/healthcare/fhir_store_iam_binding.py index d79b86dc8b..842620cb96 100644 --- a/sdk/python/pulumi_gcp/healthcare/fhir_store_iam_binding.py +++ b/sdk/python/pulumi_gcp/healthcare/fhir_store_iam_binding.py @@ -26,8 +26,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -53,15 +52,6 @@ def fhir_store_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "fhir_store_id") @@ -72,6 +62,16 @@ def fhir_store_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -117,8 +117,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -170,15 +169,6 @@ def fhir_store_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "fhir_store_id") @@ -189,6 +179,16 @@ def fhir_store_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -276,6 +276,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_fhir\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + fhir_store = gcp.healthcare.FhirStoreIamPolicy("fhir_store", + fhir_store_id="your-fhir-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_fhir\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + fhir_store = gcp.healthcare.FhirStoreIamBinding("fhir_store", + fhir_store_id="your-fhir-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_fhir\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + fhir_store = gcp.healthcare.FhirStoreIamMember("fhir_store", + fhir_store_id="your-fhir-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -308,8 +353,7 @@ def __init__(__self__, `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -383,6 +427,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_fhir\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + fhir_store = gcp.healthcare.FhirStoreIamPolicy("fhir_store", + fhir_store_id="your-fhir-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_fhir\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + fhir_store = gcp.healthcare.FhirStoreIamBinding("fhir_store", + fhir_store_id="your-fhir-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_fhir\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + fhir_store = gcp.healthcare.FhirStoreIamMember("fhir_store", + fhir_store_id="your-fhir-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -475,8 +564,7 @@ def get(resource_name: str, `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -520,8 +608,14 @@ def fhir_store_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. + """ + return pulumi.get(self, "fhir_store_id") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -530,11 +624,6 @@ def fhir_store_id(self) -> pulumi.Output[str]: * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ - return pulumi.get(self, "fhir_store_id") - - @property - @pulumi.getter - def members(self) -> pulumi.Output[Sequence[str]]: return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/healthcare/fhir_store_iam_member.py b/sdk/python/pulumi_gcp/healthcare/fhir_store_iam_member.py index 05cc608a08..99e5b63a65 100644 --- a/sdk/python/pulumi_gcp/healthcare/fhir_store_iam_member.py +++ b/sdk/python/pulumi_gcp/healthcare/fhir_store_iam_member.py @@ -26,8 +26,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -53,15 +52,6 @@ def fhir_store_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "fhir_store_id") @@ -72,6 +62,16 @@ def fhir_store_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -117,8 +117,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -170,15 +169,6 @@ def fhir_store_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "fhir_store_id") @@ -189,6 +179,16 @@ def fhir_store_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -276,6 +276,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_fhir\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + fhir_store = gcp.healthcare.FhirStoreIamPolicy("fhir_store", + fhir_store_id="your-fhir-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_fhir\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + fhir_store = gcp.healthcare.FhirStoreIamBinding("fhir_store", + fhir_store_id="your-fhir-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_fhir\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + fhir_store = gcp.healthcare.FhirStoreIamMember("fhir_store", + fhir_store_id="your-fhir-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -308,8 +353,7 @@ def __init__(__self__, `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -383,6 +427,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_fhir\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + fhir_store = gcp.healthcare.FhirStoreIamPolicy("fhir_store", + fhir_store_id="your-fhir-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_fhir\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + fhir_store = gcp.healthcare.FhirStoreIamBinding("fhir_store", + fhir_store_id="your-fhir-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_fhir\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + fhir_store = gcp.healthcare.FhirStoreIamMember("fhir_store", + fhir_store_id="your-fhir-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -475,8 +564,7 @@ def get(resource_name: str, `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -520,8 +608,14 @@ def fhir_store_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. + """ + return pulumi.get(self, "fhir_store_id") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -530,11 +624,6 @@ def fhir_store_id(self) -> pulumi.Output[str]: * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ - return pulumi.get(self, "fhir_store_id") - - @property - @pulumi.getter - def member(self) -> pulumi.Output[str]: return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/healthcare/fhir_store_iam_policy.py b/sdk/python/pulumi_gcp/healthcare/fhir_store_iam_policy.py index eb6bc7b735..38c8f5487b 100644 --- a/sdk/python/pulumi_gcp/healthcare/fhir_store_iam_policy.py +++ b/sdk/python/pulumi_gcp/healthcare/fhir_store_iam_policy.py @@ -22,15 +22,6 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -45,15 +36,6 @@ def fhir_store_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "fhir_store_id") @@ -88,15 +70,6 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -127,15 +100,6 @@ def fhir_store_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "fhir_store_id") @@ -221,6 +185,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_fhir\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + fhir_store = gcp.healthcare.FhirStoreIamPolicy("fhir_store", + fhir_store_id="your-fhir-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_fhir\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + fhir_store = gcp.healthcare.FhirStoreIamBinding("fhir_store", + fhir_store_id="your-fhir-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_fhir\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + fhir_store = gcp.healthcare.FhirStoreIamMember("fhir_store", + fhir_store_id="your-fhir-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -253,15 +262,6 @@ def __init__(__self__, `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -327,6 +327,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_fhir\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + fhir_store = gcp.healthcare.FhirStoreIamPolicy("fhir_store", + fhir_store_id="your-fhir-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_fhir\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + fhir_store = gcp.healthcare.FhirStoreIamBinding("fhir_store", + fhir_store_id="your-fhir-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_fhir\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + fhir_store = gcp.healthcare.FhirStoreIamMember("fhir_store", + fhir_store_id="your-fhir-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -411,15 +456,6 @@ def get(resource_name: str, `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -448,15 +484,6 @@ def fhir_store_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{dataset_name}/{fhir_store_name}` or `{location_name}/{dataset_name}/{fhir_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "fhir_store_id") diff --git a/sdk/python/pulumi_gcp/healthcare/hl7_store_iam_binding.py b/sdk/python/pulumi_gcp/healthcare/hl7_store_iam_binding.py index edba71dc00..ddd1418086 100644 --- a/sdk/python/pulumi_gcp/healthcare/hl7_store_iam_binding.py +++ b/sdk/python/pulumi_gcp/healthcare/hl7_store_iam_binding.py @@ -26,8 +26,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -53,15 +52,6 @@ def hl7_v2_store_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "hl7_v2_store_id") @@ -72,6 +62,16 @@ def hl7_v2_store_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -117,8 +117,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -170,15 +169,6 @@ def hl7_v2_store_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "hl7_v2_store_id") @@ -189,6 +179,16 @@ def hl7_v2_store_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -276,6 +276,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + hl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + hl7_v2_store = gcp.healthcare.Hl7StoreIamBinding("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + hl7_v2_store = gcp.healthcare.Hl7StoreIamMember("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -308,8 +353,7 @@ def __init__(__self__, `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -383,6 +427,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + hl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + hl7_v2_store = gcp.healthcare.Hl7StoreIamBinding("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + hl7_v2_store = gcp.healthcare.Hl7StoreIamMember("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -475,8 +564,7 @@ def get(resource_name: str, `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -520,8 +608,14 @@ def hl7_v2_store_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. + """ + return pulumi.get(self, "hl7_v2_store_id") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -530,11 +624,6 @@ def hl7_v2_store_id(self) -> pulumi.Output[str]: * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ - return pulumi.get(self, "hl7_v2_store_id") - - @property - @pulumi.getter - def members(self) -> pulumi.Output[Sequence[str]]: return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/healthcare/hl7_store_iam_member.py b/sdk/python/pulumi_gcp/healthcare/hl7_store_iam_member.py index d2969af53e..0208323439 100644 --- a/sdk/python/pulumi_gcp/healthcare/hl7_store_iam_member.py +++ b/sdk/python/pulumi_gcp/healthcare/hl7_store_iam_member.py @@ -26,8 +26,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -53,15 +52,6 @@ def hl7_v2_store_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "hl7_v2_store_id") @@ -72,6 +62,16 @@ def hl7_v2_store_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -117,8 +117,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -170,15 +169,6 @@ def hl7_v2_store_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "hl7_v2_store_id") @@ -189,6 +179,16 @@ def hl7_v2_store_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -276,6 +276,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + hl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + hl7_v2_store = gcp.healthcare.Hl7StoreIamBinding("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + hl7_v2_store = gcp.healthcare.Hl7StoreIamMember("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -308,8 +353,7 @@ def __init__(__self__, `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -383,6 +427,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + hl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + hl7_v2_store = gcp.healthcare.Hl7StoreIamBinding("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + hl7_v2_store = gcp.healthcare.Hl7StoreIamMember("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -475,8 +564,7 @@ def get(resource_name: str, `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -520,8 +608,14 @@ def hl7_v2_store_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. + """ + return pulumi.get(self, "hl7_v2_store_id") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -530,11 +624,6 @@ def hl7_v2_store_id(self) -> pulumi.Output[str]: * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ - return pulumi.get(self, "hl7_v2_store_id") - - @property - @pulumi.getter - def member(self) -> pulumi.Output[str]: return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/healthcare/hl7_store_iam_policy.py b/sdk/python/pulumi_gcp/healthcare/hl7_store_iam_policy.py index 82d719fb64..928409fbe8 100644 --- a/sdk/python/pulumi_gcp/healthcare/hl7_store_iam_policy.py +++ b/sdk/python/pulumi_gcp/healthcare/hl7_store_iam_policy.py @@ -22,15 +22,6 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -45,15 +36,6 @@ def hl7_v2_store_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "hl7_v2_store_id") @@ -88,15 +70,6 @@ def __init__(__self__, *, `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -127,15 +100,6 @@ def hl7_v2_store_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "hl7_v2_store_id") @@ -221,6 +185,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + hl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + hl7_v2_store = gcp.healthcare.Hl7StoreIamBinding("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + hl7_v2_store = gcp.healthcare.Hl7StoreIamMember("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -253,15 +262,6 @@ def __init__(__self__, `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -327,6 +327,51 @@ def __init__(__self__, ``` + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + hl7_v2_store = gcp.healthcare.Hl7StoreIamPolicy("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + hl7_v2_store = gcp.healthcare.Hl7StoreIamBinding("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_healthcare\\_hl7\\_v2\\_store\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + hl7_v2_store = gcp.healthcare.Hl7StoreIamMember("hl7_v2_store", + hl7_v2_store_id="your-hl7-v2-store-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -411,15 +456,6 @@ def get(resource_name: str, `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -448,15 +484,6 @@ def hl7_v2_store_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{dataset_name}/{hl7_v2_store_name}` or `{location_name}/{dataset_name}/{hl7_v2_store_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "hl7_v2_store_id") diff --git a/sdk/python/pulumi_gcp/iap/app_engine_service_iam_binding.py b/sdk/python/pulumi_gcp/iap/app_engine_service_iam_binding.py index 072321753b..c96177e2b6 100644 --- a/sdk/python/pulumi_gcp/iap/app_engine_service_iam_binding.py +++ b/sdk/python/pulumi_gcp/iap/app_engine_service_iam_binding.py @@ -25,16 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a AppEngineServiceIamBinding resource. :param pulumi.Input[str] app_id: Id of the App Engine application. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to - :param pulumi.Input['AppEngineServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -45,6 +36,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to + :param pulumi.Input['AppEngineServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "app_id", app_id) pulumi.set(__self__, "members", members) @@ -70,6 +69,19 @@ def app_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -121,18 +133,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -157,10 +157,7 @@ def __init__(__self__, *, :param pulumi.Input['AppEngineServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -171,6 +168,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -231,6 +230,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -243,18 +255,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -433,6 +433,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.AppEngineServiceIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.AppEngineServiceIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineServiceIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineServiceIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.AppEngineServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineServiceIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineServiceIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.AppEngineServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -476,10 +591,7 @@ def __init__(__self__, :param pulumi.Input[str] app_id: Id of the App Engine application. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[pulumi.InputType['AppEngineServiceIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -490,6 +602,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -633,6 +747,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.AppEngineServiceIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.AppEngineServiceIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineServiceIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineServiceIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.AppEngineServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineServiceIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineServiceIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.AppEngineServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -744,10 +973,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['AppEngineServiceIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -758,6 +984,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -804,16 +1032,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -825,6 +1045,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/app_engine_service_iam_member.py b/sdk/python/pulumi_gcp/iap/app_engine_service_iam_member.py index d97b5e19dc..cf46290bb3 100644 --- a/sdk/python/pulumi_gcp/iap/app_engine_service_iam_member.py +++ b/sdk/python/pulumi_gcp/iap/app_engine_service_iam_member.py @@ -25,16 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a AppEngineServiceIamMember resource. :param pulumi.Input[str] app_id: Id of the App Engine application. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to - :param pulumi.Input['AppEngineServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -45,6 +36,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to + :param pulumi.Input['AppEngineServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "app_id", app_id) pulumi.set(__self__, "member", member) @@ -70,6 +69,19 @@ def app_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -121,18 +133,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -157,10 +157,7 @@ def __init__(__self__, *, :param pulumi.Input['AppEngineServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -171,6 +168,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -231,6 +230,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -243,18 +255,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -433,6 +433,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.AppEngineServiceIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.AppEngineServiceIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineServiceIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineServiceIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.AppEngineServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineServiceIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineServiceIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.AppEngineServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -476,10 +591,7 @@ def __init__(__self__, :param pulumi.Input[str] app_id: Id of the App Engine application. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[pulumi.InputType['AppEngineServiceIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -490,6 +602,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -633,6 +747,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.AppEngineServiceIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.AppEngineServiceIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineServiceIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineServiceIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.AppEngineServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineServiceIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineServiceIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.AppEngineServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -744,10 +973,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['AppEngineServiceIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -758,6 +984,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.AppEngineServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -804,16 +1032,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -825,6 +1045,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/app_engine_service_iam_policy.py b/sdk/python/pulumi_gcp/iap/app_engine_service_iam_policy.py index 34782105f7..36ff6dd7c1 100644 --- a/sdk/python/pulumi_gcp/iap/app_engine_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/app_engine_service_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "app_id", app_id) pulumi.set(__self__, "policy_data", policy_data) @@ -88,18 +76,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -124,18 +100,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to """ if app_id is not None: @@ -192,18 +156,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -366,6 +318,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.AppEngineServiceIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.AppEngineServiceIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineServiceIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineServiceIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.AppEngineServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineServiceIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineServiceIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.AppEngineServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -411,18 +478,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to """ ... @@ -563,6 +618,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.AppEngineServiceIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.AppEngineServiceIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineServiceIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineServiceIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.AppEngineServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_app\\_engine\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineServiceIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineServiceIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.AppEngineServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -668,18 +838,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -724,18 +882,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/iap/app_engine_version_iam_binding.py b/sdk/python/pulumi_gcp/iap/app_engine_version_iam_binding.py index 3815c70dbb..76568d33f2 100644 --- a/sdk/python/pulumi_gcp/iap/app_engine_version_iam_binding.py +++ b/sdk/python/pulumi_gcp/iap/app_engine_version_iam_binding.py @@ -26,17 +26,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a AppEngineVersionIamBinding resource. :param pulumi.Input[str] app_id: Id of the App Engine application. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] version_id: Version id of the App Engine application Used to find the parent resource to bind the IAM policy to - :param pulumi.Input['AppEngineVersionIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -47,6 +37,15 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] version_id: Version id of the App Engine application Used to find the parent resource to bind the IAM policy to + :param pulumi.Input['AppEngineVersionIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "app_id", app_id) pulumi.set(__self__, "members", members) @@ -73,6 +72,19 @@ def app_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -136,18 +148,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -173,10 +173,7 @@ def __init__(__self__, *, :param pulumi.Input['AppEngineVersionIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -187,6 +184,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -250,6 +249,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -262,18 +274,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -471,6 +471,127 @@ def __init__(__self__, ``` + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.AppEngineVersionIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.AppEngineVersionIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineVersionIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineVersionIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.AppEngineVersionIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineVersionIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineVersionIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.AppEngineVersionIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -514,10 +635,7 @@ def __init__(__self__, :param pulumi.Input[str] app_id: Id of the App Engine application. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[pulumi.InputType['AppEngineVersionIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -528,6 +646,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -678,6 +798,127 @@ def __init__(__self__, ``` + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.AppEngineVersionIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.AppEngineVersionIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineVersionIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineVersionIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.AppEngineVersionIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineVersionIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineVersionIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.AppEngineVersionIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -794,10 +1035,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['AppEngineVersionIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -808,6 +1046,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -856,16 +1096,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -877,6 +1109,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/app_engine_version_iam_member.py b/sdk/python/pulumi_gcp/iap/app_engine_version_iam_member.py index e5b62bdce7..4a2c14712d 100644 --- a/sdk/python/pulumi_gcp/iap/app_engine_version_iam_member.py +++ b/sdk/python/pulumi_gcp/iap/app_engine_version_iam_member.py @@ -26,17 +26,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a AppEngineVersionIamMember resource. :param pulumi.Input[str] app_id: Id of the App Engine application. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] version_id: Version id of the App Engine application Used to find the parent resource to bind the IAM policy to - :param pulumi.Input['AppEngineVersionIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -47,6 +37,15 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] version_id: Version id of the App Engine application Used to find the parent resource to bind the IAM policy to + :param pulumi.Input['AppEngineVersionIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "app_id", app_id) pulumi.set(__self__, "member", member) @@ -73,6 +72,19 @@ def app_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -136,18 +148,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -173,10 +173,7 @@ def __init__(__self__, *, :param pulumi.Input['AppEngineVersionIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -187,6 +184,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -250,6 +249,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -262,18 +274,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -471,6 +471,127 @@ def __init__(__self__, ``` + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.AppEngineVersionIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.AppEngineVersionIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineVersionIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineVersionIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.AppEngineVersionIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineVersionIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineVersionIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.AppEngineVersionIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -514,10 +635,7 @@ def __init__(__self__, :param pulumi.Input[str] app_id: Id of the App Engine application. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[pulumi.InputType['AppEngineVersionIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -528,6 +646,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -678,6 +798,127 @@ def __init__(__self__, ``` + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.AppEngineVersionIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.AppEngineVersionIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineVersionIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineVersionIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.AppEngineVersionIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineVersionIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineVersionIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.AppEngineVersionIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -794,10 +1035,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['AppEngineVersionIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -808,6 +1046,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.AppEngineVersionIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -856,16 +1096,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -877,6 +1109,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/app_engine_version_iam_policy.py b/sdk/python/pulumi_gcp/iap/app_engine_version_iam_policy.py index 32f954e6ed..14383fb9f9 100644 --- a/sdk/python/pulumi_gcp/iap/app_engine_version_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/app_engine_version_iam_policy.py @@ -28,18 +28,6 @@ def __init__(__self__, *, :param pulumi.Input[str] version_id: Version id of the App Engine application Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "app_id", app_id) pulumi.set(__self__, "policy_data", policy_data) @@ -103,18 +91,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -140,18 +116,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] version_id: Version id of the App Engine application Used to find the parent resource to bind the IAM policy to """ @@ -211,18 +175,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -404,6 +356,127 @@ def __init__(__self__, ``` + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.AppEngineVersionIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.AppEngineVersionIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineVersionIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineVersionIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.AppEngineVersionIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineVersionIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineVersionIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.AppEngineVersionIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -449,18 +522,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] version_id: Version id of the App Engine application Used to find the parent resource to bind the IAM policy to """ @@ -608,6 +669,127 @@ def __init__(__self__, ``` + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.AppEngineVersionIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.AppEngineVersionIamPolicy("policy", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineVersionIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.AppEngineVersionIamBinding("binding", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.AppEngineVersionIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_app\\_engine\\_version\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineVersionIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.AppEngineVersionIamMember("member", + project=version["project"], + app_id=version["project"], + service=version["service"], + version_id=version["versionId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.AppEngineVersionIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -718,18 +900,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] service: Service id of the App Engine application Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] version_id: Version id of the App Engine application Used to find the parent resource to bind the IAM policy to """ @@ -776,18 +946,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/iap/tunnel_dest_group_iam_binding.py b/sdk/python/pulumi_gcp/iap/tunnel_dest_group_iam_binding.py index 3ef59a91a7..b5e55a984a 100644 --- a/sdk/python/pulumi_gcp/iap/tunnel_dest_group_iam_binding.py +++ b/sdk/python/pulumi_gcp/iap/tunnel_dest_group_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a TunnelDestGroupIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.TunnelDestGroupIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['TunnelDestGroupIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.TunnelDestGroupIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['TunnelDestGroupIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the tunnel group. Must be the same as the network resources in the group. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -70,6 +69,19 @@ def dest_group(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -109,18 +121,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -159,10 +159,7 @@ def __init__(__self__, *, :param pulumi.Input['TunnelDestGroupIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +170,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the tunnel group. Must be the same as the network resources in the group. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -233,6 +232,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -438,6 +438,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelDestGroupIamPolicy("policy", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelDestGroupIamPolicy("policy", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelDestGroupIamBinding("binding", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelDestGroupIamBinding("binding", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelDestGroupIamMember("member", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelDestGroupIamMember("member", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -482,10 +597,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['TunnelDestGroupIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -496,6 +608,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the tunnel group. Must be the same as the network resources in the group. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -642,6 +756,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelDestGroupIamPolicy("policy", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelDestGroupIamPolicy("policy", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelDestGroupIamBinding("binding", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelDestGroupIamBinding("binding", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelDestGroupIamMember("member", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelDestGroupIamMember("member", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -752,10 +981,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['TunnelDestGroupIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -766,6 +992,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the tunnel group. Must be the same as the network resources in the group. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -812,16 +1040,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -833,6 +1053,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/tunnel_dest_group_iam_member.py b/sdk/python/pulumi_gcp/iap/tunnel_dest_group_iam_member.py index e904adab09..6dee546c5c 100644 --- a/sdk/python/pulumi_gcp/iap/tunnel_dest_group_iam_member.py +++ b/sdk/python/pulumi_gcp/iap/tunnel_dest_group_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a TunnelDestGroupIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.TunnelDestGroupIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['TunnelDestGroupIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.TunnelDestGroupIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['TunnelDestGroupIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the tunnel group. Must be the same as the network resources in the group. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -70,6 +69,19 @@ def dest_group(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -109,18 +121,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -159,10 +159,7 @@ def __init__(__self__, *, :param pulumi.Input['TunnelDestGroupIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -173,6 +170,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the tunnel group. Must be the same as the network resources in the group. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -233,6 +232,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -438,6 +438,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelDestGroupIamPolicy("policy", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelDestGroupIamPolicy("policy", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelDestGroupIamBinding("binding", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelDestGroupIamBinding("binding", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelDestGroupIamMember("member", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelDestGroupIamMember("member", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -482,10 +597,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['TunnelDestGroupIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -496,6 +608,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the tunnel group. Must be the same as the network resources in the group. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -642,6 +756,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelDestGroupIamPolicy("policy", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelDestGroupIamPolicy("policy", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelDestGroupIamBinding("binding", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelDestGroupIamBinding("binding", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelDestGroupIamMember("member", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelDestGroupIamMember("member", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -752,10 +981,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['TunnelDestGroupIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -766,6 +992,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the tunnel group. Must be the same as the network resources in the group. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -812,16 +1040,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -833,6 +1053,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/tunnel_dest_group_iam_policy.py b/sdk/python/pulumi_gcp/iap/tunnel_dest_group_iam_policy.py index 555846eca6..61e0b47a53 100644 --- a/sdk/python/pulumi_gcp/iap/tunnel_dest_group_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/tunnel_dest_group_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The region of the tunnel group. Must be the same as the network resources in the group. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -76,18 +64,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -126,18 +102,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The region of the tunnel group. Must be the same as the network resources in the group. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -194,18 +158,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -371,6 +323,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelDestGroupIamPolicy("policy", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelDestGroupIamPolicy("policy", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelDestGroupIamBinding("binding", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelDestGroupIamBinding("binding", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelDestGroupIamMember("member", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelDestGroupIamMember("member", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -417,18 +484,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The region of the tunnel group. Must be the same as the network resources in the group. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -572,6 +627,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelDestGroupIamPolicy("policy", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelDestGroupIamPolicy("policy", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelDestGroupIamBinding("binding", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelDestGroupIamBinding("binding", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelDestGroupIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_dest\\_group\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelDestGroupIamMember("member", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelDestGroupIamMember("member", + project=dest_group["project"], + region=dest_group["region"], + dest_group=dest_group["groupName"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelDestGroupIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -676,18 +846,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The region of the tunnel group. Must be the same as the network resources in the group. Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no @@ -732,18 +890,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/iap/tunnel_iam_binding.py b/sdk/python/pulumi_gcp/iap/tunnel_iam_binding.py index 66ab541298..a7623ed61a 100644 --- a/sdk/python/pulumi_gcp/iap/tunnel_iam_binding.py +++ b/sdk/python/pulumi_gcp/iap/tunnel_iam_binding.py @@ -22,15 +22,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a TunnelIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['TunnelIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +33,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['TunnelIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -52,6 +51,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -91,18 +103,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -124,10 +124,7 @@ def __init__(__self__, *, :param pulumi.Input['TunnelIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -138,6 +135,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -181,6 +180,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -193,18 +205,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelIamBinding("binding", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelIamBinding("binding", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelIamMember("member", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelIamMember("member", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -395,10 +498,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['TunnelIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -409,6 +509,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -539,6 +641,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelIamBinding("binding", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelIamBinding("binding", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelIamMember("member", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelIamMember("member", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -635,10 +840,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['TunnelIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -649,6 +851,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -684,16 +888,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -705,6 +901,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/tunnel_iam_member.py b/sdk/python/pulumi_gcp/iap/tunnel_iam_member.py index 5ed8a69777..e744ca1464 100644 --- a/sdk/python/pulumi_gcp/iap/tunnel_iam_member.py +++ b/sdk/python/pulumi_gcp/iap/tunnel_iam_member.py @@ -22,15 +22,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a TunnelIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['TunnelIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +33,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['TunnelIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -52,6 +51,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -91,18 +103,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -124,10 +124,7 @@ def __init__(__self__, *, :param pulumi.Input['TunnelIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -138,6 +135,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -181,6 +180,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -193,18 +205,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelIamBinding("binding", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelIamBinding("binding", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelIamMember("member", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelIamMember("member", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -395,10 +498,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['TunnelIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -409,6 +509,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -539,6 +641,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelIamBinding("binding", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelIamBinding("binding", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelIamMember("member", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelIamMember("member", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -635,10 +840,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['TunnelIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -649,6 +851,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.TunnelIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -684,16 +888,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -705,6 +901,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/tunnel_iam_policy.py b/sdk/python/pulumi_gcp/iap/tunnel_iam_policy.py index 7f38febbb0..abe0b638a2 100644 --- a/sdk/python/pulumi_gcp/iap/tunnel_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/tunnel_iam_policy.py @@ -22,18 +22,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if project is not None: @@ -58,18 +46,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -91,18 +67,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -142,18 +106,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -290,6 +242,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelIamBinding("binding", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelIamBinding("binding", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelIamMember("member", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelIamMember("member", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -330,18 +385,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -469,6 +512,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelIamBinding("binding", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelIamBinding("binding", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelIamMember("member", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelIamMember("member", + project=project_service["project"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -559,18 +705,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -604,18 +738,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/iap/tunnel_instance_iam_binding.py b/sdk/python/pulumi_gcp/iap/tunnel_instance_iam_binding.py index fbe969166f..803d03938b 100644 --- a/sdk/python/pulumi_gcp/iap/tunnel_instance_iam_binding.py +++ b/sdk/python/pulumi_gcp/iap/tunnel_instance_iam_binding.py @@ -25,15 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a TunnelInstanceIAMBinding resource. :param pulumi.Input[str] instance: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['TunnelInstanceIAMBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +36,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['TunnelInstanceIAMBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "instance", instance) pulumi.set(__self__, "members", members) @@ -70,6 +69,19 @@ def instance(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -109,18 +121,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,10 +154,7 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] instance: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +165,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -227,6 +226,19 @@ def instance(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -239,18 +251,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -426,6 +426,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelInstanceIAMPolicy("policy", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelInstanceIAMPolicy("policy", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelInstanceIAMBinding("binding", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelInstanceIAMBinding("binding", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelInstanceIAMMember("member", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelInstanceIAMMember("member", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -471,10 +586,7 @@ def __init__(__self__, :param pulumi.Input[pulumi.InputType['TunnelInstanceIAMBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] instance: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -485,6 +597,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -627,6 +741,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelInstanceIAMPolicy("policy", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelInstanceIAMPolicy("policy", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelInstanceIAMBinding("binding", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelInstanceIAMBinding("binding", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelInstanceIAMMember("member", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelInstanceIAMMember("member", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -738,10 +967,7 @@ def get(resource_name: str, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] instance: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -752,6 +978,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -797,16 +1025,8 @@ def instance(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -818,6 +1038,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/tunnel_instance_iam_member.py b/sdk/python/pulumi_gcp/iap/tunnel_instance_iam_member.py index 239f58be4b..e7501b268a 100644 --- a/sdk/python/pulumi_gcp/iap/tunnel_instance_iam_member.py +++ b/sdk/python/pulumi_gcp/iap/tunnel_instance_iam_member.py @@ -25,15 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a TunnelInstanceIAMMember resource. :param pulumi.Input[str] instance: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['TunnelInstanceIAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +36,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['TunnelInstanceIAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "instance", instance) pulumi.set(__self__, "member", member) @@ -70,6 +69,19 @@ def instance(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -109,18 +121,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,10 +154,7 @@ def __init__(__self__, *, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] instance: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +165,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -227,6 +226,19 @@ def instance(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -239,18 +251,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -426,6 +426,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelInstanceIAMPolicy("policy", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelInstanceIAMPolicy("policy", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelInstanceIAMBinding("binding", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelInstanceIAMBinding("binding", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelInstanceIAMMember("member", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelInstanceIAMMember("member", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -471,10 +586,7 @@ def __init__(__self__, :param pulumi.Input[pulumi.InputType['TunnelInstanceIAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] instance: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -485,6 +597,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -627,6 +741,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelInstanceIAMPolicy("policy", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelInstanceIAMPolicy("policy", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelInstanceIAMBinding("binding", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelInstanceIAMBinding("binding", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelInstanceIAMMember("member", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelInstanceIAMMember("member", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -738,10 +967,7 @@ def get(resource_name: str, Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] instance: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -752,6 +978,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.TunnelInstanceIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -797,16 +1025,8 @@ def instance(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -818,6 +1038,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/tunnel_instance_iam_policy.py b/sdk/python/pulumi_gcp/iap/tunnel_instance_iam_policy.py index cc31284022..d4a3036b0e 100644 --- a/sdk/python/pulumi_gcp/iap/tunnel_instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/tunnel_instance_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "instance", instance) pulumi.set(__self__, "policy_data", policy_data) @@ -76,18 +64,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -121,18 +97,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -188,18 +152,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -359,6 +311,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelInstanceIAMPolicy("policy", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelInstanceIAMPolicy("policy", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelInstanceIAMBinding("binding", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelInstanceIAMBinding("binding", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelInstanceIAMMember("member", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelInstanceIAMMember("member", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -406,18 +473,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -557,6 +612,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_tunnel\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.TunnelInstanceIAMPolicy("policy", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.TunnelInstanceIAMPolicy("policy", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_tunnel\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelInstanceIAMBinding("binding", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.TunnelInstanceIAMBinding("binding", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.TunnelInstanceIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_tunnel\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelInstanceIAMMember("member", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.TunnelInstanceIAMMember("member", + project=tunnelvm["project"], + zone=tunnelvm["zone"], + instance=tunnelvm["name"], + role="roles/iap.tunnelResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.TunnelInstanceIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -662,18 +832,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -717,18 +875,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/iap/web_backend_service_iam_binding.py b/sdk/python/pulumi_gcp/iap/web_backend_service_iam_binding.py index 582637d324..03de6ce16e 100644 --- a/sdk/python/pulumi_gcp/iap/web_backend_service_iam_binding.py +++ b/sdk/python/pulumi_gcp/iap/web_backend_service_iam_binding.py @@ -23,16 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a WebBackendServiceIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] web_backend_service: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input['WebBackendServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +34,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] web_backend_service: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input['WebBackendServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -55,6 +54,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -106,18 +118,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -140,10 +140,7 @@ def __init__(__self__, *, :param pulumi.Input['WebBackendServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -154,6 +151,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -200,6 +199,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -212,18 +224,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -395,6 +395,115 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebBackendServiceIamPolicy("policy", + project=default["project"], + web_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebBackendServiceIamPolicy("policy", + project=default["project"], + web_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebBackendServiceIamBinding("binding", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebBackendServiceIamBinding("binding", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebBackendServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebBackendServiceIamMember("member", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebBackendServiceIamMember("member", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebBackendServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -435,10 +544,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['WebBackendServiceIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -449,6 +555,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -586,6 +694,115 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebBackendServiceIamPolicy("policy", + project=default["project"], + web_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebBackendServiceIamPolicy("policy", + project=default["project"], + web_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebBackendServiceIamBinding("binding", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebBackendServiceIamBinding("binding", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebBackendServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebBackendServiceIamMember("member", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebBackendServiceIamMember("member", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebBackendServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -689,10 +906,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['WebBackendServiceIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -703,6 +917,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -740,16 +956,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -761,6 +969,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/web_backend_service_iam_member.py b/sdk/python/pulumi_gcp/iap/web_backend_service_iam_member.py index 09bf44675b..443d9c9fbf 100644 --- a/sdk/python/pulumi_gcp/iap/web_backend_service_iam_member.py +++ b/sdk/python/pulumi_gcp/iap/web_backend_service_iam_member.py @@ -23,16 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a WebBackendServiceIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] web_backend_service: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input['WebBackendServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +34,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] web_backend_service: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input['WebBackendServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -55,6 +54,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -106,18 +118,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -140,10 +140,7 @@ def __init__(__self__, *, :param pulumi.Input['WebBackendServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -154,6 +151,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -200,6 +199,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -212,18 +224,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -395,6 +395,115 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebBackendServiceIamPolicy("policy", + project=default["project"], + web_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebBackendServiceIamPolicy("policy", + project=default["project"], + web_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebBackendServiceIamBinding("binding", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebBackendServiceIamBinding("binding", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebBackendServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebBackendServiceIamMember("member", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebBackendServiceIamMember("member", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebBackendServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -435,10 +544,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['WebBackendServiceIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -449,6 +555,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -586,6 +694,115 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebBackendServiceIamPolicy("policy", + project=default["project"], + web_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebBackendServiceIamPolicy("policy", + project=default["project"], + web_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebBackendServiceIamBinding("binding", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebBackendServiceIamBinding("binding", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebBackendServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebBackendServiceIamMember("member", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebBackendServiceIamMember("member", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebBackendServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -689,10 +906,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['WebBackendServiceIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -703,6 +917,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -740,16 +956,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -761,6 +969,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/web_backend_service_iam_policy.py b/sdk/python/pulumi_gcp/iap/web_backend_service_iam_policy.py index d59bda9f22..845f22fb74 100644 --- a/sdk/python/pulumi_gcp/iap/web_backend_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/web_backend_service_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, :param pulumi.Input[str] web_backend_service: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "web_backend_service", web_backend_service) @@ -73,18 +61,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -107,18 +83,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] web_backend_service: Used to find the parent resource to bind the IAM policy to """ if etag is not None: @@ -161,18 +125,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -328,6 +280,115 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebBackendServiceIamPolicy("policy", + project=default["project"], + web_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebBackendServiceIamPolicy("policy", + project=default["project"], + web_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebBackendServiceIamBinding("binding", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebBackendServiceIamBinding("binding", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebBackendServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebBackendServiceIamMember("member", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebBackendServiceIamMember("member", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebBackendServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -370,18 +431,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] web_backend_service: Used to find the parent resource to bind the IAM policy to """ ... @@ -516,6 +565,115 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebBackendServiceIamPolicy("policy", + project=default["project"], + web_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebBackendServiceIamPolicy("policy", + project=default["project"], + web_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebBackendServiceIamBinding("binding", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebBackendServiceIamBinding("binding", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebBackendServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_backend\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebBackendServiceIamMember("member", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebBackendServiceIamMember("member", + project=default["project"], + web_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebBackendServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -613,18 +771,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] web_backend_service: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -660,18 +806,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/iap/web_iam_binding.py b/sdk/python/pulumi_gcp/iap/web_iam_binding.py index 1a1e1ca3a5..a4477b944c 100644 --- a/sdk/python/pulumi_gcp/iap/web_iam_binding.py +++ b/sdk/python/pulumi_gcp/iap/web_iam_binding.py @@ -22,15 +22,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a WebIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['WebIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +33,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['WebIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -52,6 +51,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -91,18 +103,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -124,10 +124,7 @@ def __init__(__self__, *, :param pulumi.Input['WebIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -138,6 +135,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -181,6 +180,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -193,18 +205,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -395,10 +498,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['WebIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -409,6 +509,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -539,6 +641,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -635,10 +840,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['WebIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -649,6 +851,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -684,16 +888,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -705,6 +901,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/web_iam_member.py b/sdk/python/pulumi_gcp/iap/web_iam_member.py index 06e2723cf7..558f6d6f80 100644 --- a/sdk/python/pulumi_gcp/iap/web_iam_member.py +++ b/sdk/python/pulumi_gcp/iap/web_iam_member.py @@ -22,15 +22,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a WebIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['WebIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +33,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['WebIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -52,6 +51,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -91,18 +103,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -124,10 +124,7 @@ def __init__(__self__, *, :param pulumi.Input['WebIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -138,6 +135,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -181,6 +180,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -193,18 +205,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -395,10 +498,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['WebIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -409,6 +509,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -539,6 +641,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -635,10 +840,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['WebIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -649,6 +851,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -684,16 +888,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -705,6 +901,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/web_iam_policy.py b/sdk/python/pulumi_gcp/iap/web_iam_policy.py index fa459a8129..34d3285a41 100644 --- a/sdk/python/pulumi_gcp/iap/web_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/web_iam_policy.py @@ -22,18 +22,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if project is not None: @@ -58,18 +46,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -91,18 +67,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -142,18 +106,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -290,6 +242,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -330,18 +385,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -469,6 +512,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -559,18 +705,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -604,18 +738,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/iap/web_region_backend_service_iam_binding.py b/sdk/python/pulumi_gcp/iap/web_region_backend_service_iam_binding.py index 65688f18d2..eed22391fb 100644 --- a/sdk/python/pulumi_gcp/iap/web_region_backend_service_iam_binding.py +++ b/sdk/python/pulumi_gcp/iap/web_region_backend_service_iam_binding.py @@ -24,16 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a WebRegionBackendServiceIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.WebRegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] web_region_backend_service: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input['WebRegionBackendServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.WebRegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] web_region_backend_service: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input['WebRegionBackendServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -109,18 +121,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -153,10 +153,7 @@ def __init__(__self__, *, :param pulumi.Input['WebRegionBackendServiceIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -167,6 +164,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebRegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -215,6 +214,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -227,18 +239,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -426,6 +426,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebRegionBackendServiceIamPolicy("policy", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebRegionBackendServiceIamPolicy("policy", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebRegionBackendServiceIamBinding("binding", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebRegionBackendServiceIamBinding("binding", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebRegionBackendServiceIamMember("member", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebRegionBackendServiceIamMember("member", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -468,10 +583,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['WebRegionBackendServiceIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -482,6 +594,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebRegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -625,6 +739,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebRegionBackendServiceIamPolicy("policy", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebRegionBackendServiceIamPolicy("policy", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebRegionBackendServiceIamBinding("binding", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebRegionBackendServiceIamBinding("binding", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebRegionBackendServiceIamMember("member", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebRegionBackendServiceIamMember("member", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -733,10 +962,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['WebRegionBackendServiceIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -747,6 +973,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebRegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -785,16 +1013,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -806,6 +1026,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/web_region_backend_service_iam_member.py b/sdk/python/pulumi_gcp/iap/web_region_backend_service_iam_member.py index 4c1817e6dc..0b75ae0c97 100644 --- a/sdk/python/pulumi_gcp/iap/web_region_backend_service_iam_member.py +++ b/sdk/python/pulumi_gcp/iap/web_region_backend_service_iam_member.py @@ -24,16 +24,7 @@ def __init__(__self__, *, region: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a WebRegionBackendServiceIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.WebRegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] web_region_backend_service: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input['WebRegionBackendServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +35,14 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.WebRegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] web_region_backend_service: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input['WebRegionBackendServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -58,6 +57,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -109,18 +121,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -153,10 +153,7 @@ def __init__(__self__, *, :param pulumi.Input['WebRegionBackendServiceIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -167,6 +164,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebRegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -215,6 +214,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -227,18 +239,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -426,6 +426,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebRegionBackendServiceIamPolicy("policy", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebRegionBackendServiceIamPolicy("policy", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebRegionBackendServiceIamBinding("binding", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebRegionBackendServiceIamBinding("binding", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebRegionBackendServiceIamMember("member", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebRegionBackendServiceIamMember("member", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -468,10 +583,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['WebRegionBackendServiceIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -482,6 +594,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebRegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -625,6 +739,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebRegionBackendServiceIamPolicy("policy", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebRegionBackendServiceIamPolicy("policy", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebRegionBackendServiceIamBinding("binding", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebRegionBackendServiceIamBinding("binding", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebRegionBackendServiceIamMember("member", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebRegionBackendServiceIamMember("member", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -733,10 +962,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['WebRegionBackendServiceIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -747,6 +973,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebRegionBackendServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -785,16 +1013,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -806,6 +1026,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/web_region_backend_service_iam_policy.py b/sdk/python/pulumi_gcp/iap/web_region_backend_service_iam_policy.py index 583290c0e3..c866dfebb7 100644 --- a/sdk/python/pulumi_gcp/iap/web_region_backend_service_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/web_region_backend_service_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, :param pulumi.Input[str] web_region_backend_service: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "web_region_backend_service", web_region_backend_service) @@ -76,18 +64,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -120,18 +96,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] web_region_backend_service: Used to find the parent resource to bind the IAM policy to """ if etag is not None: @@ -176,18 +140,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -359,6 +311,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebRegionBackendServiceIamPolicy("policy", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebRegionBackendServiceIamPolicy("policy", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebRegionBackendServiceIamBinding("binding", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebRegionBackendServiceIamBinding("binding", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebRegionBackendServiceIamMember("member", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebRegionBackendServiceIamMember("member", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -403,18 +470,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] web_region_backend_service: Used to find the parent resource to bind the IAM policy to """ ... @@ -555,6 +610,121 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebRegionBackendServiceIamPolicy("policy", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebRegionBackendServiceIamPolicy("policy", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebRegionBackendServiceIamBinding("binding", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebRegionBackendServiceIamBinding("binding", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebRegionBackendServiceIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_region\\_backend\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebRegionBackendServiceIamMember("member", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebRegionBackendServiceIamMember("member", + project=default["project"], + region=default["region"], + web_region_backend_service=default["name"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebRegionBackendServiceIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -657,18 +827,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] web_region_backend_service: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -705,18 +863,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/iap/web_type_app_enging_iam_binding.py b/sdk/python/pulumi_gcp/iap/web_type_app_enging_iam_binding.py index c8a42fc72c..85e3f78fec 100644 --- a/sdk/python/pulumi_gcp/iap/web_type_app_enging_iam_binding.py +++ b/sdk/python/pulumi_gcp/iap/web_type_app_enging_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a WebTypeAppEngingIamBinding resource. :param pulumi.Input[str] app_id: Id of the App Engine application. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['WebTypeAppEngingIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['WebTypeAppEngingIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "app_id", app_id) pulumi.set(__self__, "members", members) @@ -67,6 +66,19 @@ def app_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -106,18 +118,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -141,10 +141,7 @@ def __init__(__self__, *, :param pulumi.Input['WebTypeAppEngingIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -155,6 +152,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -212,6 +211,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -224,18 +236,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -395,6 +395,115 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebTypeAppEngingIamPolicy("policy", + project=app["project"], + app_id=app["appId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebTypeAppEngingIamPolicy("policy", + project=app["project"], + app_id=app["appId"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeAppEngingIamBinding("binding", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeAppEngingIamBinding("binding", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeAppEngingIamMember("member", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeAppEngingIamMember("member", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -436,10 +545,7 @@ def __init__(__self__, :param pulumi.Input[str] app_id: Id of the App Engine application. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[pulumi.InputType['WebTypeAppEngingIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -450,6 +556,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -586,6 +694,115 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebTypeAppEngingIamPolicy("policy", + project=app["project"], + app_id=app["appId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebTypeAppEngingIamPolicy("policy", + project=app["project"], + app_id=app["appId"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeAppEngingIamBinding("binding", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeAppEngingIamBinding("binding", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeAppEngingIamMember("member", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeAppEngingIamMember("member", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -690,10 +907,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['WebTypeAppEngingIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -704,6 +918,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -748,16 +964,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -769,6 +977,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/web_type_app_enging_iam_member.py b/sdk/python/pulumi_gcp/iap/web_type_app_enging_iam_member.py index 1438987fa1..a989fccf44 100644 --- a/sdk/python/pulumi_gcp/iap/web_type_app_enging_iam_member.py +++ b/sdk/python/pulumi_gcp/iap/web_type_app_enging_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a WebTypeAppEngingIamMember resource. :param pulumi.Input[str] app_id: Id of the App Engine application. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['WebTypeAppEngingIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['WebTypeAppEngingIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "app_id", app_id) pulumi.set(__self__, "member", member) @@ -67,6 +66,19 @@ def app_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -106,18 +118,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -141,10 +141,7 @@ def __init__(__self__, *, :param pulumi.Input['WebTypeAppEngingIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -155,6 +152,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -212,6 +211,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -224,18 +236,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -395,6 +395,115 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebTypeAppEngingIamPolicy("policy", + project=app["project"], + app_id=app["appId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebTypeAppEngingIamPolicy("policy", + project=app["project"], + app_id=app["appId"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeAppEngingIamBinding("binding", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeAppEngingIamBinding("binding", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeAppEngingIamMember("member", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeAppEngingIamMember("member", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -436,10 +545,7 @@ def __init__(__self__, :param pulumi.Input[str] app_id: Id of the App Engine application. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[pulumi.InputType['WebTypeAppEngingIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -450,6 +556,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -586,6 +694,115 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebTypeAppEngingIamPolicy("policy", + project=app["project"], + app_id=app["appId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebTypeAppEngingIamPolicy("policy", + project=app["project"], + app_id=app["appId"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeAppEngingIamBinding("binding", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeAppEngingIamBinding("binding", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeAppEngingIamMember("member", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeAppEngingIamMember("member", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -690,10 +907,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['WebTypeAppEngingIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -704,6 +918,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebTypeAppEngingIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -748,16 +964,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -769,6 +977,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/web_type_app_enging_iam_policy.py b/sdk/python/pulumi_gcp/iap/web_type_app_enging_iam_policy.py index 7e447eae2a..6a092d0672 100644 --- a/sdk/python/pulumi_gcp/iap/web_type_app_enging_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/web_type_app_enging_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "app_id", app_id) pulumi.set(__self__, "policy_data", policy_data) @@ -73,18 +61,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -108,18 +84,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if app_id is not None: pulumi.set(__self__, "app_id", app_id) @@ -173,18 +137,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -328,6 +280,115 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebTypeAppEngingIamPolicy("policy", + project=app["project"], + app_id=app["appId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebTypeAppEngingIamPolicy("policy", + project=app["project"], + app_id=app["appId"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeAppEngingIamBinding("binding", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeAppEngingIamBinding("binding", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeAppEngingIamMember("member", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeAppEngingIamMember("member", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -371,18 +432,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -516,6 +565,115 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebTypeAppEngingIamPolicy("policy", + project=app["project"], + app_id=app["appId"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebTypeAppEngingIamPolicy("policy", + project=app["project"], + app_id=app["appId"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeAppEngingIamBinding("binding", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeAppEngingIamBinding("binding", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebTypeAppEngingIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_type\\_app\\_engine\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeAppEngingIamMember("member", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeAppEngingIamMember("member", + project=app["project"], + app_id=app["appId"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebTypeAppEngingIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -614,18 +772,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -668,18 +814,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/iap/web_type_compute_iam_binding.py b/sdk/python/pulumi_gcp/iap/web_type_compute_iam_binding.py index af9eba5118..1a4b51bb97 100644 --- a/sdk/python/pulumi_gcp/iap/web_type_compute_iam_binding.py +++ b/sdk/python/pulumi_gcp/iap/web_type_compute_iam_binding.py @@ -22,15 +22,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a WebTypeComputeIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['WebTypeComputeIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +33,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['WebTypeComputeIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -52,6 +51,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -91,18 +103,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -124,10 +124,7 @@ def __init__(__self__, *, :param pulumi.Input['WebTypeComputeIamBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -138,6 +135,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -181,6 +180,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -193,18 +205,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebTypeComputeIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebTypeComputeIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeComputeIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeComputeIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebTypeComputeIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeComputeIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeComputeIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebTypeComputeIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -395,10 +498,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['WebTypeComputeIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -409,6 +509,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -539,6 +641,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebTypeComputeIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebTypeComputeIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeComputeIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeComputeIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebTypeComputeIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeComputeIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeComputeIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebTypeComputeIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -635,10 +840,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['WebTypeComputeIamBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -649,6 +851,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -684,16 +888,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -705,6 +901,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/web_type_compute_iam_member.py b/sdk/python/pulumi_gcp/iap/web_type_compute_iam_member.py index da598363a5..c7a2cac77d 100644 --- a/sdk/python/pulumi_gcp/iap/web_type_compute_iam_member.py +++ b/sdk/python/pulumi_gcp/iap/web_type_compute_iam_member.py @@ -22,15 +22,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a WebTypeComputeIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input['WebTypeComputeIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +33,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input['WebTypeComputeIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -52,6 +51,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -91,18 +103,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -124,10 +124,7 @@ def __init__(__self__, *, :param pulumi.Input['WebTypeComputeIamMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -138,6 +135,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -181,6 +180,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -193,18 +205,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -357,6 +357,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebTypeComputeIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebTypeComputeIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeComputeIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeComputeIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebTypeComputeIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeComputeIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeComputeIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebTypeComputeIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -395,10 +498,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['WebTypeComputeIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -409,6 +509,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -539,6 +641,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebTypeComputeIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebTypeComputeIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeComputeIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeComputeIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebTypeComputeIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeComputeIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeComputeIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebTypeComputeIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -635,10 +840,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['WebTypeComputeIamMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -649,6 +851,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `iap.WebTypeComputeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -684,16 +888,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -705,6 +901,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/iap/web_type_compute_iam_policy.py b/sdk/python/pulumi_gcp/iap/web_type_compute_iam_policy.py index 2b3defbff7..916bd88f10 100644 --- a/sdk/python/pulumi_gcp/iap/web_type_compute_iam_policy.py +++ b/sdk/python/pulumi_gcp/iap/web_type_compute_iam_policy.py @@ -22,18 +22,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if project is not None: @@ -58,18 +46,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -91,18 +67,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -142,18 +106,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -290,6 +242,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebTypeComputeIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebTypeComputeIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeComputeIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeComputeIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebTypeComputeIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeComputeIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeComputeIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebTypeComputeIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -330,18 +385,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -469,6 +512,109 @@ def __init__(__self__, ``` + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.iap.WebTypeComputeIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.iap.WebTypeComputeIamPolicy("policy", + project=project_service["project"], + policy_data=admin.policy_data) + ``` + + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeComputeIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.iap.WebTypeComputeIamBinding("binding", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + members=["user:jane@example.com"], + condition=gcp.iap.WebTypeComputeIamBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_iap\\_web\\_type\\_compute\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeComputeIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.iap.WebTypeComputeIamMember("member", + project=project_service["project"], + role="roles/iap.httpsResourceAccessor", + member="user:jane@example.com", + condition=gcp.iap.WebTypeComputeIamMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -559,18 +705,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -604,18 +738,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/kms/crypto_key_iam_binding.py b/sdk/python/pulumi_gcp/kms/crypto_key_iam_binding.py index 28b7359e9d..c28fdca302 100644 --- a/sdk/python/pulumi_gcp/kms/crypto_key_iam_binding.py +++ b/sdk/python/pulumi_gcp/kms/crypto_key_iam_binding.py @@ -26,8 +26,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -54,15 +53,6 @@ def crypto_key_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "crypto_key_id") @@ -73,6 +63,16 @@ def crypto_key_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -122,8 +122,8 @@ def __init__(__self__, *, `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -131,7 +131,6 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. """ @@ -167,15 +166,6 @@ def crypto_key_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "crypto_key_id") @@ -198,6 +188,16 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -376,8 +376,7 @@ def __init__(__self__, `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -601,8 +600,8 @@ def get(resource_name: str, `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -610,7 +609,6 @@ def get(resource_name: str, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. """ @@ -642,15 +640,6 @@ def crypto_key_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "crypto_key_id") @@ -665,6 +654,16 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/kms/crypto_key_iam_member.py b/sdk/python/pulumi_gcp/kms/crypto_key_iam_member.py index dcfd335bea..5494f4dbb8 100644 --- a/sdk/python/pulumi_gcp/kms/crypto_key_iam_member.py +++ b/sdk/python/pulumi_gcp/kms/crypto_key_iam_member.py @@ -26,8 +26,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -54,15 +53,6 @@ def crypto_key_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "crypto_key_id") @@ -73,6 +63,16 @@ def crypto_key_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -122,8 +122,8 @@ def __init__(__self__, *, `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -131,7 +131,6 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. """ @@ -167,15 +166,6 @@ def crypto_key_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "crypto_key_id") @@ -198,6 +188,16 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -376,8 +376,7 @@ def __init__(__self__, `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -601,8 +600,8 @@ def get(resource_name: str, `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -610,7 +609,6 @@ def get(resource_name: str, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. :param pulumi.Input[str] role: The role that should be applied. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. """ @@ -642,15 +640,6 @@ def crypto_key_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "crypto_key_id") @@ -665,6 +654,16 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/kms/crypto_key_iam_policy.py b/sdk/python/pulumi_gcp/kms/crypto_key_iam_policy.py index 2477bad4f7..965979208e 100644 --- a/sdk/python/pulumi_gcp/kms/crypto_key_iam_policy.py +++ b/sdk/python/pulumi_gcp/kms/crypto_key_iam_policy.py @@ -22,15 +22,6 @@ def __init__(__self__, *, `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -45,15 +36,6 @@ def crypto_key_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "crypto_key_id") @@ -87,15 +69,6 @@ def __init__(__self__, *, `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -115,15 +88,6 @@ def crypto_key_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "crypto_key_id") @@ -311,15 +275,6 @@ def __init__(__self__, `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -526,15 +481,6 @@ def get(resource_name: str, `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -556,15 +502,6 @@ def crypto_key_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{key_ring_name}/{crypto_key_name}` or `{location_name}/{key_ring_name}/{crypto_key_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, jane@example.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "crypto_key_id") diff --git a/sdk/python/pulumi_gcp/kms/key_ring_iam_binding.py b/sdk/python/pulumi_gcp/kms/key_ring_iam_binding.py index 7dd69fdf50..65feb6139b 100644 --- a/sdk/python/pulumi_gcp/kms/key_ring_iam_binding.py +++ b/sdk/python/pulumi_gcp/kms/key_ring_iam_binding.py @@ -26,8 +26,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -55,15 +54,6 @@ def key_ring_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "key_ring_id") @@ -74,6 +64,16 @@ def key_ring_id(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -125,8 +125,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -182,15 +181,6 @@ def key_ring_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "key_ring_id") @@ -201,6 +191,16 @@ def key_ring_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -354,6 +354,117 @@ def __init__(__self__, ``` + ## google\\_kms\\_key\\_ring\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + keyring = gcp.kms.KeyRing("keyring", + name="keyring-example", + location="global") + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + key_ring = gcp.kms.KeyRingIAMPolicy("key_ring", + key_ring_id=keyring.id, + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + keyring = gcp.kms.KeyRing("keyring", + name="keyring-example", + location="global") + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + key_ring = gcp.kms.KeyRingIAMPolicy("key_ring", + key_ring_id=keyring.id, + policy_data=admin.policy_data) + ``` + + + ## google\\_kms\\_key\\_ring\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMBinding("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMBinding("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + members=["user:jane@example.com"], + condition=gcp.kms.KeyRingIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_kms\\_key\\_ring\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMMember("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMMember("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + member="user:jane@example.com", + condition=gcp.kms.KeyRingIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import ### Importing IAM policies @@ -388,8 +499,7 @@ def __init__(__self__, `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -529,6 +639,117 @@ def __init__(__self__, ``` + ## google\\_kms\\_key\\_ring\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + keyring = gcp.kms.KeyRing("keyring", + name="keyring-example", + location="global") + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + key_ring = gcp.kms.KeyRingIAMPolicy("key_ring", + key_ring_id=keyring.id, + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + keyring = gcp.kms.KeyRing("keyring", + name="keyring-example", + location="global") + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + key_ring = gcp.kms.KeyRingIAMPolicy("key_ring", + key_ring_id=keyring.id, + policy_data=admin.policy_data) + ``` + + + ## google\\_kms\\_key\\_ring\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMBinding("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMBinding("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + members=["user:jane@example.com"], + condition=gcp.kms.KeyRingIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_kms\\_key\\_ring\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMMember("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMMember("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + member="user:jane@example.com", + condition=gcp.kms.KeyRingIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import ### Importing IAM policies @@ -623,8 +844,7 @@ def get(resource_name: str, `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -672,8 +892,14 @@ def key_ring_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. + """ + return pulumi.get(self, "key_ring_id") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -682,11 +908,6 @@ def key_ring_id(self) -> pulumi.Output[str]: * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ - return pulumi.get(self, "key_ring_id") - - @property - @pulumi.getter - def members(self) -> pulumi.Output[Sequence[str]]: return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/kms/key_ring_iam_member.py b/sdk/python/pulumi_gcp/kms/key_ring_iam_member.py index af9b6bfd23..6949fbb5c6 100644 --- a/sdk/python/pulumi_gcp/kms/key_ring_iam_member.py +++ b/sdk/python/pulumi_gcp/kms/key_ring_iam_member.py @@ -26,8 +26,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -55,15 +54,6 @@ def key_ring_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "key_ring_id") @@ -74,6 +64,16 @@ def key_ring_id(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -125,8 +125,7 @@ def __init__(__self__, *, `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -182,15 +181,6 @@ def key_ring_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "key_ring_id") @@ -201,6 +191,16 @@ def key_ring_id(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -354,6 +354,117 @@ def __init__(__self__, ``` + ## google\\_kms\\_key\\_ring\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + keyring = gcp.kms.KeyRing("keyring", + name="keyring-example", + location="global") + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + key_ring = gcp.kms.KeyRingIAMPolicy("key_ring", + key_ring_id=keyring.id, + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + keyring = gcp.kms.KeyRing("keyring", + name="keyring-example", + location="global") + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + key_ring = gcp.kms.KeyRingIAMPolicy("key_ring", + key_ring_id=keyring.id, + policy_data=admin.policy_data) + ``` + + + ## google\\_kms\\_key\\_ring\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMBinding("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMBinding("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + members=["user:jane@example.com"], + condition=gcp.kms.KeyRingIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_kms\\_key\\_ring\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMMember("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMMember("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + member="user:jane@example.com", + condition=gcp.kms.KeyRingIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import ### Importing IAM policies @@ -388,8 +499,7 @@ def __init__(__self__, `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -529,6 +639,117 @@ def __init__(__self__, ``` + ## google\\_kms\\_key\\_ring\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + keyring = gcp.kms.KeyRing("keyring", + name="keyring-example", + location="global") + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + key_ring = gcp.kms.KeyRingIAMPolicy("key_ring", + key_ring_id=keyring.id, + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + keyring = gcp.kms.KeyRing("keyring", + name="keyring-example", + location="global") + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + key_ring = gcp.kms.KeyRingIAMPolicy("key_ring", + key_ring_id=keyring.id, + policy_data=admin.policy_data) + ``` + + + ## google\\_kms\\_key\\_ring\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMBinding("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMBinding("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + members=["user:jane@example.com"], + condition=gcp.kms.KeyRingIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_kms\\_key\\_ring\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMMember("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMMember("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + member="user:jane@example.com", + condition=gcp.kms.KeyRingIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import ### Importing IAM policies @@ -623,8 +844,7 @@ def get(resource_name: str, `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -672,8 +892,14 @@ def key_ring_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. + """ + return pulumi.get(self, "key_ring_id") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -682,11 +908,6 @@ def key_ring_id(self) -> pulumi.Output[str]: * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ - return pulumi.get(self, "key_ring_id") - - @property - @pulumi.getter - def member(self) -> pulumi.Output[str]: return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/kms/key_ring_iam_policy.py b/sdk/python/pulumi_gcp/kms/key_ring_iam_policy.py index 7de3089b29..bf8a6929f6 100644 --- a/sdk/python/pulumi_gcp/kms/key_ring_iam_policy.py +++ b/sdk/python/pulumi_gcp/kms/key_ring_iam_policy.py @@ -22,15 +22,6 @@ def __init__(__self__, *, `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -45,15 +36,6 @@ def key_ring_id(self) -> pulumi.Input[str]: `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "key_ring_id") @@ -88,15 +70,6 @@ def __init__(__self__, *, `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -127,15 +100,6 @@ def key_ring_id(self) -> Optional[pulumi.Input[str]]: `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "key_ring_id") @@ -287,6 +251,117 @@ def __init__(__self__, ``` + ## google\\_kms\\_key\\_ring\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + keyring = gcp.kms.KeyRing("keyring", + name="keyring-example", + location="global") + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + key_ring = gcp.kms.KeyRingIAMPolicy("key_ring", + key_ring_id=keyring.id, + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + keyring = gcp.kms.KeyRing("keyring", + name="keyring-example", + location="global") + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + key_ring = gcp.kms.KeyRingIAMPolicy("key_ring", + key_ring_id=keyring.id, + policy_data=admin.policy_data) + ``` + + + ## google\\_kms\\_key\\_ring\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMBinding("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMBinding("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + members=["user:jane@example.com"], + condition=gcp.kms.KeyRingIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_kms\\_key\\_ring\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMMember("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMMember("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + member="user:jane@example.com", + condition=gcp.kms.KeyRingIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import ### Importing IAM policies @@ -319,15 +394,6 @@ def __init__(__self__, `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -459,6 +525,117 @@ def __init__(__self__, ``` + ## google\\_kms\\_key\\_ring\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + keyring = gcp.kms.KeyRing("keyring", + name="keyring-example", + location="global") + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + key_ring = gcp.kms.KeyRingIAMPolicy("key_ring", + key_ring_id=keyring.id, + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + keyring = gcp.kms.KeyRing("keyring", + name="keyring-example", + location="global") + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + key_ring = gcp.kms.KeyRingIAMPolicy("key_ring", + key_ring_id=keyring.id, + policy_data=admin.policy_data) + ``` + + + ## google\\_kms\\_key\\_ring\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMBinding("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMBinding("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + members=["user:jane@example.com"], + condition=gcp.kms.KeyRingIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_kms\\_key\\_ring\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMMember("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + key_ring = gcp.kms.KeyRingIAMMember("key_ring", + key_ring_id="your-key-ring-id", + role="roles/cloudkms.admin", + member="user:jane@example.com", + condition=gcp.kms.KeyRingIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import ### Importing IAM policies @@ -543,15 +720,6 @@ def get(resource_name: str, `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -580,15 +748,6 @@ def key_ring_id(self) -> pulumi.Output[str]: `{project_id}/{location_name}/{key_ring_name}` or `{location_name}/{key_ring_name}`. In the second form, the provider's project setting will be used as a fallback. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "key_ring_id") diff --git a/sdk/python/pulumi_gcp/networksecurity/address_group_iam_policy.py b/sdk/python/pulumi_gcp/networksecurity/address_group_iam_policy.py index c02fd27868..40138877f8 100644 --- a/sdk/python/pulumi_gcp/networksecurity/address_group_iam_policy.py +++ b/sdk/python/pulumi_gcp/networksecurity/address_group_iam_policy.py @@ -27,18 +27,6 @@ def __init__(__self__, *, :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if location is not None: @@ -92,18 +80,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -130,18 +106,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -210,18 +174,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -302,18 +254,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -439,18 +379,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -503,18 +431,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/notebooks/instance_iam_binding.py b/sdk/python/pulumi_gcp/notebooks/instance_iam_binding.py index 1245862a45..c12fa3f427 100644 --- a/sdk/python/pulumi_gcp/notebooks/instance_iam_binding.py +++ b/sdk/python/pulumi_gcp/notebooks/instance_iam_binding.py @@ -25,14 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a InstanceIamBinding resource. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +36,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "instance_name", instance_name) pulumi.set(__self__, "members", members) @@ -69,6 +68,19 @@ def instance_name(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -116,18 +128,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,10 +151,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -165,6 +162,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -232,6 +231,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -244,18 +256,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -356,6 +356,57 @@ def __init__(__self__, ``` + ## google\\_notebooks\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.notebooks.InstanceIamPolicy("policy", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_notebooks\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.notebooks.InstanceIamBinding("binding", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_notebooks\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.notebooks.InstanceIamMember("member", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,10 +449,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -412,6 +460,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -488,6 +538,57 @@ def __init__(__self__, ``` + ## google\\_notebooks\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.notebooks.InstanceIamPolicy("policy", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_notebooks\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.notebooks.InstanceIamBinding("binding", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_notebooks\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.notebooks.InstanceIamMember("member", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -596,10 +697,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -610,6 +708,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -659,16 +759,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -680,6 +772,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/notebooks/instance_iam_member.py b/sdk/python/pulumi_gcp/notebooks/instance_iam_member.py index 5af9f33801..1affb65d50 100644 --- a/sdk/python/pulumi_gcp/notebooks/instance_iam_member.py +++ b/sdk/python/pulumi_gcp/notebooks/instance_iam_member.py @@ -25,14 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a InstanceIamMember resource. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +36,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "instance_name", instance_name) pulumi.set(__self__, "member", member) @@ -69,6 +68,19 @@ def instance_name(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -116,18 +128,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -151,10 +151,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -165,6 +162,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -232,6 +231,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -244,18 +256,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -356,6 +356,57 @@ def __init__(__self__, ``` + ## google\\_notebooks\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.notebooks.InstanceIamPolicy("policy", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_notebooks\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.notebooks.InstanceIamBinding("binding", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_notebooks\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.notebooks.InstanceIamMember("member", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -398,10 +449,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -412,6 +460,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -488,6 +538,57 @@ def __init__(__self__, ``` + ## google\\_notebooks\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.notebooks.InstanceIamPolicy("policy", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_notebooks\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.notebooks.InstanceIamBinding("binding", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_notebooks\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.notebooks.InstanceIamMember("member", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -596,10 +697,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] instance_name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -610,6 +708,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `notebooks.InstanceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -659,16 +759,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -680,6 +772,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/notebooks/instance_iam_policy.py b/sdk/python/pulumi_gcp/notebooks/instance_iam_policy.py index e6d5cf3a37..d606c0626e 100644 --- a/sdk/python/pulumi_gcp/notebooks/instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/notebooks/instance_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "instance_name", instance_name) pulumi.set(__self__, "policy_data", policy_data) @@ -89,18 +77,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -126,18 +102,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -205,18 +169,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -301,6 +253,57 @@ def __init__(__self__, ``` + ## google\\_notebooks\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.notebooks.InstanceIamPolicy("policy", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_notebooks\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.notebooks.InstanceIamBinding("binding", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_notebooks\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.notebooks.InstanceIamMember("member", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -347,18 +350,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -432,6 +423,57 @@ def __init__(__self__, ``` + ## google\\_notebooks\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.notebooks.InstanceIamPolicy("policy", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_notebooks\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.notebooks.InstanceIamBinding("binding", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_notebooks\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.notebooks.InstanceIamMember("member", + project=instance["project"], + location=instance["location"], + instance_name=instance["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -536,18 +578,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -599,18 +629,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/notebooks/runtime_iam_binding.py b/sdk/python/pulumi_gcp/notebooks/runtime_iam_binding.py index fe4f5d7dd8..2527c82fe5 100644 --- a/sdk/python/pulumi_gcp/notebooks/runtime_iam_binding.py +++ b/sdk/python/pulumi_gcp/notebooks/runtime_iam_binding.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a RuntimeIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] runtime_name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] runtime_name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -57,6 +56,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -116,18 +128,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -150,10 +150,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering RuntimeIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,6 +161,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -220,6 +219,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -232,18 +244,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -356,6 +356,57 @@ def __init__(__self__, ``` + ## google\\_notebooks\\_runtime\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.notebooks.RuntimeIamPolicy("policy", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_notebooks\\_runtime\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.notebooks.RuntimeIamBinding("binding", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_notebooks\\_runtime\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.notebooks.RuntimeIamMember("member", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -397,10 +448,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -411,6 +459,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -488,6 +538,57 @@ def __init__(__self__, ``` + ## google\\_notebooks\\_runtime\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.notebooks.RuntimeIamPolicy("policy", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_notebooks\\_runtime\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.notebooks.RuntimeIamBinding("binding", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_notebooks\\_runtime\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.notebooks.RuntimeIamMember("member", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -595,10 +696,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +707,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -651,16 +751,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -672,6 +764,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/notebooks/runtime_iam_member.py b/sdk/python/pulumi_gcp/notebooks/runtime_iam_member.py index e8b488ac4f..ef4c12458a 100644 --- a/sdk/python/pulumi_gcp/notebooks/runtime_iam_member.py +++ b/sdk/python/pulumi_gcp/notebooks/runtime_iam_member.py @@ -24,15 +24,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a RuntimeIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] runtime_name: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -43,6 +35,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] runtime_name: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -57,6 +56,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -116,18 +128,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -150,10 +150,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering RuntimeIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -164,6 +161,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -220,6 +219,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -232,18 +244,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -356,6 +356,57 @@ def __init__(__self__, ``` + ## google\\_notebooks\\_runtime\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.notebooks.RuntimeIamPolicy("policy", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_notebooks\\_runtime\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.notebooks.RuntimeIamBinding("binding", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_notebooks\\_runtime\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.notebooks.RuntimeIamMember("member", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -397,10 +448,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -411,6 +459,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -488,6 +538,57 @@ def __init__(__self__, ``` + ## google\\_notebooks\\_runtime\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.notebooks.RuntimeIamPolicy("policy", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_notebooks\\_runtime\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.notebooks.RuntimeIamBinding("binding", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_notebooks\\_runtime\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.notebooks.RuntimeIamMember("member", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -595,10 +696,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -609,6 +707,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `notebooks.RuntimeIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -651,16 +751,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -672,6 +764,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/notebooks/runtime_iam_policy.py b/sdk/python/pulumi_gcp/notebooks/runtime_iam_policy.py index a98093597b..f8081dae40 100644 --- a/sdk/python/pulumi_gcp/notebooks/runtime_iam_policy.py +++ b/sdk/python/pulumi_gcp/notebooks/runtime_iam_policy.py @@ -26,18 +26,6 @@ def __init__(__self__, *, :param pulumi.Input[str] location: A reference to the zone where the machine resides. Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "runtime_name", runtime_name) @@ -89,18 +77,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -125,18 +101,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] runtime_name: Used to find the parent resource to bind the IAM policy to """ if etag is not None: @@ -193,18 +157,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -301,6 +253,57 @@ def __init__(__self__, ``` + ## google\\_notebooks\\_runtime\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.notebooks.RuntimeIamPolicy("policy", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_notebooks\\_runtime\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.notebooks.RuntimeIamBinding("binding", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_notebooks\\_runtime\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.notebooks.RuntimeIamMember("member", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -346,18 +349,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] runtime_name: Used to find the parent resource to bind the IAM policy to """ ... @@ -432,6 +423,57 @@ def __init__(__self__, ``` + ## google\\_notebooks\\_runtime\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.notebooks.RuntimeIamPolicy("policy", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_notebooks\\_runtime\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.notebooks.RuntimeIamBinding("binding", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_notebooks\\_runtime\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.notebooks.RuntimeIamMember("member", + project=runtime["project"], + location=runtime["location"], + runtime_name=runtime["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -535,18 +577,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] runtime_name: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -591,18 +621,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/organizations/iam_member.py b/sdk/python/pulumi_gcp/organizations/iam_member.py index eefa4e14fe..11af878d70 100644 --- a/sdk/python/pulumi_gcp/organizations/iam_member.py +++ b/sdk/python/pulumi_gcp/organizations/iam_member.py @@ -22,6 +22,12 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['IAMMemberConditionArgs']] = None): """ The set of arguments for constructing a IAMMember resource. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] org_id: The organization id of the target organization. :param pulumi.Input[str] role: The role that should be applied. Only one `organizations.IAMBinding` can be used per role. Note that custom roles must be of the format @@ -38,6 +44,14 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -97,6 +111,12 @@ def __init__(__self__, *, :param pulumi.Input['IAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the organization's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] org_id: The organization id of the target organization. :param pulumi.Input[str] role: The role that should be applied. Only one `organizations.IAMBinding` can be used per role. Note that custom roles must be of the format @@ -141,6 +161,14 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -337,6 +365,147 @@ def __init__(__self__, ``` + ## google\\_organization\\_iam\\_policy + + !> **Warning:** New organizations have several default policies which will, + without extreme caution, be **overwritten** by use of this resource. + The safest alternative is to use multiple `organizations.IAMBinding` + resources. This resource makes it easy to remove your own access to + an organization, which will require a call to Google Support to have + fixed, and can take multiple days to resolve. + + In general, this resource should only be used with organizations + fully managed by this provider.I f you do use this resource, + the best way to be sure that you are not making dangerous changes is to start + by **importing** your existing policy, and examining the diff very closely. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + organization = gcp.organizations.IAMPolicy("organization", + org_id="1234567890", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + organization = gcp.organizations.IAMPolicy("organization", + org_id="1234567890", + policy_data=admin.policy_data) + ``` + + + ## google\\_organization\\_iam\\_binding + + > **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization. + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMBinding("organization", + org_id="1234567890", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMBinding("organization", + org_id="1234567890", + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_organization\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMMember("organization", + org_id="1234567890", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMMember("organization", + org_id="1234567890", + role="roles/editor", + member="user:jane@example.com", + condition=gcp.organizations.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_organization\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IamAuditConfig("organization", + org_id="1234567890", + service="allServices", + audit_log_configs=[ + gcp.organizations.IamAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.organizations.IamAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -367,6 +536,12 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['IAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] org_id: The organization id of the target organization. :param pulumi.Input[str] role: The role that should be applied. Only one `organizations.IAMBinding` can be used per role. Note that custom roles must be of the format @@ -531,6 +706,147 @@ def __init__(__self__, ``` + ## google\\_organization\\_iam\\_policy + + !> **Warning:** New organizations have several default policies which will, + without extreme caution, be **overwritten** by use of this resource. + The safest alternative is to use multiple `organizations.IAMBinding` + resources. This resource makes it easy to remove your own access to + an organization, which will require a call to Google Support to have + fixed, and can take multiple days to resolve. + + In general, this resource should only be used with organizations + fully managed by this provider.I f you do use this resource, + the best way to be sure that you are not making dangerous changes is to start + by **importing** your existing policy, and examining the diff very closely. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + organization = gcp.organizations.IAMPolicy("organization", + org_id="1234567890", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + organization = gcp.organizations.IAMPolicy("organization", + org_id="1234567890", + policy_data=admin.policy_data) + ``` + + + ## google\\_organization\\_iam\\_binding + + > **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization. + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMBinding("organization", + org_id="1234567890", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMBinding("organization", + org_id="1234567890", + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_organization\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMMember("organization", + org_id="1234567890", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMMember("organization", + org_id="1234567890", + role="roles/editor", + member="user:jane@example.com", + condition=gcp.organizations.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_organization\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IamAuditConfig("organization", + org_id="1234567890", + service="allServices", + audit_log_configs=[ + gcp.organizations.IamAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.organizations.IamAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -621,6 +937,12 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['IAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the organization's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] org_id: The organization id of the target organization. :param pulumi.Input[str] role: The role that should be applied. Only one `organizations.IAMBinding` can be used per role. Note that custom roles must be of the format @@ -657,6 +979,14 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/organizations/iam_policy.py b/sdk/python/pulumi_gcp/organizations/iam_policy.py index aed2cd41dd..1ab7eea9d3 100644 --- a/sdk/python/pulumi_gcp/organizations/iam_policy.py +++ b/sdk/python/pulumi_gcp/organizations/iam_policy.py @@ -294,6 +294,147 @@ def __init__(__self__, ``` + ## google\\_organization\\_iam\\_policy + + !> **Warning:** New organizations have several default policies which will, + without extreme caution, be **overwritten** by use of this resource. + The safest alternative is to use multiple `organizations.IAMBinding` + resources. This resource makes it easy to remove your own access to + an organization, which will require a call to Google Support to have + fixed, and can take multiple days to resolve. + + In general, this resource should only be used with organizations + fully managed by this provider.I f you do use this resource, + the best way to be sure that you are not making dangerous changes is to start + by **importing** your existing policy, and examining the diff very closely. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + organization = gcp.organizations.IAMPolicy("organization", + org_id="1234567890", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + organization = gcp.organizations.IAMPolicy("organization", + org_id="1234567890", + policy_data=admin.policy_data) + ``` + + + ## google\\_organization\\_iam\\_binding + + > **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization. + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMBinding("organization", + org_id="1234567890", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMBinding("organization", + org_id="1234567890", + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_organization\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMMember("organization", + org_id="1234567890", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMMember("organization", + org_id="1234567890", + role="roles/editor", + member="user:jane@example.com", + condition=gcp.organizations.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_organization\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IamAuditConfig("organization", + org_id="1234567890", + service="allServices", + audit_log_configs=[ + gcp.organizations.IamAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.organizations.IamAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -491,6 +632,147 @@ def __init__(__self__, ``` + ## google\\_organization\\_iam\\_policy + + !> **Warning:** New organizations have several default policies which will, + without extreme caution, be **overwritten** by use of this resource. + The safest alternative is to use multiple `organizations.IAMBinding` + resources. This resource makes it easy to remove your own access to + an organization, which will require a call to Google Support to have + fixed, and can take multiple days to resolve. + + In general, this resource should only be used with organizations + fully managed by this provider.I f you do use this resource, + the best way to be sure that you are not making dangerous changes is to start + by **importing** your existing policy, and examining the diff very closely. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + organization = gcp.organizations.IAMPolicy("organization", + org_id="1234567890", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + organization = gcp.organizations.IAMPolicy("organization", + org_id="1234567890", + policy_data=admin.policy_data) + ``` + + + ## google\\_organization\\_iam\\_binding + + > **Note:** If `role` is set to `roles/owner` and you don't specify a user or service account you have access to in `members`, you can lock yourself out of your organization. + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMBinding("organization", + org_id="1234567890", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMBinding("organization", + org_id="1234567890", + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_organization\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMMember("organization", + org_id="1234567890", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IAMMember("organization", + org_id="1234567890", + role="roles/editor", + member="user:jane@example.com", + condition=gcp.organizations.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_organization\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + organization = gcp.organizations.IamAuditConfig("organization", + org_id="1234567890", + service="allServices", + audit_log_configs=[ + gcp.organizations.IamAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.organizations.IamAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs diff --git a/sdk/python/pulumi_gcp/projects/iam_audit_config.py b/sdk/python/pulumi_gcp/projects/iam_audit_config.py index f51ddd9306..5254965bee 100644 --- a/sdk/python/pulumi_gcp/projects/iam_audit_config.py +++ b/sdk/python/pulumi_gcp/projects/iam_audit_config.py @@ -301,6 +301,141 @@ def __init__(__self__, ``` + ## google\\_project\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your project + using this resource. Deleting a `projects.IAMPolicy` removes access + from anyone without organization-level access to the project. Proceed with caution. + It's not recommended to use `projects.IAMPolicy` with your provider project + to avoid locking yourself out, and it should generally only be used with projects + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_project\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.projects.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.projects.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMAuditConfig("project", + project="your-project-id", + service="allServices", + audit_log_configs=[ + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -490,6 +625,141 @@ def __init__(__self__, ``` + ## google\\_project\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your project + using this resource. Deleting a `projects.IAMPolicy` removes access + from anyone without organization-level access to the project. Proceed with caution. + It's not recommended to use `projects.IAMPolicy` with your provider project + to avoid locking yourself out, and it should generally only be used with projects + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_project\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.projects.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.projects.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMAuditConfig("project", + project="your-project-id", + service="allServices", + audit_log_configs=[ + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs diff --git a/sdk/python/pulumi_gcp/projects/iam_binding.py b/sdk/python/pulumi_gcp/projects/iam_binding.py index ffe5825ab5..ebf6b1186a 100644 --- a/sdk/python/pulumi_gcp/projects/iam_binding.py +++ b/sdk/python/pulumi_gcp/projects/iam_binding.py @@ -22,6 +22,12 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['IAMBindingConditionArgs']] = None): """ The set of arguments for constructing a IAMBinding resource. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project id of the target project. This is not inferred from the provider. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -39,6 +45,14 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -99,6 +113,12 @@ def __init__(__self__, *, :param pulumi.Input['IAMBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project id of the target project. This is not inferred from the provider. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -144,6 +164,14 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -338,6 +366,141 @@ def __init__(__self__, ``` + ## google\\_project\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your project + using this resource. Deleting a `projects.IAMPolicy` removes access + from anyone without organization-level access to the project. Proceed with caution. + It's not recommended to use `projects.IAMPolicy` with your provider project + to avoid locking yourself out, and it should generally only be used with projects + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_project\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.projects.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.projects.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMAuditConfig("project", + project="your-project-id", + service="allServices", + audit_log_configs=[ + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -368,6 +531,12 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['IAMBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project id of the target project. This is not inferred from the provider. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -530,6 +699,141 @@ def __init__(__self__, ``` + ## google\\_project\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your project + using this resource. Deleting a `projects.IAMPolicy` removes access + from anyone without organization-level access to the project. Proceed with caution. + It's not recommended to use `projects.IAMPolicy` with your provider project + to avoid locking yourself out, and it should generally only be used with projects + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_project\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.projects.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.projects.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMAuditConfig("project", + project="your-project-id", + service="allServices", + audit_log_configs=[ + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -620,6 +924,12 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['IAMBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project id of the target project. This is not inferred from the provider. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -657,6 +967,14 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/projects/iam_member.py b/sdk/python/pulumi_gcp/projects/iam_member.py index 4434b3462b..94e9a4d978 100644 --- a/sdk/python/pulumi_gcp/projects/iam_member.py +++ b/sdk/python/pulumi_gcp/projects/iam_member.py @@ -22,6 +22,12 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['IAMMemberConditionArgs']] = None): """ The set of arguments for constructing a IAMMember resource. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project id of the target project. This is not inferred from the provider. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -39,6 +45,14 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -99,6 +113,12 @@ def __init__(__self__, *, :param pulumi.Input['IAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project id of the target project. This is not inferred from the provider. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -144,6 +164,14 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -338,6 +366,141 @@ def __init__(__self__, ``` + ## google\\_project\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your project + using this resource. Deleting a `projects.IAMPolicy` removes access + from anyone without organization-level access to the project. Proceed with caution. + It's not recommended to use `projects.IAMPolicy` with your provider project + to avoid locking yourself out, and it should generally only be used with projects + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_project\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.projects.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.projects.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMAuditConfig("project", + project="your-project-id", + service="allServices", + audit_log_configs=[ + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -368,6 +531,12 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['IAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project id of the target project. This is not inferred from the provider. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -530,6 +699,141 @@ def __init__(__self__, ``` + ## google\\_project\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your project + using this resource. Deleting a `projects.IAMPolicy` removes access + from anyone without organization-level access to the project. Proceed with caution. + It's not recommended to use `projects.IAMPolicy` with your provider project + to avoid locking yourself out, and it should generally only be used with projects + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_project\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.projects.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.projects.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMAuditConfig("project", + project="your-project-id", + service="allServices", + audit_log_configs=[ + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -620,6 +924,12 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['IAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the project's IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project id of the target project. This is not inferred from the provider. :param pulumi.Input[str] role: The role that should be applied. Only one @@ -657,6 +967,14 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. google\\_project\\_iam\\_binding expects `members` field while google\\_project\\_iam\\_member expects `member` field. + Each entry can have one of the following values: + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/projects/iam_policy.py b/sdk/python/pulumi_gcp/projects/iam_policy.py index 2949c1e323..446a225cf0 100644 --- a/sdk/python/pulumi_gcp/projects/iam_policy.py +++ b/sdk/python/pulumi_gcp/projects/iam_policy.py @@ -295,6 +295,141 @@ def __init__(__self__, ``` + ## google\\_project\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your project + using this resource. Deleting a `projects.IAMPolicy` removes access + from anyone without organization-level access to the project. Proceed with caution. + It's not recommended to use `projects.IAMPolicy` with your provider project + to avoid locking yourself out, and it should generally only be used with projects + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_project\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.projects.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.projects.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMAuditConfig("project", + project="your-project-id", + service="allServices", + audit_log_configs=[ + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs @@ -490,6 +625,141 @@ def __init__(__self__, ``` + ## google\\_project\\_iam\\_policy + + !> **Be careful!** You can accidentally lock yourself out of your project + using this resource. Deleting a `projects.IAMPolicy` removes access + from anyone without organization-level access to the project. Proceed with caution. + It's not recommended to use `projects.IAMPolicy` with your provider project + to avoid locking yourself out, and it should generally only be used with projects + fully managed by this provider. If you do use this resource, it is recommended to **import** the policy before + applying the change. + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/compute.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + project = gcp.projects.IAMPolicy("project", + project="your-project-id", + policy_data=admin.policy_data) + ``` + + + ## google\\_project\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMBinding("project", + project="your-project-id", + role="roles/container.admin", + members=["user:jane@example.com"], + condition=gcp.projects.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/editor", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMMember("project", + project="your-project-id", + role="roles/firebase.admin", + member="user:jane@example.com", + condition=gcp.projects.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ## google\\_project\\_iam\\_audit\\_config + + + ```python + import pulumi + import pulumi_gcp as gcp + + project = gcp.projects.IAMAuditConfig("project", + project="your-project-id", + service="allServices", + audit_log_configs=[ + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="ADMIN_READ", + ), + gcp.projects.IAMAuditConfigAuditLogConfigArgs( + log_type="DATA_READ", + exempted_members=["user:joebloggs@example.com"], + ), + ]) + ``` + + ## Import ### Importing Audit Configs diff --git a/sdk/python/pulumi_gcp/pubsub/schema_iam_binding.py b/sdk/python/pulumi_gcp/pubsub/schema_iam_binding.py index 710aaa4d36..cdc3e7a2f7 100644 --- a/sdk/python/pulumi_gcp/pubsub/schema_iam_binding.py +++ b/sdk/python/pulumi_gcp/pubsub/schema_iam_binding.py @@ -23,14 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a SchemaIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] schema: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +34,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] schema: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -53,6 +52,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -100,18 +112,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -132,10 +132,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering SchemaIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -146,6 +143,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -188,6 +187,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -200,18 +212,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -320,6 +320,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_schema\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.SchemaIamPolicy("policy", + project=example["project"], + schema=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_schema\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.SchemaIamBinding("binding", + project=example["project"], + schema=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_schema\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.SchemaIamMember("member", + project=example["project"], + schema=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -358,10 +406,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -372,6 +417,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -446,6 +493,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_schema\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.SchemaIamPolicy("policy", + project=example["project"], + schema=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_schema\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.SchemaIamBinding("binding", + project=example["project"], + schema=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_schema\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.SchemaIamMember("member", + project=example["project"], + schema=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -547,10 +642,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -561,6 +653,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -594,16 +688,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -615,6 +701,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/pubsub/schema_iam_member.py b/sdk/python/pulumi_gcp/pubsub/schema_iam_member.py index cd11e7c616..d67a3955b0 100644 --- a/sdk/python/pulumi_gcp/pubsub/schema_iam_member.py +++ b/sdk/python/pulumi_gcp/pubsub/schema_iam_member.py @@ -23,14 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a SchemaIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] schema: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +34,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] schema: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -53,6 +52,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -100,18 +112,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -132,10 +132,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering SchemaIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -146,6 +143,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -188,6 +187,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -200,18 +212,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -320,6 +320,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_schema\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.SchemaIamPolicy("policy", + project=example["project"], + schema=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_schema\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.SchemaIamBinding("binding", + project=example["project"], + schema=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_schema\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.SchemaIamMember("member", + project=example["project"], + schema=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -358,10 +406,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -372,6 +417,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -446,6 +493,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_schema\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.SchemaIamPolicy("policy", + project=example["project"], + schema=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_schema\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.SchemaIamBinding("binding", + project=example["project"], + schema=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_schema\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.SchemaIamMember("member", + project=example["project"], + schema=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -547,10 +642,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -561,6 +653,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.SchemaIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -594,16 +688,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -615,6 +701,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/pubsub/schema_iam_policy.py b/sdk/python/pulumi_gcp/pubsub/schema_iam_policy.py index b3f7fdf763..155e16cc26 100644 --- a/sdk/python/pulumi_gcp/pubsub/schema_iam_policy.py +++ b/sdk/python/pulumi_gcp/pubsub/schema_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, :param pulumi.Input[str] schema: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "schema", schema) @@ -73,18 +61,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -107,18 +83,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] schema: Used to find the parent resource to bind the IAM policy to """ if etag is not None: @@ -161,18 +125,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -265,6 +217,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_schema\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.SchemaIamPolicy("policy", + project=example["project"], + schema=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_schema\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.SchemaIamBinding("binding", + project=example["project"], + schema=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_schema\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.SchemaIamMember("member", + project=example["project"], + schema=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -307,18 +307,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] schema: Used to find the parent resource to bind the IAM policy to """ ... @@ -390,6 +378,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_schema\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.SchemaIamPolicy("policy", + project=example["project"], + schema=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_schema\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.SchemaIamBinding("binding", + project=example["project"], + schema=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_schema\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.SchemaIamMember("member", + project=example["project"], + schema=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -487,18 +523,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] schema: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -534,18 +558,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/pubsub/subscription_iam_binding.py b/sdk/python/pulumi_gcp/pubsub/subscription_iam_binding.py index ea3c4eb760..7e87fb8a9a 100644 --- a/sdk/python/pulumi_gcp/pubsub/subscription_iam_binding.py +++ b/sdk/python/pulumi_gcp/pubsub/subscription_iam_binding.py @@ -23,12 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a SubscriptionIAMBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -36,6 +31,10 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. :param pulumi.Input[str] project: The project in which the resource belongs. If it is not provided, the provider project is used. """ @@ -50,6 +49,16 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -75,15 +84,6 @@ def role(self, value: pulumi.Input[str]): def subscription(self) -> pulumi.Input[str]: """ The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "subscription") @@ -126,14 +126,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering SubscriptionIAMBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the subscription's IAM policy. - :param pulumi.Input[str] project: The project in which the resource belongs. If it - is not provided, the provider project is used. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -141,6 +134,12 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] project: The project in which the resource belongs. If it + is not provided, the provider project is used. + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. """ if condition is not None: pulumi.set(__self__, "condition", condition) @@ -179,6 +178,16 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -217,15 +226,6 @@ def role(self, value: Optional[pulumi.Input[str]]): def subscription(self) -> Optional[pulumi.Input[str]]: """ The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "subscription") @@ -301,6 +301,51 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_subscription\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.pubsub.SubscriptionIAMPolicy("editor", + subscription="your-subscription-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_subscription\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.pubsub.SubscriptionIAMBinding("editor", + subscription="your-subscription-name", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_subscription\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.pubsub.SubscriptionIAMMember("editor", + subscription="your-subscription-name", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -329,14 +374,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The project in which the resource belongs. If it - is not provided, the provider project is used. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -344,6 +382,12 @@ def __init__(__self__, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] project: The project in which the resource belongs. If it + is not provided, the provider project is used. + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. """ ... @overload @@ -407,6 +451,51 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_subscription\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.pubsub.SubscriptionIAMPolicy("editor", + subscription="your-subscription-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_subscription\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.pubsub.SubscriptionIAMBinding("editor", + subscription="your-subscription-name", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_subscription\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.pubsub.SubscriptionIAMMember("editor", + subscription="your-subscription-name", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -498,14 +587,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the subscription's IAM policy. - :param pulumi.Input[str] project: The project in which the resource belongs. If it - is not provided, the provider project is used. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -513,6 +595,12 @@ def get(resource_name: str, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] project: The project in which the resource belongs. If it + is not provided, the provider project is used. + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -542,6 +630,16 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @property @@ -568,15 +666,6 @@ def role(self) -> pulumi.Output[str]: def subscription(self) -> pulumi.Output[str]: """ The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "subscription") diff --git a/sdk/python/pulumi_gcp/pubsub/subscription_iam_member.py b/sdk/python/pulumi_gcp/pubsub/subscription_iam_member.py index 15d5803383..d858069cff 100644 --- a/sdk/python/pulumi_gcp/pubsub/subscription_iam_member.py +++ b/sdk/python/pulumi_gcp/pubsub/subscription_iam_member.py @@ -23,12 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a SubscriptionIAMMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -36,6 +31,10 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. :param pulumi.Input[str] project: The project in which the resource belongs. If it is not provided, the provider project is used. """ @@ -50,6 +49,16 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -75,15 +84,6 @@ def role(self, value: pulumi.Input[str]): def subscription(self) -> pulumi.Input[str]: """ The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "subscription") @@ -126,14 +126,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering SubscriptionIAMMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the subscription's IAM policy. - :param pulumi.Input[str] project: The project in which the resource belongs. If it - is not provided, the provider project is used. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -141,6 +134,12 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] project: The project in which the resource belongs. If it + is not provided, the provider project is used. + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. """ if condition is not None: pulumi.set(__self__, "condition", condition) @@ -179,6 +178,16 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -217,15 +226,6 @@ def role(self, value: Optional[pulumi.Input[str]]): def subscription(self) -> Optional[pulumi.Input[str]]: """ The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "subscription") @@ -301,6 +301,51 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_subscription\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.pubsub.SubscriptionIAMPolicy("editor", + subscription="your-subscription-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_subscription\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.pubsub.SubscriptionIAMBinding("editor", + subscription="your-subscription-name", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_subscription\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.pubsub.SubscriptionIAMMember("editor", + subscription="your-subscription-name", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -329,14 +374,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The project in which the resource belongs. If it - is not provided, the provider project is used. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -344,6 +382,12 @@ def __init__(__self__, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] project: The project in which the resource belongs. If it + is not provided, the provider project is used. + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. """ ... @overload @@ -407,6 +451,51 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_subscription\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.pubsub.SubscriptionIAMPolicy("editor", + subscription="your-subscription-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_subscription\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.pubsub.SubscriptionIAMBinding("editor", + subscription="your-subscription-name", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_subscription\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.pubsub.SubscriptionIAMMember("editor", + subscription="your-subscription-name", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -498,14 +587,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the subscription's IAM policy. - :param pulumi.Input[str] project: The project in which the resource belongs. If it - is not provided, the provider project is used. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -513,6 +595,12 @@ def get(resource_name: str, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] project: The project in which the resource belongs. If it + is not provided, the provider project is used. + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.SubscriptionIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -542,6 +630,16 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @property @@ -568,15 +666,6 @@ def role(self) -> pulumi.Output[str]: def subscription(self) -> pulumi.Output[str]: """ The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "subscription") diff --git a/sdk/python/pulumi_gcp/pubsub/subscription_iam_policy.py b/sdk/python/pulumi_gcp/pubsub/subscription_iam_policy.py index a83c29158d..fd9914748b 100644 --- a/sdk/python/pulumi_gcp/pubsub/subscription_iam_policy.py +++ b/sdk/python/pulumi_gcp/pubsub/subscription_iam_policy.py @@ -24,15 +24,6 @@ def __init__(__self__, *, - - - :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] project: The project in which the resource belongs. If it is not provided, the provider project is used. """ @@ -61,15 +52,6 @@ def policy_data(self, value: pulumi.Input[str]): def subscription(self) -> pulumi.Input[str]: """ The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "subscription") @@ -108,15 +90,6 @@ def __init__(__self__, *, :param pulumi.Input[str] project: The project in which the resource belongs. If it is not provided, the provider project is used. :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -172,15 +145,6 @@ def project(self, value: Optional[pulumi.Input[str]]): def subscription(self) -> Optional[pulumi.Input[str]]: """ The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "subscription") @@ -254,6 +218,51 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_subscription\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.pubsub.SubscriptionIAMPolicy("editor", + subscription="your-subscription-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_subscription\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.pubsub.SubscriptionIAMBinding("editor", + subscription="your-subscription-name", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_subscription\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.pubsub.SubscriptionIAMMember("editor", + subscription="your-subscription-name", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -289,15 +298,6 @@ def __init__(__self__, :param pulumi.Input[str] project: The project in which the resource belongs. If it is not provided, the provider project is used. :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ ... @overload @@ -361,6 +361,51 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_subscription\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + editor = gcp.pubsub.SubscriptionIAMPolicy("editor", + subscription="your-subscription-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_subscription\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.pubsub.SubscriptionIAMBinding("editor", + subscription="your-subscription-name", + role="roles/editor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_subscription\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + editor = gcp.pubsub.SubscriptionIAMMember("editor", + subscription="your-subscription-name", + role="roles/editor", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -451,15 +496,6 @@ def get(resource_name: str, :param pulumi.Input[str] project: The project in which the resource belongs. If it is not provided, the provider project is used. :param pulumi.Input[str] subscription: The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -504,15 +540,6 @@ def project(self) -> pulumi.Output[str]: def subscription(self) -> pulumi.Output[str]: """ The subscription name or id to bind to attach IAM policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "subscription") diff --git a/sdk/python/pulumi_gcp/pubsub/topic_iam_binding.py b/sdk/python/pulumi_gcp/pubsub/topic_iam_binding.py index 254b036aa4..6252d5293a 100644 --- a/sdk/python/pulumi_gcp/pubsub/topic_iam_binding.py +++ b/sdk/python/pulumi_gcp/pubsub/topic_iam_binding.py @@ -23,14 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a TopicIAMBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] topic: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +34,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] topic: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -53,6 +52,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -100,18 +112,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -132,10 +132,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering TopicIAMBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -146,6 +143,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -188,6 +187,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -200,18 +212,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -320,6 +320,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_topic\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.TopicIAMPolicy("policy", + project=example["project"], + topic=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.TopicIAMBinding("binding", + project=example["project"], + topic=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.TopicIAMMember("member", + project=example["project"], + topic=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -358,10 +406,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -372,6 +417,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -446,6 +493,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_topic\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.TopicIAMPolicy("policy", + project=example["project"], + topic=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.TopicIAMBinding("binding", + project=example["project"], + topic=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.TopicIAMMember("member", + project=example["project"], + topic=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -547,10 +642,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -561,6 +653,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -594,16 +688,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -615,6 +701,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/pubsub/topic_iam_member.py b/sdk/python/pulumi_gcp/pubsub/topic_iam_member.py index 51233c85e7..5f17d74eeb 100644 --- a/sdk/python/pulumi_gcp/pubsub/topic_iam_member.py +++ b/sdk/python/pulumi_gcp/pubsub/topic_iam_member.py @@ -23,14 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a TopicIAMMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] topic: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +34,12 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] topic: Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -53,6 +52,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -100,18 +112,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -132,10 +132,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering TopicIAMMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -146,6 +143,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -188,6 +187,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -200,18 +212,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -320,6 +320,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_topic\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.TopicIAMPolicy("policy", + project=example["project"], + topic=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.TopicIAMBinding("binding", + project=example["project"], + topic=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.TopicIAMMember("member", + project=example["project"], + topic=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -358,10 +406,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -372,6 +417,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -446,6 +493,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_topic\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.TopicIAMPolicy("policy", + project=example["project"], + topic=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.TopicIAMBinding("binding", + project=example["project"], + topic=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.TopicIAMMember("member", + project=example["project"], + topic=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -547,10 +642,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -561,6 +653,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -594,16 +688,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -615,6 +701,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/pubsub/topic_iam_policy.py b/sdk/python/pulumi_gcp/pubsub/topic_iam_policy.py index 5804f9b856..10a0df7f1d 100644 --- a/sdk/python/pulumi_gcp/pubsub/topic_iam_policy.py +++ b/sdk/python/pulumi_gcp/pubsub/topic_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, :param pulumi.Input[str] topic: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "topic", topic) @@ -73,18 +61,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -107,18 +83,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] topic: Used to find the parent resource to bind the IAM policy to """ if etag is not None: @@ -161,18 +125,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -265,6 +217,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_topic\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.TopicIAMPolicy("policy", + project=example["project"], + topic=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.TopicIAMBinding("binding", + project=example["project"], + topic=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.TopicIAMMember("member", + project=example["project"], + topic=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -307,18 +307,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] topic: Used to find the parent resource to bind the IAM policy to """ ... @@ -390,6 +378,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_topic\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.TopicIAMPolicy("policy", + project=example["project"], + topic=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.TopicIAMBinding("binding", + project=example["project"], + topic=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.TopicIAMMember("member", + project=example["project"], + topic=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -487,18 +523,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] topic: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -534,18 +558,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/runtimeconfig/config_iam_binding.py b/sdk/python/pulumi_gcp/runtimeconfig/config_iam_binding.py index d9b949c5c6..5093362a56 100644 --- a/sdk/python/pulumi_gcp/runtimeconfig/config_iam_binding.py +++ b/sdk/python/pulumi_gcp/runtimeconfig/config_iam_binding.py @@ -24,13 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a ConfigIamBinding resource. :param pulumi.Input[str] config: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +35,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "config", config) pulumi.set(__self__, "members", members) @@ -65,6 +64,19 @@ def config(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -100,18 +112,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -133,10 +133,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering ConfigIamBinding resources. :param pulumi.Input[str] config: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -147,6 +144,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -200,6 +199,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -212,18 +224,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -297,10 +297,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] config: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -311,6 +308,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -424,10 +423,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] config: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -438,6 +434,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -478,16 +476,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -499,6 +489,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/runtimeconfig/config_iam_member.py b/sdk/python/pulumi_gcp/runtimeconfig/config_iam_member.py index 6d6e803c98..b3c149804d 100644 --- a/sdk/python/pulumi_gcp/runtimeconfig/config_iam_member.py +++ b/sdk/python/pulumi_gcp/runtimeconfig/config_iam_member.py @@ -24,13 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a ConfigIamMember resource. :param pulumi.Input[str] config: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -41,6 +35,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "config", config) pulumi.set(__self__, "member", member) @@ -65,6 +64,19 @@ def config(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -100,18 +112,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -133,10 +133,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering ConfigIamMember resources. :param pulumi.Input[str] config: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -147,6 +144,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -200,6 +199,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -212,18 +224,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -297,10 +297,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] config: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -311,6 +308,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -424,10 +423,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] config: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -438,6 +434,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `runtimeconfig.ConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -478,16 +476,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -499,6 +489,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/runtimeconfig/config_iam_policy.py b/sdk/python/pulumi_gcp/runtimeconfig/config_iam_policy.py index f99797071a..a27471db58 100644 --- a/sdk/python/pulumi_gcp/runtimeconfig/config_iam_policy.py +++ b/sdk/python/pulumi_gcp/runtimeconfig/config_iam_policy.py @@ -24,18 +24,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "config", config) pulumi.set(__self__, "policy_data", policy_data) @@ -73,18 +61,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -108,18 +84,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if config is not None: pulumi.set(__self__, "config", config) @@ -173,18 +137,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -246,18 +198,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -364,18 +304,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -418,18 +346,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/secretmanager/secret_iam_binding.py b/sdk/python/pulumi_gcp/secretmanager/secret_iam_binding.py index 1fbbcbc36e..4aaebdae57 100644 --- a/sdk/python/pulumi_gcp/secretmanager/secret_iam_binding.py +++ b/sdk/python/pulumi_gcp/secretmanager/secret_iam_binding.py @@ -23,13 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a SecretIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -40,6 +34,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -52,6 +51,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -96,18 +108,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -128,10 +128,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering SecretIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -142,6 +139,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -183,6 +182,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -195,18 +207,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -312,6 +312,54 @@ def __init__(__self__, ``` + ## google\\_secret\\_manager\\_secret\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/secretmanager.secretAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.secretmanager.SecretIamPolicy("policy", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_secret\\_manager\\_secret\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.secretmanager.SecretIamBinding("binding", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + role="roles/secretmanager.secretAccessor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_secret\\_manager\\_secret\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.secretmanager.SecretIamMember("member", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + role="roles/secretmanager.secretAccessor", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -350,10 +398,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -364,6 +409,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -437,6 +484,54 @@ def __init__(__self__, ``` + ## google\\_secret\\_manager\\_secret\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/secretmanager.secretAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.secretmanager.SecretIamPolicy("policy", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_secret\\_manager\\_secret\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.secretmanager.SecretIamBinding("binding", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + role="roles/secretmanager.secretAccessor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_secret\\_manager\\_secret\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.secretmanager.SecretIamMember("member", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + role="roles/secretmanager.secretAccessor", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -538,10 +633,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -552,6 +644,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -584,16 +678,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -605,6 +691,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/secretmanager/secret_iam_member.py b/sdk/python/pulumi_gcp/secretmanager/secret_iam_member.py index 3f61fea77a..aebe8a4aab 100644 --- a/sdk/python/pulumi_gcp/secretmanager/secret_iam_member.py +++ b/sdk/python/pulumi_gcp/secretmanager/secret_iam_member.py @@ -23,13 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a SecretIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -40,6 +34,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -52,6 +51,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -96,18 +108,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -128,10 +128,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering SecretIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -142,6 +139,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -183,6 +182,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -195,18 +207,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -312,6 +312,54 @@ def __init__(__self__, ``` + ## google\\_secret\\_manager\\_secret\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/secretmanager.secretAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.secretmanager.SecretIamPolicy("policy", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_secret\\_manager\\_secret\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.secretmanager.SecretIamBinding("binding", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + role="roles/secretmanager.secretAccessor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_secret\\_manager\\_secret\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.secretmanager.SecretIamMember("member", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + role="roles/secretmanager.secretAccessor", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -350,10 +398,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -364,6 +409,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -437,6 +484,54 @@ def __init__(__self__, ``` + ## google\\_secret\\_manager\\_secret\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/secretmanager.secretAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.secretmanager.SecretIamPolicy("policy", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_secret\\_manager\\_secret\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.secretmanager.SecretIamBinding("binding", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + role="roles/secretmanager.secretAccessor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_secret\\_manager\\_secret\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.secretmanager.SecretIamMember("member", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + role="roles/secretmanager.secretAccessor", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -538,10 +633,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -552,6 +644,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `secretmanager.SecretIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -584,16 +678,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -605,6 +691,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/secretmanager/secret_iam_policy.py b/sdk/python/pulumi_gcp/secretmanager/secret_iam_policy.py index 1bedc8e188..a9be0e172a 100644 --- a/sdk/python/pulumi_gcp/secretmanager/secret_iam_policy.py +++ b/sdk/python/pulumi_gcp/secretmanager/secret_iam_policy.py @@ -23,18 +23,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "secret_id", secret_id) @@ -69,18 +57,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -103,18 +79,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -156,18 +120,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -257,6 +209,54 @@ def __init__(__self__, ``` + ## google\\_secret\\_manager\\_secret\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/secretmanager.secretAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.secretmanager.SecretIamPolicy("policy", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_secret\\_manager\\_secret\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.secretmanager.SecretIamBinding("binding", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + role="roles/secretmanager.secretAccessor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_secret\\_manager\\_secret\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.secretmanager.SecretIamMember("member", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + role="roles/secretmanager.secretAccessor", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -299,18 +299,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -381,6 +369,54 @@ def __init__(__self__, ``` + ## google\\_secret\\_manager\\_secret\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/secretmanager.secretAccessor", + members=["user:jane@example.com"], + )]) + policy = gcp.secretmanager.SecretIamPolicy("policy", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + policy_data=admin.policy_data) + ``` + + + ## google\\_secret\\_manager\\_secret\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.secretmanager.SecretIamBinding("binding", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + role="roles/secretmanager.secretAccessor", + members=["user:jane@example.com"]) + ``` + + + ## google\\_secret\\_manager\\_secret\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.secretmanager.SecretIamMember("member", + project=secret_basic["project"], + secret_id=secret_basic["secretId"], + role="roles/secretmanager.secretAccessor", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -478,18 +514,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -524,18 +548,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/serviceaccount/iam_binding.py b/sdk/python/pulumi_gcp/serviceaccount/iam_binding.py index 8d918f7c2e..75c71c035f 100644 --- a/sdk/python/pulumi_gcp/serviceaccount/iam_binding.py +++ b/sdk/python/pulumi_gcp/serviceaccount/iam_binding.py @@ -22,12 +22,7 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['IAMBindingConditionArgs']] = None): """ The set of arguments for constructing a IAMBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -35,6 +30,10 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] role: The role that should be applied. Only one + `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. :param pulumi.Input['IAMBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. """ @@ -47,6 +46,16 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -72,15 +81,6 @@ def role(self, value: pulumi.Input[str]): def service_account_id(self) -> pulumi.Input[str]: """ The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "service_account_id") @@ -115,12 +115,7 @@ def __init__(__self__, *, :param pulumi.Input['IAMBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the service account IAM policy. - :param pulumi.Input[str] role: The role that should be applied. Only one - `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -128,6 +123,10 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] role: The role that should be applied. Only one + `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. """ if condition is not None: pulumi.set(__self__, "condition", condition) @@ -168,6 +167,16 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -193,15 +202,6 @@ def role(self, value: Optional[pulumi.Input[str]]): def service_account_id(self) -> Optional[pulumi.Input[str]]: """ The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "service_account_id") @@ -339,6 +339,112 @@ def __init__(__self__, ``` + ### Additional Examples + + ### Service Account IAM Policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"], + )]) + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can interact with") + admin_account_iam = gcp.serviceaccount.IAMPolicy("admin-account-iam", + service_account_id=sa.name, + policy_data=admin.policy_data) + ``` + + + ### Service Account IAM Binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can use") + admin_account_iam = gcp.serviceaccount.IAMBinding("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"]) + ``` + + + ### Service Account IAM Binding With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can use") + admin_account_iam = gcp.serviceaccount.IAMBinding("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"], + condition=gcp.serviceaccount.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ### Service Account IAM Member + + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.compute.get_default_service_account() + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that Jane can use") + admin_account_iam = gcp.serviceaccount.IAMMember("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + member="user:jane@example.com") + # Allow SA service account use the default GCE account + gce_default_account_iam = gcp.serviceaccount.IAMMember("gce-default-account-iam", + service_account_id=default.name, + role="roles/iam.serviceAccountUser", + member=sa.email.apply(lambda email: f"serviceAccount:{email}")) + ``` + + + ### Service Account IAM Member With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that Jane can use") + admin_account_iam = gcp.serviceaccount.IAMMember("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + member="user:jane@example.com", + condition=gcp.serviceaccount.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import ### Importing with conditions: @@ -357,12 +463,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['IAMBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] role: The role that should be applied. Only one - `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -370,6 +471,10 @@ def __init__(__self__, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] role: The role that should be applied. Only one + `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. """ ... @overload @@ -496,6 +601,112 @@ def __init__(__self__, ``` + ### Additional Examples + + ### Service Account IAM Policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"], + )]) + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can interact with") + admin_account_iam = gcp.serviceaccount.IAMPolicy("admin-account-iam", + service_account_id=sa.name, + policy_data=admin.policy_data) + ``` + + + ### Service Account IAM Binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can use") + admin_account_iam = gcp.serviceaccount.IAMBinding("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"]) + ``` + + + ### Service Account IAM Binding With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can use") + admin_account_iam = gcp.serviceaccount.IAMBinding("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"], + condition=gcp.serviceaccount.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ### Service Account IAM Member + + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.compute.get_default_service_account() + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that Jane can use") + admin_account_iam = gcp.serviceaccount.IAMMember("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + member="user:jane@example.com") + # Allow SA service account use the default GCE account + gce_default_account_iam = gcp.serviceaccount.IAMMember("gce-default-account-iam", + service_account_id=default.name, + role="roles/iam.serviceAccountUser", + member=sa.email.apply(lambda email: f"serviceAccount:{email}")) + ``` + + + ### Service Account IAM Member With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that Jane can use") + admin_account_iam = gcp.serviceaccount.IAMMember("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + member="user:jane@example.com", + condition=gcp.serviceaccount.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import ### Importing with conditions: @@ -576,12 +787,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['IAMBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the service account IAM policy. - :param pulumi.Input[str] role: The role that should be applied. Only one - `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -589,6 +795,10 @@ def get(resource_name: str, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] role: The role that should be applied. Only one + `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -621,6 +831,16 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @property @@ -638,15 +858,6 @@ def role(self) -> pulumi.Output[str]: def service_account_id(self) -> pulumi.Output[str]: """ The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "service_account_id") diff --git a/sdk/python/pulumi_gcp/serviceaccount/iam_member.py b/sdk/python/pulumi_gcp/serviceaccount/iam_member.py index 503ae4a246..83f123ed0c 100644 --- a/sdk/python/pulumi_gcp/serviceaccount/iam_member.py +++ b/sdk/python/pulumi_gcp/serviceaccount/iam_member.py @@ -22,12 +22,7 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['IAMMemberConditionArgs']] = None): """ The set of arguments for constructing a IAMMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -35,6 +30,10 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] role: The role that should be applied. Only one + `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. :param pulumi.Input['IAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. """ @@ -47,6 +46,16 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -72,15 +81,6 @@ def role(self, value: pulumi.Input[str]): def service_account_id(self) -> pulumi.Input[str]: """ The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "service_account_id") @@ -115,12 +115,7 @@ def __init__(__self__, *, :param pulumi.Input['IAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the service account IAM policy. - :param pulumi.Input[str] role: The role that should be applied. Only one - `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -128,6 +123,10 @@ def __init__(__self__, *, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] role: The role that should be applied. Only one + `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. """ if condition is not None: pulumi.set(__self__, "condition", condition) @@ -168,6 +167,16 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -193,15 +202,6 @@ def role(self, value: Optional[pulumi.Input[str]]): def service_account_id(self) -> Optional[pulumi.Input[str]]: """ The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "service_account_id") @@ -339,6 +339,112 @@ def __init__(__self__, ``` + ### Additional Examples + + ### Service Account IAM Policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"], + )]) + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can interact with") + admin_account_iam = gcp.serviceaccount.IAMPolicy("admin-account-iam", + service_account_id=sa.name, + policy_data=admin.policy_data) + ``` + + + ### Service Account IAM Binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can use") + admin_account_iam = gcp.serviceaccount.IAMBinding("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"]) + ``` + + + ### Service Account IAM Binding With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can use") + admin_account_iam = gcp.serviceaccount.IAMBinding("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"], + condition=gcp.serviceaccount.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ### Service Account IAM Member + + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.compute.get_default_service_account() + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that Jane can use") + admin_account_iam = gcp.serviceaccount.IAMMember("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + member="user:jane@example.com") + # Allow SA service account use the default GCE account + gce_default_account_iam = gcp.serviceaccount.IAMMember("gce-default-account-iam", + service_account_id=default.name, + role="roles/iam.serviceAccountUser", + member=sa.email.apply(lambda email: f"serviceAccount:{email}")) + ``` + + + ### Service Account IAM Member With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that Jane can use") + admin_account_iam = gcp.serviceaccount.IAMMember("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + member="user:jane@example.com", + condition=gcp.serviceaccount.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import ### Importing with conditions: @@ -357,12 +463,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[pulumi.InputType['IAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. - :param pulumi.Input[str] role: The role that should be applied. Only one - `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -370,6 +471,10 @@ def __init__(__self__, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] role: The role that should be applied. Only one + `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. """ ... @overload @@ -496,6 +601,112 @@ def __init__(__self__, ``` + ### Additional Examples + + ### Service Account IAM Policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"], + )]) + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can interact with") + admin_account_iam = gcp.serviceaccount.IAMPolicy("admin-account-iam", + service_account_id=sa.name, + policy_data=admin.policy_data) + ``` + + + ### Service Account IAM Binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can use") + admin_account_iam = gcp.serviceaccount.IAMBinding("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"]) + ``` + + + ### Service Account IAM Binding With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can use") + admin_account_iam = gcp.serviceaccount.IAMBinding("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"], + condition=gcp.serviceaccount.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ### Service Account IAM Member + + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.compute.get_default_service_account() + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that Jane can use") + admin_account_iam = gcp.serviceaccount.IAMMember("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + member="user:jane@example.com") + # Allow SA service account use the default GCE account + gce_default_account_iam = gcp.serviceaccount.IAMMember("gce-default-account-iam", + service_account_id=default.name, + role="roles/iam.serviceAccountUser", + member=sa.email.apply(lambda email: f"serviceAccount:{email}")) + ``` + + + ### Service Account IAM Member With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that Jane can use") + admin_account_iam = gcp.serviceaccount.IAMMember("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + member="user:jane@example.com", + condition=gcp.serviceaccount.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import ### Importing with conditions: @@ -576,12 +787,7 @@ def get(resource_name: str, :param pulumi.Input[pulumi.InputType['IAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. Structure is documented below. :param pulumi.Input[str] etag: (Computed) The etag of the service account IAM policy. - :param pulumi.Input[str] role: The role that should be applied. Only one - `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -589,6 +795,10 @@ def get(resource_name: str, * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + :param pulumi.Input[str] role: The role that should be applied. Only one + `serviceaccount.IAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -621,6 +831,16 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @property @@ -638,15 +858,6 @@ def role(self) -> pulumi.Output[str]: def service_account_id(self) -> pulumi.Output[str]: """ The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "service_account_id") diff --git a/sdk/python/pulumi_gcp/serviceaccount/iam_policy.py b/sdk/python/pulumi_gcp/serviceaccount/iam_policy.py index 33e998b443..b45a44dab9 100644 --- a/sdk/python/pulumi_gcp/serviceaccount/iam_policy.py +++ b/sdk/python/pulumi_gcp/serviceaccount/iam_policy.py @@ -21,15 +21,6 @@ def __init__(__self__, *, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "service_account_id", service_account_id) @@ -52,15 +43,6 @@ def policy_data(self, value: pulumi.Input[str]): def service_account_id(self) -> pulumi.Input[str]: """ The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "service_account_id") @@ -81,15 +63,6 @@ def __init__(__self__, *, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -128,15 +101,6 @@ def policy_data(self, value: Optional[pulumi.Input[str]]): def service_account_id(self) -> Optional[pulumi.Input[str]]: """ The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "service_account_id") @@ -272,6 +236,112 @@ def __init__(__self__, ``` + ### Additional Examples + + ### Service Account IAM Policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"], + )]) + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can interact with") + admin_account_iam = gcp.serviceaccount.IAMPolicy("admin-account-iam", + service_account_id=sa.name, + policy_data=admin.policy_data) + ``` + + + ### Service Account IAM Binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can use") + admin_account_iam = gcp.serviceaccount.IAMBinding("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"]) + ``` + + + ### Service Account IAM Binding With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can use") + admin_account_iam = gcp.serviceaccount.IAMBinding("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"], + condition=gcp.serviceaccount.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ### Service Account IAM Member + + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.compute.get_default_service_account() + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that Jane can use") + admin_account_iam = gcp.serviceaccount.IAMMember("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + member="user:jane@example.com") + # Allow SA service account use the default GCE account + gce_default_account_iam = gcp.serviceaccount.IAMMember("gce-default-account-iam", + service_account_id=default.name, + role="roles/iam.serviceAccountUser", + member=sa.email.apply(lambda email: f"serviceAccount:{email}")) + ``` + + + ### Service Account IAM Member With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that Jane can use") + admin_account_iam = gcp.serviceaccount.IAMMember("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + member="user:jane@example.com", + condition=gcp.serviceaccount.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import ### Importing with conditions: @@ -291,15 +361,6 @@ def __init__(__self__, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ ... @overload @@ -426,6 +487,112 @@ def __init__(__self__, ``` + ### Additional Examples + + ### Service Account IAM Policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"], + )]) + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can interact with") + admin_account_iam = gcp.serviceaccount.IAMPolicy("admin-account-iam", + service_account_id=sa.name, + policy_data=admin.policy_data) + ``` + + + ### Service Account IAM Binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can use") + admin_account_iam = gcp.serviceaccount.IAMBinding("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"]) + ``` + + + ### Service Account IAM Binding With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that only Jane can use") + admin_account_iam = gcp.serviceaccount.IAMBinding("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + members=["user:jane@example.com"], + condition=gcp.serviceaccount.IAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + + ### Service Account IAM Member + + + ```python + import pulumi + import pulumi_gcp as gcp + + default = gcp.compute.get_default_service_account() + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that Jane can use") + admin_account_iam = gcp.serviceaccount.IAMMember("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + member="user:jane@example.com") + # Allow SA service account use the default GCE account + gce_default_account_iam = gcp.serviceaccount.IAMMember("gce-default-account-iam", + service_account_id=default.name, + role="roles/iam.serviceAccountUser", + member=sa.email.apply(lambda email: f"serviceAccount:{email}")) + ``` + + + ### Service Account IAM Member With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + sa = gcp.serviceaccount.Account("sa", + account_id="my-service-account", + display_name="A service account that Jane can use") + admin_account_iam = gcp.serviceaccount.IAMMember("admin-account-iam", + service_account_id=sa.name, + role="roles/iam.serviceAccountUser", + member="user:jane@example.com", + condition=gcp.serviceaccount.IAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import ### Importing with conditions: @@ -499,15 +666,6 @@ def get(resource_name: str, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] service_account_id: The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -540,15 +698,6 @@ def policy_data(self) -> pulumi.Output[str]: def service_account_id(self) -> pulumi.Output[str]: """ The fully-qualified name of the service account to apply policy to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "service_account_id") diff --git a/sdk/python/pulumi_gcp/servicedirectory/namespace_iam_binding.py b/sdk/python/pulumi_gcp/servicedirectory/namespace_iam_binding.py index 4a607e4f5a..c173f8a209 100644 --- a/sdk/python/pulumi_gcp/servicedirectory/namespace_iam_binding.py +++ b/sdk/python/pulumi_gcp/servicedirectory/namespace_iam_binding.py @@ -22,12 +22,7 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a NamespaceIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -38,6 +33,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -49,6 +48,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -83,18 +95,6 @@ def condition(self, value: Optional[pulumi.Input['NamespaceIamBindingConditionAr def name(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") @@ -114,9 +114,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering NamespaceIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -127,6 +125,7 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -166,19 +165,8 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - return pulumi.get(self, "members") - - @members.setter - def members(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "members", value) - - @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -190,6 +178,18 @@ def name(self) -> Optional[pulumi.Input[str]]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @members.setter + def members(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "members", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "name") @name.setter @@ -281,6 +281,51 @@ def __init__(__self__, ``` + ## google\\_service\\_directory\\_namespace\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.servicedirectory.NamespaceIamPolicy("policy", + name=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_service\\_directory\\_namespace\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.servicedirectory.NamespaceIamBinding("binding", + name=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_service\\_directory\\_namespace\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.servicedirectory.NamespaceIamMember("member", + name=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -319,9 +364,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -332,6 +375,7 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -402,6 +446,51 @@ def __init__(__self__, ``` + ## google\\_service\\_directory\\_namespace\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.servicedirectory.NamespaceIamPolicy("policy", + name=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_service\\_directory\\_namespace\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.servicedirectory.NamespaceIamBinding("binding", + name=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_service\\_directory\\_namespace\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.servicedirectory.NamespaceIamMember("member", + name=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -498,9 +587,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -511,6 +598,7 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -542,15 +630,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def name(self) -> pulumi.Output[str]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -562,6 +643,14 @@ def name(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "name") @property diff --git a/sdk/python/pulumi_gcp/servicedirectory/namespace_iam_member.py b/sdk/python/pulumi_gcp/servicedirectory/namespace_iam_member.py index 5e21ba7a07..666627870d 100644 --- a/sdk/python/pulumi_gcp/servicedirectory/namespace_iam_member.py +++ b/sdk/python/pulumi_gcp/servicedirectory/namespace_iam_member.py @@ -22,12 +22,7 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a NamespaceIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -38,6 +33,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -49,6 +48,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -83,18 +95,6 @@ def condition(self, value: Optional[pulumi.Input['NamespaceIamMemberConditionArg def name(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") @@ -114,9 +114,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering NamespaceIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -127,6 +125,7 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -166,19 +165,8 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "member") - - @member.setter - def member(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "member", value) - - @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -190,6 +178,18 @@ def name(self) -> Optional[pulumi.Input[str]]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @member.setter + def member(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "member", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "name") @name.setter @@ -281,6 +281,51 @@ def __init__(__self__, ``` + ## google\\_service\\_directory\\_namespace\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.servicedirectory.NamespaceIamPolicy("policy", + name=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_service\\_directory\\_namespace\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.servicedirectory.NamespaceIamBinding("binding", + name=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_service\\_directory\\_namespace\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.servicedirectory.NamespaceIamMember("member", + name=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -319,9 +364,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -332,6 +375,7 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -402,6 +446,51 @@ def __init__(__self__, ``` + ## google\\_service\\_directory\\_namespace\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.servicedirectory.NamespaceIamPolicy("policy", + name=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_service\\_directory\\_namespace\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.servicedirectory.NamespaceIamBinding("binding", + name=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_service\\_directory\\_namespace\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.servicedirectory.NamespaceIamMember("member", + name=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -498,9 +587,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -511,6 +598,7 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `servicedirectory.NamespaceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -542,15 +630,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def name(self) -> pulumi.Output[str]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -562,6 +643,14 @@ def name(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "name") @property diff --git a/sdk/python/pulumi_gcp/servicedirectory/namespace_iam_policy.py b/sdk/python/pulumi_gcp/servicedirectory/namespace_iam_policy.py index 8e8dfaf5ad..d8d6fb84df 100644 --- a/sdk/python/pulumi_gcp/servicedirectory/namespace_iam_policy.py +++ b/sdk/python/pulumi_gcp/servicedirectory/namespace_iam_policy.py @@ -21,18 +21,6 @@ def __init__(__self__, *, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if name is not None: @@ -56,18 +44,6 @@ def policy_data(self, value: pulumi.Input[str]): def name(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") @@ -86,18 +62,6 @@ def __init__(__self__, *, Input properties used for looking up and filtering NamespaceIamPolicy resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -125,18 +89,6 @@ def etag(self, value: Optional[pulumi.Input[str]]): def name(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") @@ -226,6 +178,51 @@ def __init__(__self__, ``` + ## google\\_service\\_directory\\_namespace\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.servicedirectory.NamespaceIamPolicy("policy", + name=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_service\\_directory\\_namespace\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.servicedirectory.NamespaceIamBinding("binding", + name=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_service\\_directory\\_namespace\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.servicedirectory.NamespaceIamMember("member", + name=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -265,18 +262,6 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -346,6 +331,51 @@ def __init__(__self__, ``` + ## google\\_service\\_directory\\_namespace\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.servicedirectory.NamespaceIamPolicy("policy", + name=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_service\\_directory\\_namespace\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.servicedirectory.NamespaceIamBinding("binding", + name=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_service\\_directory\\_namespace\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.servicedirectory.NamespaceIamMember("member", + name=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -435,18 +465,6 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -472,18 +490,6 @@ def etag(self) -> pulumi.Output[str]: def name(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") diff --git a/sdk/python/pulumi_gcp/servicedirectory/service_iam_binding.py b/sdk/python/pulumi_gcp/servicedirectory/service_iam_binding.py index 0004512f71..69854baccf 100644 --- a/sdk/python/pulumi_gcp/servicedirectory/service_iam_binding.py +++ b/sdk/python/pulumi_gcp/servicedirectory/service_iam_binding.py @@ -22,12 +22,7 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a ServiceIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -38,6 +33,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -49,6 +48,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -83,18 +95,6 @@ def condition(self, value: Optional[pulumi.Input['ServiceIamBindingConditionArgs def name(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") @@ -114,9 +114,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering ServiceIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -127,6 +125,7 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -166,19 +165,8 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: - return pulumi.get(self, "members") - - @members.setter - def members(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): - pulumi.set(self, "members", value) - - @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -190,6 +178,18 @@ def name(self) -> Optional[pulumi.Input[str]]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @members.setter + def members(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]): + pulumi.set(self, "members", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "name") @name.setter @@ -281,6 +281,51 @@ def __init__(__self__, ``` + ## google\\_service\\_directory\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.servicedirectory.ServiceIamPolicy("policy", + name=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_service\\_directory\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.servicedirectory.ServiceIamBinding("binding", + name=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_service\\_directory\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.servicedirectory.ServiceIamMember("member", + name=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -319,9 +364,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -332,6 +375,7 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -402,6 +446,51 @@ def __init__(__self__, ``` + ## google\\_service\\_directory\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.servicedirectory.ServiceIamPolicy("policy", + name=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_service\\_directory\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.servicedirectory.ServiceIamBinding("binding", + name=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_service\\_directory\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.servicedirectory.ServiceIamMember("member", + name=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -498,9 +587,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -511,6 +598,7 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -542,15 +630,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def name(self) -> pulumi.Output[str]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -562,6 +643,14 @@ def name(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "name") @property diff --git a/sdk/python/pulumi_gcp/servicedirectory/service_iam_member.py b/sdk/python/pulumi_gcp/servicedirectory/service_iam_member.py index 87484e8a46..935bc3a121 100644 --- a/sdk/python/pulumi_gcp/servicedirectory/service_iam_member.py +++ b/sdk/python/pulumi_gcp/servicedirectory/service_iam_member.py @@ -22,12 +22,7 @@ def __init__(__self__, *, name: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a ServiceIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -38,6 +33,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -49,6 +48,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -83,18 +95,6 @@ def condition(self, value: Optional[pulumi.Input['ServiceIamMemberConditionArgs' def name(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") @@ -114,9 +114,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering ServiceIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -127,6 +125,7 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -166,19 +165,8 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: - return pulumi.get(self, "member") - - @member.setter - def member(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "member", value) - - @property - @pulumi.getter - def name(self) -> Optional[pulumi.Input[str]]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -190,6 +178,18 @@ def name(self) -> Optional[pulumi.Input[str]]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @member.setter + def member(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "member", value) + + @property + @pulumi.getter + def name(self) -> Optional[pulumi.Input[str]]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "name") @name.setter @@ -281,6 +281,51 @@ def __init__(__self__, ``` + ## google\\_service\\_directory\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.servicedirectory.ServiceIamPolicy("policy", + name=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_service\\_directory\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.servicedirectory.ServiceIamBinding("binding", + name=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_service\\_directory\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.servicedirectory.ServiceIamMember("member", + name=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -319,9 +364,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -332,6 +375,7 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -402,6 +446,51 @@ def __init__(__self__, ``` + ## google\\_service\\_directory\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.servicedirectory.ServiceIamPolicy("policy", + name=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_service\\_directory\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.servicedirectory.ServiceIamBinding("binding", + name=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_service\\_directory\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.servicedirectory.ServiceIamMember("member", + name=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -498,9 +587,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -511,6 +598,7 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] role: The role that should be applied. Only one `servicedirectory.ServiceIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -542,15 +630,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def name(self) -> pulumi.Output[str]: """ - Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -562,6 +643,14 @@ def name(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def name(self) -> pulumi.Output[str]: + """ + Used to find the parent resource to bind the IAM policy to + """ return pulumi.get(self, "name") @property diff --git a/sdk/python/pulumi_gcp/servicedirectory/service_iam_policy.py b/sdk/python/pulumi_gcp/servicedirectory/service_iam_policy.py index 6c1c61358f..352d034e1d 100644 --- a/sdk/python/pulumi_gcp/servicedirectory/service_iam_policy.py +++ b/sdk/python/pulumi_gcp/servicedirectory/service_iam_policy.py @@ -21,18 +21,6 @@ def __init__(__self__, *, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) if name is not None: @@ -56,18 +44,6 @@ def policy_data(self, value: pulumi.Input[str]): def name(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") @@ -86,18 +62,6 @@ def __init__(__self__, *, Input properties used for looking up and filtering ServiceIamPolicy resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -125,18 +89,6 @@ def etag(self, value: Optional[pulumi.Input[str]]): def name(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") @@ -226,6 +178,51 @@ def __init__(__self__, ``` + ## google\\_service\\_directory\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.servicedirectory.ServiceIamPolicy("policy", + name=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_service\\_directory\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.servicedirectory.ServiceIamBinding("binding", + name=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_service\\_directory\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.servicedirectory.ServiceIamMember("member", + name=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -265,18 +262,6 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -346,6 +331,51 @@ def __init__(__self__, ``` + ## google\\_service\\_directory\\_service\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.servicedirectory.ServiceIamPolicy("policy", + name=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_service\\_directory\\_service\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.servicedirectory.ServiceIamBinding("binding", + name=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_service\\_directory\\_service\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.servicedirectory.ServiceIamMember("member", + name=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -435,18 +465,6 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] name: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -472,18 +490,6 @@ def etag(self) -> pulumi.Output[str]: def name(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "name") diff --git a/sdk/python/pulumi_gcp/sourcerepo/repository_iam_binding.py b/sdk/python/pulumi_gcp/sourcerepo/repository_iam_binding.py index cbcadd6f18..4016f5e32e 100644 --- a/sdk/python/pulumi_gcp/sourcerepo/repository_iam_binding.py +++ b/sdk/python/pulumi_gcp/sourcerepo/repository_iam_binding.py @@ -23,13 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a RepositoryIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -40,6 +34,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "repository", repository) @@ -52,6 +51,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -96,18 +108,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -128,10 +128,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering RepositoryIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -142,6 +139,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -183,6 +182,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -195,18 +207,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -312,6 +312,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_topic\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.TopicIAMPolicy("policy", + project=example["project"], + topic=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.TopicIAMBinding("binding", + project=example["project"], + topic=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.TopicIAMMember("member", + project=example["project"], + topic=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -350,10 +398,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -364,6 +409,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -437,6 +484,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_topic\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.TopicIAMPolicy("policy", + project=example["project"], + topic=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.TopicIAMBinding("binding", + project=example["project"], + topic=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.TopicIAMMember("member", + project=example["project"], + topic=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -538,10 +633,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -552,6 +644,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -584,16 +678,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -605,6 +691,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/sourcerepo/repository_iam_member.py b/sdk/python/pulumi_gcp/sourcerepo/repository_iam_member.py index 66b65b18eb..6b0584da3e 100644 --- a/sdk/python/pulumi_gcp/sourcerepo/repository_iam_member.py +++ b/sdk/python/pulumi_gcp/sourcerepo/repository_iam_member.py @@ -23,13 +23,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a RepositoryIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -40,6 +34,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "repository", repository) @@ -52,6 +51,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -96,18 +108,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -128,10 +128,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering RepositoryIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -142,6 +139,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -183,6 +182,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -195,18 +207,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -312,6 +312,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_topic\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.TopicIAMPolicy("policy", + project=example["project"], + topic=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.TopicIAMBinding("binding", + project=example["project"], + topic=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.TopicIAMMember("member", + project=example["project"], + topic=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -350,10 +398,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -364,6 +409,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -437,6 +484,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_topic\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.TopicIAMPolicy("policy", + project=example["project"], + topic=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.TopicIAMBinding("binding", + project=example["project"], + topic=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.TopicIAMMember("member", + project=example["project"], + topic=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -538,10 +633,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -552,6 +644,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `pubsub.TopicIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -584,16 +678,8 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -605,6 +691,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/sourcerepo/repository_iam_policy.py b/sdk/python/pulumi_gcp/sourcerepo/repository_iam_policy.py index c465a07861..e9814db0dd 100644 --- a/sdk/python/pulumi_gcp/sourcerepo/repository_iam_policy.py +++ b/sdk/python/pulumi_gcp/sourcerepo/repository_iam_policy.py @@ -23,18 +23,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "repository", repository) @@ -69,18 +57,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -103,18 +79,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -156,18 +120,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -257,6 +209,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_topic\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.TopicIAMPolicy("policy", + project=example["project"], + topic=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.TopicIAMBinding("binding", + project=example["project"], + topic=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.TopicIAMMember("member", + project=example["project"], + topic=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -299,18 +299,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -381,6 +369,54 @@ def __init__(__self__, ``` + ## google\\_pubsub\\_topic\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.pubsub.TopicIAMPolicy("policy", + project=example["project"], + topic=example["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.pubsub.TopicIAMBinding("binding", + project=example["project"], + topic=example["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_pubsub\\_topic\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.pubsub.TopicIAMMember("member", + project=example["project"], + topic=example["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -478,18 +514,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -524,18 +548,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/spanner/database_iam_binding.py b/sdk/python/pulumi_gcp/spanner/database_iam_binding.py index dab2f0a8fa..aba413edca 100644 --- a/sdk/python/pulumi_gcp/spanner/database_iam_binding.py +++ b/sdk/python/pulumi_gcp/spanner/database_iam_binding.py @@ -26,8 +26,7 @@ def __init__(__self__, *, The set of arguments for constructing a DatabaseIAMBinding resource. :param pulumi.Input[str] database: The name of the Spanner database. :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -69,15 +68,6 @@ def database(self, value: pulumi.Input[str]): def instance(self) -> pulumi.Input[str]: """ The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -88,6 +78,16 @@ def instance(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -152,8 +152,7 @@ def __init__(__self__, *, :param pulumi.Input[str] database: The name of the Spanner database. :param pulumi.Input[str] etag: (Computed) The etag of the database's IAM policy. :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -224,15 +223,6 @@ def etag(self, value: Optional[pulumi.Input[str]]): def instance(self) -> Optional[pulumi.Input[str]]: """ The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -243,6 +233,16 @@ def instance(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -414,6 +414,117 @@ def __init__(__self__, ``` + ## google\\_spanner\\_database\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + database = gcp.spanner.DatabaseIAMPolicy("database", + instance="your-instance-name", + database="your-database-name", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + ), + )]) + database = gcp.spanner.DatabaseIAMPolicy("database", + instance="your-instance-name", + database="your-database-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_spanner\\_database\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMBinding("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMBinding("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.spanner.DatabaseIAMBindingConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + )) + ``` + + + ## google\\_spanner\\_database\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMMember("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMMember("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + member="user:jane@example.com", + condition=gcp.spanner.DatabaseIAMMemberConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + )) + ``` + + ## Import ### Importing IAM policies @@ -446,8 +557,7 @@ def __init__(__self__, Structure is documented below. :param pulumi.Input[str] database: The name of the Spanner database. :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -592,6 +702,117 @@ def __init__(__self__, ``` + ## google\\_spanner\\_database\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + database = gcp.spanner.DatabaseIAMPolicy("database", + instance="your-instance-name", + database="your-database-name", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + ), + )]) + database = gcp.spanner.DatabaseIAMPolicy("database", + instance="your-instance-name", + database="your-database-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_spanner\\_database\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMBinding("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMBinding("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.spanner.DatabaseIAMBindingConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + )) + ``` + + + ## google\\_spanner\\_database\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMMember("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMMember("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + member="user:jane@example.com", + condition=gcp.spanner.DatabaseIAMMemberConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + )) + ``` + + ## Import ### Importing IAM policies @@ -692,8 +913,7 @@ def get(resource_name: str, :param pulumi.Input[str] database: The name of the Spanner database. :param pulumi.Input[str] etag: (Computed) The etag of the database's IAM policy. :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -750,8 +970,14 @@ def etag(self) -> pulumi.Output[str]: def instance(self) -> pulumi.Output[str]: """ The name of the Spanner instance the database belongs to. + """ + return pulumi.get(self, "instance") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -760,11 +986,6 @@ def instance(self) -> pulumi.Output[str]: * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ - return pulumi.get(self, "instance") - - @property - @pulumi.getter - def members(self) -> pulumi.Output[Sequence[str]]: return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/spanner/database_iam_member.py b/sdk/python/pulumi_gcp/spanner/database_iam_member.py index df9e0a6450..28a2b61052 100644 --- a/sdk/python/pulumi_gcp/spanner/database_iam_member.py +++ b/sdk/python/pulumi_gcp/spanner/database_iam_member.py @@ -26,8 +26,7 @@ def __init__(__self__, *, The set of arguments for constructing a DatabaseIAMMember resource. :param pulumi.Input[str] database: The name of the Spanner database. :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -69,15 +68,6 @@ def database(self, value: pulumi.Input[str]): def instance(self) -> pulumi.Input[str]: """ The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -88,6 +78,16 @@ def instance(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -152,8 +152,7 @@ def __init__(__self__, *, :param pulumi.Input[str] database: The name of the Spanner database. :param pulumi.Input[str] etag: (Computed) The etag of the database's IAM policy. :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -224,15 +223,6 @@ def etag(self, value: Optional[pulumi.Input[str]]): def instance(self) -> Optional[pulumi.Input[str]]: """ The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -243,6 +233,16 @@ def instance(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -414,6 +414,117 @@ def __init__(__self__, ``` + ## google\\_spanner\\_database\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + database = gcp.spanner.DatabaseIAMPolicy("database", + instance="your-instance-name", + database="your-database-name", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + ), + )]) + database = gcp.spanner.DatabaseIAMPolicy("database", + instance="your-instance-name", + database="your-database-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_spanner\\_database\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMBinding("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMBinding("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.spanner.DatabaseIAMBindingConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + )) + ``` + + + ## google\\_spanner\\_database\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMMember("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMMember("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + member="user:jane@example.com", + condition=gcp.spanner.DatabaseIAMMemberConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + )) + ``` + + ## Import ### Importing IAM policies @@ -446,8 +557,7 @@ def __init__(__self__, Structure is documented below. :param pulumi.Input[str] database: The name of the Spanner database. :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -592,6 +702,117 @@ def __init__(__self__, ``` + ## google\\_spanner\\_database\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + database = gcp.spanner.DatabaseIAMPolicy("database", + instance="your-instance-name", + database="your-database-name", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + ), + )]) + database = gcp.spanner.DatabaseIAMPolicy("database", + instance="your-instance-name", + database="your-database-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_spanner\\_database\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMBinding("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMBinding("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.spanner.DatabaseIAMBindingConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + )) + ``` + + + ## google\\_spanner\\_database\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMMember("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMMember("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + member="user:jane@example.com", + condition=gcp.spanner.DatabaseIAMMemberConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + )) + ``` + + ## Import ### Importing IAM policies @@ -692,8 +913,7 @@ def get(resource_name: str, :param pulumi.Input[str] database: The name of the Spanner database. :param pulumi.Input[str] etag: (Computed) The etag of the database's IAM policy. :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -750,8 +970,14 @@ def etag(self) -> pulumi.Output[str]: def instance(self) -> pulumi.Output[str]: """ The name of the Spanner instance the database belongs to. + """ + return pulumi.get(self, "instance") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -760,11 +986,6 @@ def instance(self) -> pulumi.Output[str]: * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ - return pulumi.get(self, "instance") - - @property - @pulumi.getter - def member(self) -> pulumi.Output[str]: return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/spanner/database_iam_policy.py b/sdk/python/pulumi_gcp/spanner/database_iam_policy.py index bf537a9e97..7f0f78a35e 100644 --- a/sdk/python/pulumi_gcp/spanner/database_iam_policy.py +++ b/sdk/python/pulumi_gcp/spanner/database_iam_policy.py @@ -22,15 +22,6 @@ def __init__(__self__, *, The set of arguments for constructing a DatabaseIAMPolicy resource. :param pulumi.Input[str] database: The name of the Spanner database. :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it @@ -59,15 +50,6 @@ def database(self, value: pulumi.Input[str]): def instance(self) -> pulumi.Input[str]: """ The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -115,15 +97,6 @@ def __init__(__self__, *, :param pulumi.Input[str] database: The name of the Spanner database. :param pulumi.Input[str] etag: (Computed) The etag of the database's IAM policy. :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it @@ -169,15 +142,6 @@ def etag(self, value: Optional[pulumi.Input[str]]): def instance(self) -> Optional[pulumi.Input[str]]: """ The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -347,6 +311,117 @@ def __init__(__self__, ``` + ## google\\_spanner\\_database\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + database = gcp.spanner.DatabaseIAMPolicy("database", + instance="your-instance-name", + database="your-database-name", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + ), + )]) + database = gcp.spanner.DatabaseIAMPolicy("database", + instance="your-instance-name", + database="your-database-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_spanner\\_database\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMBinding("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMBinding("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.spanner.DatabaseIAMBindingConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + )) + ``` + + + ## google\\_spanner\\_database\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMMember("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMMember("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + member="user:jane@example.com", + condition=gcp.spanner.DatabaseIAMMemberConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + )) + ``` + + ## Import ### Importing IAM policies @@ -377,15 +452,6 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] database: The name of the Spanner database. :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it @@ -522,6 +588,117 @@ def __init__(__self__, ``` + ## google\\_spanner\\_database\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + database = gcp.spanner.DatabaseIAMPolicy("database", + instance="your-instance-name", + database="your-database-name", + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + ), + )]) + database = gcp.spanner.DatabaseIAMPolicy("database", + instance="your-instance-name", + database="your-database-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_spanner\\_database\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMBinding("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMBinding("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + members=["user:jane@example.com"], + condition=gcp.spanner.DatabaseIAMBindingConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + )) + ``` + + + ## google\\_spanner\\_database\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMMember("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + database = gcp.spanner.DatabaseIAMMember("database", + instance="your-instance-name", + database="your-database-name", + role="roles/compute.networkUser", + member="user:jane@example.com", + condition=gcp.spanner.DatabaseIAMMemberConditionArgs( + title="My Role", + description="Grant permissions on my_role", + expression="(resource.type == \\"spanner.googleapis.com/DatabaseRole\\" && (resource.name.endsWith(\\"/myrole\\")))", + )) + ``` + + ## Import ### Importing IAM policies @@ -612,15 +789,6 @@ def get(resource_name: str, :param pulumi.Input[str] database: The name of the Spanner database. :param pulumi.Input[str] etag: (Computed) The etag of the database's IAM policy. :param pulumi.Input[str] instance: The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it @@ -658,15 +826,6 @@ def etag(self) -> pulumi.Output[str]: def instance(self) -> pulumi.Output[str]: """ The name of the Spanner instance the database belongs to. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") diff --git a/sdk/python/pulumi_gcp/spanner/instance_iam_binding.py b/sdk/python/pulumi_gcp/spanner/instance_iam_binding.py index 60468c2fa7..f06670c3ea 100644 --- a/sdk/python/pulumi_gcp/spanner/instance_iam_binding.py +++ b/sdk/python/pulumi_gcp/spanner/instance_iam_binding.py @@ -24,8 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a InstanceIAMBinding resource. :param pulumi.Input[str] instance: The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -52,15 +51,6 @@ def __init__(__self__, *, def instance(self) -> pulumi.Input[str]: """ The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -71,6 +61,16 @@ def instance(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -127,8 +127,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering InstanceIAMBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the instance's IAM policy. :param pulumi.Input[str] instance: The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -181,15 +180,6 @@ def etag(self, value: Optional[pulumi.Input[str]]): def instance(self) -> Optional[pulumi.Input[str]]: """ The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -200,6 +190,16 @@ def instance(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "members") @members.setter @@ -304,6 +304,51 @@ def __init__(__self__, ``` + ## google\\_spanner\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + instance = gcp.spanner.InstanceIAMPolicy("instance", + instance="your-instance-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_spanner\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + instance = gcp.spanner.InstanceIAMBinding("instance", + instance="your-instance-name", + role="roles/spanner.databaseAdmin", + members=["user:jane@example.com"]) + ``` + + + ## google\\_spanner\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + instance = gcp.spanner.InstanceIAMMember("instance", + instance="your-instance-name", + role="roles/spanner.databaseAdmin", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -333,8 +378,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] instance: The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +457,51 @@ def __init__(__self__, ``` + ## google\\_spanner\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + instance = gcp.spanner.InstanceIAMPolicy("instance", + instance="your-instance-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_spanner\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + instance = gcp.spanner.InstanceIAMBinding("instance", + instance="your-instance-name", + role="roles/spanner.databaseAdmin", + members=["user:jane@example.com"]) + ``` + + + ## google\\_spanner\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + instance = gcp.spanner.InstanceIAMMember("instance", + instance="your-instance-name", + role="roles/spanner.databaseAdmin", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -505,8 +594,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the instance's IAM policy. :param pulumi.Input[str] instance: The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -550,8 +638,14 @@ def etag(self) -> pulumi.Output[str]: def instance(self) -> pulumi.Output[str]: """ The name of the instance. + """ + return pulumi.get(self, "instance") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -560,11 +654,6 @@ def instance(self) -> pulumi.Output[str]: * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ - return pulumi.get(self, "instance") - - @property - @pulumi.getter - def members(self) -> pulumi.Output[Sequence[str]]: return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/spanner/instance_iam_member.py b/sdk/python/pulumi_gcp/spanner/instance_iam_member.py index 5769f6ed7f..0460a79d60 100644 --- a/sdk/python/pulumi_gcp/spanner/instance_iam_member.py +++ b/sdk/python/pulumi_gcp/spanner/instance_iam_member.py @@ -24,8 +24,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a InstanceIAMMember resource. :param pulumi.Input[str] instance: The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -52,15 +51,6 @@ def __init__(__self__, *, def instance(self) -> pulumi.Input[str]: """ The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -71,6 +61,16 @@ def instance(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -127,8 +127,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering InstanceIAMMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the instance's IAM policy. :param pulumi.Input[str] instance: The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -181,15 +180,6 @@ def etag(self, value: Optional[pulumi.Input[str]]): def instance(self) -> Optional[pulumi.Input[str]]: """ The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -200,6 +190,16 @@ def instance(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + """ return pulumi.get(self, "member") @member.setter @@ -304,6 +304,51 @@ def __init__(__self__, ``` + ## google\\_spanner\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + instance = gcp.spanner.InstanceIAMPolicy("instance", + instance="your-instance-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_spanner\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + instance = gcp.spanner.InstanceIAMBinding("instance", + instance="your-instance-name", + role="roles/spanner.databaseAdmin", + members=["user:jane@example.com"]) + ``` + + + ## google\\_spanner\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + instance = gcp.spanner.InstanceIAMMember("instance", + instance="your-instance-name", + role="roles/spanner.databaseAdmin", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -333,8 +378,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] instance: The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -413,6 +457,51 @@ def __init__(__self__, ``` + ## google\\_spanner\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + instance = gcp.spanner.InstanceIAMPolicy("instance", + instance="your-instance-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_spanner\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + instance = gcp.spanner.InstanceIAMBinding("instance", + instance="your-instance-name", + role="roles/spanner.databaseAdmin", + members=["user:jane@example.com"]) + ``` + + + ## google\\_spanner\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + instance = gcp.spanner.InstanceIAMMember("instance", + instance="your-instance-name", + role="roles/spanner.databaseAdmin", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -505,8 +594,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the instance's IAM policy. :param pulumi.Input[str] instance: The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -550,8 +638,14 @@ def etag(self) -> pulumi.Output[str]: def instance(self) -> pulumi.Output[str]: """ The name of the instance. + """ + return pulumi.get(self, "instance") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -560,11 +654,6 @@ def instance(self) -> pulumi.Output[str]: * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ - return pulumi.get(self, "instance") - - @property - @pulumi.getter - def member(self) -> pulumi.Output[str]: return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/spanner/instance_iam_policy.py b/sdk/python/pulumi_gcp/spanner/instance_iam_policy.py index a4071573ba..695db763b0 100644 --- a/sdk/python/pulumi_gcp/spanner/instance_iam_policy.py +++ b/sdk/python/pulumi_gcp/spanner/instance_iam_policy.py @@ -20,15 +20,6 @@ def __init__(__self__, *, """ The set of arguments for constructing a InstanceIAMPolicy resource. :param pulumi.Input[str] instance: The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it @@ -44,15 +35,6 @@ def __init__(__self__, *, def instance(self) -> pulumi.Input[str]: """ The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -98,15 +80,6 @@ def __init__(__self__, *, Input properties used for looking up and filtering InstanceIAMPolicy resources. :param pulumi.Input[str] etag: (Computed) The etag of the instance's IAM policy. :param pulumi.Input[str] instance: The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it @@ -138,15 +111,6 @@ def etag(self, value: Optional[pulumi.Input[str]]): def instance(self) -> Optional[pulumi.Input[str]]: """ The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") @@ -249,6 +213,51 @@ def __init__(__self__, ``` + ## google\\_spanner\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + instance = gcp.spanner.InstanceIAMPolicy("instance", + instance="your-instance-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_spanner\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + instance = gcp.spanner.InstanceIAMBinding("instance", + instance="your-instance-name", + role="roles/spanner.databaseAdmin", + members=["user:jane@example.com"]) + ``` + + + ## google\\_spanner\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + instance = gcp.spanner.InstanceIAMMember("instance", + instance="your-instance-name", + role="roles/spanner.databaseAdmin", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -278,15 +287,6 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] instance: The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it @@ -357,6 +357,51 @@ def __init__(__self__, ``` + ## google\\_spanner\\_instance\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/editor", + members=["user:jane@example.com"], + )]) + instance = gcp.spanner.InstanceIAMPolicy("instance", + instance="your-instance-name", + policy_data=admin.policy_data) + ``` + + + ## google\\_spanner\\_instance\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + instance = gcp.spanner.InstanceIAMBinding("instance", + instance="your-instance-name", + role="roles/spanner.databaseAdmin", + members=["user:jane@example.com"]) + ``` + + + ## google\\_spanner\\_instance\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + instance = gcp.spanner.InstanceIAMMember("instance", + instance="your-instance-name", + role="roles/spanner.databaseAdmin", + member="user:jane@example.com") + ``` + + ## Import ### Importing IAM policies @@ -441,15 +486,6 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the instance's IAM policy. :param pulumi.Input[str] instance: The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it @@ -478,15 +514,6 @@ def etag(self) -> pulumi.Output[str]: def instance(self) -> pulumi.Output[str]: """ The name of the instance. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. """ return pulumi.get(self, "instance") diff --git a/sdk/python/pulumi_gcp/storage/bucket_iam_binding.py b/sdk/python/pulumi_gcp/storage/bucket_iam_binding.py index f272465929..d434789f87 100644 --- a/sdk/python/pulumi_gcp/storage/bucket_iam_binding.py +++ b/sdk/python/pulumi_gcp/storage/bucket_iam_binding.py @@ -23,8 +23,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a BucketIAMBinding resource. :param pulumi.Input[str] bucket: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -52,8 +51,18 @@ def __init__(__self__, *, def bucket(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "bucket") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @bucket.setter + def bucket(self, value: pulumi.Input[str]): + pulumi.set(self, "bucket", value) + + @property + @pulumi.getter + def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -65,15 +74,6 @@ def bucket(self) -> pulumi.Input[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ - return pulumi.get(self, "bucket") - - @bucket.setter - def bucket(self, value: pulumi.Input[str]): - pulumi.set(self, "bucket", value) - - @property - @pulumi.getter - def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: return pulumi.get(self, "members") @members.setter @@ -119,8 +119,10 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering BucketIAMBinding resources. :param pulumi.Input[str] bucket: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input['BucketIAMBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -131,9 +133,6 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input['BucketIAMBindingConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -154,18 +153,6 @@ def __init__(__self__, *, def bucket(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "bucket") @@ -201,6 +188,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -352,6 +352,109 @@ def __init__(__self__, ``` + ## google\\_storage\\_bucket\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/storage.admin", + members=["user:jane@example.com"], + )]) + policy = gcp.storage.BucketIAMPolicy("policy", + bucket=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/storage.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.storage.BucketIAMPolicy("policy", + bucket=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_storage\\_bucket\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.storage.BucketIAMBinding("binding", + bucket=default["name"], + role="roles/storage.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.storage.BucketIAMBinding("binding", + bucket=default["name"], + role="roles/storage.admin", + members=["user:jane@example.com"], + condition=gcp.storage.BucketIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_storage\\_bucket\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.storage.BucketIAMMember("member", + bucket=default["name"], + role="roles/storage.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.storage.BucketIAMMember("member", + bucket=default["name"], + role="roles/storage.admin", + member="user:jane@example.com", + condition=gcp.storage.BucketIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -389,8 +492,9 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] bucket: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[pulumi.InputType['BucketIAMBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -401,8 +505,6 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input[pulumi.InputType['BucketIAMBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. :param pulumi.Input[str] role: The role that should be applied. Only one `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -533,6 +635,109 @@ def __init__(__self__, ``` + ## google\\_storage\\_bucket\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/storage.admin", + members=["user:jane@example.com"], + )]) + policy = gcp.storage.BucketIAMPolicy("policy", + bucket=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/storage.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.storage.BucketIAMPolicy("policy", + bucket=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_storage\\_bucket\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.storage.BucketIAMBinding("binding", + bucket=default["name"], + role="roles/storage.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.storage.BucketIAMBinding("binding", + bucket=default["name"], + role="roles/storage.admin", + members=["user:jane@example.com"], + condition=gcp.storage.BucketIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_storage\\_bucket\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.storage.BucketIAMMember("member", + bucket=default["name"], + role="roles/storage.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.storage.BucketIAMMember("member", + bucket=default["name"], + role="roles/storage.admin", + member="user:jane@example.com", + condition=gcp.storage.BucketIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -629,8 +834,10 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] bucket: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[pulumi.InputType['BucketIAMBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -641,9 +848,6 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input[pulumi.InputType['BucketIAMBindingConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -664,18 +868,6 @@ def get(resource_name: str, def bucket(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "bucket") @@ -699,6 +891,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/storage/bucket_iam_member.py b/sdk/python/pulumi_gcp/storage/bucket_iam_member.py index 9b259cd08c..547669b31f 100644 --- a/sdk/python/pulumi_gcp/storage/bucket_iam_member.py +++ b/sdk/python/pulumi_gcp/storage/bucket_iam_member.py @@ -23,8 +23,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a BucketIAMMember resource. :param pulumi.Input[str] bucket: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -52,8 +51,18 @@ def __init__(__self__, *, def bucket(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "bucket") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @bucket.setter + def bucket(self, value: pulumi.Input[str]): + pulumi.set(self, "bucket", value) + + @property + @pulumi.getter + def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -65,15 +74,6 @@ def bucket(self) -> pulumi.Input[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ - return pulumi.get(self, "bucket") - - @bucket.setter - def bucket(self, value: pulumi.Input[str]): - pulumi.set(self, "bucket", value) - - @property - @pulumi.getter - def member(self) -> pulumi.Input[str]: return pulumi.get(self, "member") @member.setter @@ -119,8 +119,10 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering BucketIAMMember resources. :param pulumi.Input[str] bucket: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input['BucketIAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -131,9 +133,6 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input['BucketIAMMemberConditionArgs'] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -154,18 +153,6 @@ def __init__(__self__, *, def bucket(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "bucket") @@ -201,6 +188,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -352,6 +352,109 @@ def __init__(__self__, ``` + ## google\\_storage\\_bucket\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/storage.admin", + members=["user:jane@example.com"], + )]) + policy = gcp.storage.BucketIAMPolicy("policy", + bucket=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/storage.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.storage.BucketIAMPolicy("policy", + bucket=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_storage\\_bucket\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.storage.BucketIAMBinding("binding", + bucket=default["name"], + role="roles/storage.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.storage.BucketIAMBinding("binding", + bucket=default["name"], + role="roles/storage.admin", + members=["user:jane@example.com"], + condition=gcp.storage.BucketIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_storage\\_bucket\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.storage.BucketIAMMember("member", + bucket=default["name"], + role="roles/storage.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.storage.BucketIAMMember("member", + bucket=default["name"], + role="roles/storage.admin", + member="user:jane@example.com", + condition=gcp.storage.BucketIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -389,8 +492,9 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] bucket: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[pulumi.InputType['BucketIAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -401,8 +505,6 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input[pulumi.InputType['BucketIAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. :param pulumi.Input[str] role: The role that should be applied. Only one `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -533,6 +635,109 @@ def __init__(__self__, ``` + ## google\\_storage\\_bucket\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/storage.admin", + members=["user:jane@example.com"], + )]) + policy = gcp.storage.BucketIAMPolicy("policy", + bucket=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/storage.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.storage.BucketIAMPolicy("policy", + bucket=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_storage\\_bucket\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.storage.BucketIAMBinding("binding", + bucket=default["name"], + role="roles/storage.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.storage.BucketIAMBinding("binding", + bucket=default["name"], + role="roles/storage.admin", + members=["user:jane@example.com"], + condition=gcp.storage.BucketIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_storage\\_bucket\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.storage.BucketIAMMember("member", + bucket=default["name"], + role="roles/storage.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.storage.BucketIAMMember("member", + bucket=default["name"], + role="roles/storage.admin", + member="user:jane@example.com", + condition=gcp.storage.BucketIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -629,8 +834,10 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] bucket: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[pulumi.InputType['BucketIAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. + Structure is documented below. + :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -641,9 +848,6 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" - :param pulumi.Input[pulumi.InputType['BucketIAMMemberConditionArgs']] condition: An [IAM Condition](https://cloud.google.com/iam/docs/conditions-overview) for a given binding. - Structure is documented below. - :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] role: The role that should be applied. Only one `storage.BucketIAMBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -664,18 +868,6 @@ def get(resource_name: str, def bucket(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "bucket") @@ -699,6 +891,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/storage/bucket_iam_policy.py b/sdk/python/pulumi_gcp/storage/bucket_iam_policy.py index e916a435c5..04b11ee981 100644 --- a/sdk/python/pulumi_gcp/storage/bucket_iam_policy.py +++ b/sdk/python/pulumi_gcp/storage/bucket_iam_policy.py @@ -19,18 +19,6 @@ def __init__(__self__, *, """ The set of arguments for constructing a BucketIAMPolicy resource. :param pulumi.Input[str] bucket: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -42,18 +30,6 @@ def __init__(__self__, *, def bucket(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "bucket") @@ -84,18 +60,6 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering BucketIAMPolicy resources. :param pulumi.Input[str] bucket: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -112,18 +76,6 @@ def __init__(__self__, *, def bucket(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "bucket") @@ -285,6 +237,109 @@ def __init__(__self__, ``` + ## google\\_storage\\_bucket\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/storage.admin", + members=["user:jane@example.com"], + )]) + policy = gcp.storage.BucketIAMPolicy("policy", + bucket=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/storage.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.storage.BucketIAMPolicy("policy", + bucket=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_storage\\_bucket\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.storage.BucketIAMBinding("binding", + bucket=default["name"], + role="roles/storage.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.storage.BucketIAMBinding("binding", + bucket=default["name"], + role="roles/storage.admin", + members=["user:jane@example.com"], + condition=gcp.storage.BucketIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_storage\\_bucket\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.storage.BucketIAMMember("member", + bucket=default["name"], + role="roles/storage.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.storage.BucketIAMMember("member", + bucket=default["name"], + role="roles/storage.admin", + member="user:jane@example.com", + condition=gcp.storage.BucketIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -322,18 +377,6 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] bucket: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -463,6 +506,109 @@ def __init__(__self__, ``` + ## google\\_storage\\_bucket\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/storage.admin", + members=["user:jane@example.com"], + )]) + policy = gcp.storage.BucketIAMPolicy("policy", + bucket=default["name"], + policy_data=admin.policy_data) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/storage.admin", + members=["user:jane@example.com"], + condition=gcp.organizations.GetIAMPolicyBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + ), + )]) + policy = gcp.storage.BucketIAMPolicy("policy", + bucket=default["name"], + policy_data=admin.policy_data) + ``` + + ## google\\_storage\\_bucket\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.storage.BucketIAMBinding("binding", + bucket=default["name"], + role="roles/storage.admin", + members=["user:jane@example.com"]) + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.storage.BucketIAMBinding("binding", + bucket=default["name"], + role="roles/storage.admin", + members=["user:jane@example.com"], + condition=gcp.storage.BucketIAMBindingConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## google\\_storage\\_bucket\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.storage.BucketIAMMember("member", + bucket=default["name"], + role="roles/storage.admin", + member="user:jane@example.com") + ``` + + + With IAM Conditions: + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.storage.BucketIAMMember("member", + bucket=default["name"], + role="roles/storage.admin", + member="user:jane@example.com", + condition=gcp.storage.BucketIAMMemberConditionArgs( + title="expires_after_2019_12_31", + description="Expiring at midnight of 2019-12-31", + expression="request.time < timestamp(\\"2020-01-01T00:00:00Z\\")", + )) + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -551,18 +697,6 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] bucket: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. @@ -581,18 +715,6 @@ def get(resource_name: str, def bucket(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "bucket") diff --git a/sdk/python/pulumi_gcp/tags/tag_key_iam_binding.py b/sdk/python/pulumi_gcp/tags/tag_key_iam_binding.py index ad16bf4274..f3fa5388bb 100644 --- a/sdk/python/pulumi_gcp/tags/tag_key_iam_binding.py +++ b/sdk/python/pulumi_gcp/tags/tag_key_iam_binding.py @@ -22,12 +22,7 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['TagKeyIamBindingConditionArgs']] = None): """ The set of arguments for constructing a TagKeyIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -38,6 +33,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -48,6 +47,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -73,18 +85,6 @@ def role(self, value: pulumi.Input[str]): def tag_key(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_key") @@ -113,12 +113,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering TagKeyIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -129,6 +124,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to """ if condition is not None: pulumi.set(__self__, "condition", condition) @@ -165,6 +164,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -190,18 +202,6 @@ def role(self, value: Optional[pulumi.Input[str]]): def tag_key(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_key") @@ -280,6 +280,51 @@ def __init__(__self__, ``` + ## google\\_tags\\_tag\\_key\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.tags.TagKeyIamPolicy("policy", + tag_key=key["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_tags\\_tag\\_key\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.tags.TagKeyIamBinding("binding", + tag_key=key["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_tags\\_tag\\_key\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.tags.TagKeyIamMember("member", + tag_key=key["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -316,12 +361,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -332,6 +372,10 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to """ ... @overload @@ -399,6 +443,51 @@ def __init__(__self__, ``` + ## google\\_tags\\_tag\\_key\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.tags.TagKeyIamPolicy("policy", + tag_key=key["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_tags\\_tag\\_key\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.tags.TagKeyIamBinding("binding", + tag_key=key["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_tags\\_tag\\_key\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.tags.TagKeyIamMember("member", + tag_key=key["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -495,12 +584,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -511,6 +595,10 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -539,6 +627,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -556,18 +657,6 @@ def role(self) -> pulumi.Output[str]: def tag_key(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_key") diff --git a/sdk/python/pulumi_gcp/tags/tag_key_iam_member.py b/sdk/python/pulumi_gcp/tags/tag_key_iam_member.py index a42393e5cb..bcd43380ee 100644 --- a/sdk/python/pulumi_gcp/tags/tag_key_iam_member.py +++ b/sdk/python/pulumi_gcp/tags/tag_key_iam_member.py @@ -22,12 +22,7 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['TagKeyIamMemberConditionArgs']] = None): """ The set of arguments for constructing a TagKeyIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -38,6 +33,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -48,6 +47,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -73,18 +85,6 @@ def role(self, value: pulumi.Input[str]): def tag_key(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_key") @@ -113,12 +113,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering TagKeyIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -129,6 +124,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to """ if condition is not None: pulumi.set(__self__, "condition", condition) @@ -165,6 +164,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -190,18 +202,6 @@ def role(self, value: Optional[pulumi.Input[str]]): def tag_key(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_key") @@ -280,6 +280,51 @@ def __init__(__self__, ``` + ## google\\_tags\\_tag\\_key\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.tags.TagKeyIamPolicy("policy", + tag_key=key["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_tags\\_tag\\_key\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.tags.TagKeyIamBinding("binding", + tag_key=key["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_tags\\_tag\\_key\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.tags.TagKeyIamMember("member", + tag_key=key["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -316,12 +361,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -332,6 +372,10 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to """ ... @overload @@ -399,6 +443,51 @@ def __init__(__self__, ``` + ## google\\_tags\\_tag\\_key\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.tags.TagKeyIamPolicy("policy", + tag_key=key["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_tags\\_tag\\_key\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.tags.TagKeyIamBinding("binding", + tag_key=key["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_tags\\_tag\\_key\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.tags.TagKeyIamMember("member", + tag_key=key["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -495,12 +584,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -511,6 +595,10 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagKeyIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -539,6 +627,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -556,18 +657,6 @@ def role(self) -> pulumi.Output[str]: def tag_key(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_key") diff --git a/sdk/python/pulumi_gcp/tags/tag_key_iam_policy.py b/sdk/python/pulumi_gcp/tags/tag_key_iam_policy.py index 187c8360c2..68ff5a402c 100644 --- a/sdk/python/pulumi_gcp/tags/tag_key_iam_policy.py +++ b/sdk/python/pulumi_gcp/tags/tag_key_iam_policy.py @@ -21,18 +21,6 @@ def __init__(__self__, *, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "tag_key", tag_key) @@ -55,18 +43,6 @@ def policy_data(self, value: pulumi.Input[str]): def tag_key(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_key") @@ -87,18 +63,6 @@ def __init__(__self__, *, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -137,18 +101,6 @@ def policy_data(self, value: Optional[pulumi.Input[str]]): def tag_key(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_key") @@ -225,6 +177,51 @@ def __init__(__self__, ``` + ## google\\_tags\\_tag\\_key\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.tags.TagKeyIamPolicy("policy", + tag_key=key["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_tags\\_tag\\_key\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.tags.TagKeyIamBinding("binding", + tag_key=key["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_tags\\_tag\\_key\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.tags.TagKeyIamMember("member", + tag_key=key["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -264,18 +261,6 @@ def __init__(__self__, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -343,6 +328,51 @@ def __init__(__self__, ``` + ## google\\_tags\\_tag\\_key\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.tags.TagKeyIamPolicy("policy", + tag_key=key["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_tags\\_tag\\_key\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.tags.TagKeyIamBinding("binding", + tag_key=key["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_tags\\_tag\\_key\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.tags.TagKeyIamMember("member", + tag_key=key["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -434,18 +464,6 @@ def get(resource_name: str, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] tag_key: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -478,18 +496,6 @@ def policy_data(self) -> pulumi.Output[str]: def tag_key(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_key") diff --git a/sdk/python/pulumi_gcp/tags/tag_value_iam_binding.py b/sdk/python/pulumi_gcp/tags/tag_value_iam_binding.py index 27c891eb58..e1d1cf6f56 100644 --- a/sdk/python/pulumi_gcp/tags/tag_value_iam_binding.py +++ b/sdk/python/pulumi_gcp/tags/tag_value_iam_binding.py @@ -22,12 +22,7 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['TagValueIamBindingConditionArgs']] = None): """ The set of arguments for constructing a TagValueIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -38,6 +33,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -48,6 +47,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -73,18 +85,6 @@ def role(self, value: pulumi.Input[str]): def tag_value(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_value") @@ -113,12 +113,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering TagValueIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -129,6 +124,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to """ if condition is not None: pulumi.set(__self__, "condition", condition) @@ -165,6 +164,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -190,18 +202,6 @@ def role(self, value: Optional[pulumi.Input[str]]): def tag_value(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_value") @@ -280,6 +280,51 @@ def __init__(__self__, ``` + ## google\\_tags\\_tag\\_value\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.tags.TagValueIamPolicy("policy", + tag_value=value["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_tags\\_tag\\_value\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.tags.TagValueIamBinding("binding", + tag_value=value["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_tags\\_tag\\_value\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.tags.TagValueIamMember("member", + tag_value=value["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -316,12 +361,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -332,6 +372,10 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to """ ... @overload @@ -399,6 +443,51 @@ def __init__(__self__, ``` + ## google\\_tags\\_tag\\_value\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.tags.TagValueIamPolicy("policy", + tag_value=value["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_tags\\_tag\\_value\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.tags.TagValueIamBinding("binding", + tag_value=value["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_tags\\_tag\\_value\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.tags.TagValueIamMember("member", + tag_value=value["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -495,12 +584,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -511,6 +595,10 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -539,6 +627,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @property @@ -556,18 +657,6 @@ def role(self) -> pulumi.Output[str]: def tag_value(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_value") diff --git a/sdk/python/pulumi_gcp/tags/tag_value_iam_member.py b/sdk/python/pulumi_gcp/tags/tag_value_iam_member.py index 5399e29e0a..e4f5bb8909 100644 --- a/sdk/python/pulumi_gcp/tags/tag_value_iam_member.py +++ b/sdk/python/pulumi_gcp/tags/tag_value_iam_member.py @@ -22,12 +22,7 @@ def __init__(__self__, *, condition: Optional[pulumi.Input['TagValueIamMemberConditionArgs']] = None): """ The set of arguments for constructing a TagValueIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -38,6 +33,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -48,6 +47,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -73,18 +85,6 @@ def role(self, value: pulumi.Input[str]): def tag_value(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_value") @@ -113,12 +113,7 @@ def __init__(__self__, *, """ Input properties used for looking up and filtering TagValueIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -129,6 +124,10 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to """ if condition is not None: pulumi.set(__self__, "condition", condition) @@ -165,6 +164,19 @@ def etag(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -190,18 +202,6 @@ def role(self, value: Optional[pulumi.Input[str]]): def tag_value(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_value") @@ -280,6 +280,51 @@ def __init__(__self__, ``` + ## google\\_tags\\_tag\\_value\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.tags.TagValueIamPolicy("policy", + tag_value=value["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_tags\\_tag\\_value\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.tags.TagValueIamBinding("binding", + tag_value=value["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_tags\\_tag\\_value\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.tags.TagValueIamMember("member", + tag_value=value["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -316,12 +361,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -332,6 +372,10 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to """ ... @overload @@ -399,6 +443,51 @@ def __init__(__self__, ``` + ## google\\_tags\\_tag\\_value\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.tags.TagValueIamPolicy("policy", + tag_value=value["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_tags\\_tag\\_value\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.tags.TagValueIamBinding("binding", + tag_value=value["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_tags\\_tag\\_value\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.tags.TagValueIamMember("member", + tag_value=value["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -495,12 +584,7 @@ def get(resource_name: str, :param pulumi.Input[str] id: The unique provider ID of the resource to lookup. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. - :param pulumi.Input[str] role: The role that should be applied. Only one - `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -511,6 +595,10 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `tags.TagValueIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -539,6 +627,19 @@ def etag(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @property @@ -556,18 +657,6 @@ def role(self) -> pulumi.Output[str]: def tag_value(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_value") diff --git a/sdk/python/pulumi_gcp/tags/tag_value_iam_policy.py b/sdk/python/pulumi_gcp/tags/tag_value_iam_policy.py index 67eb822674..97ea1a6683 100644 --- a/sdk/python/pulumi_gcp/tags/tag_value_iam_policy.py +++ b/sdk/python/pulumi_gcp/tags/tag_value_iam_policy.py @@ -21,18 +21,6 @@ def __init__(__self__, *, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "tag_value", tag_value) @@ -55,18 +43,6 @@ def policy_data(self, value: pulumi.Input[str]): def tag_value(self) -> pulumi.Input[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_value") @@ -87,18 +63,6 @@ def __init__(__self__, *, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -137,18 +101,6 @@ def policy_data(self, value: Optional[pulumi.Input[str]]): def tag_value(self) -> Optional[pulumi.Input[str]]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_value") @@ -225,6 +177,51 @@ def __init__(__self__, ``` + ## google\\_tags\\_tag\\_value\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.tags.TagValueIamPolicy("policy", + tag_value=value["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_tags\\_tag\\_value\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.tags.TagValueIamBinding("binding", + tag_value=value["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_tags\\_tag\\_value\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.tags.TagValueIamMember("member", + tag_value=value["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -264,18 +261,6 @@ def __init__(__self__, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -343,6 +328,51 @@ def __init__(__self__, ``` + ## google\\_tags\\_tag\\_value\\_iam\\_policy + + + ```python + import pulumi + import pulumi_gcp as gcp + + admin = gcp.organizations.get_iam_policy(bindings=[gcp.organizations.GetIAMPolicyBindingArgs( + role="roles/viewer", + members=["user:jane@example.com"], + )]) + policy = gcp.tags.TagValueIamPolicy("policy", + tag_value=value["name"], + policy_data=admin.policy_data) + ``` + + + ## google\\_tags\\_tag\\_value\\_iam\\_binding + + + ```python + import pulumi + import pulumi_gcp as gcp + + binding = gcp.tags.TagValueIamBinding("binding", + tag_value=value["name"], + role="roles/viewer", + members=["user:jane@example.com"]) + ``` + + + ## google\\_tags\\_tag\\_value\\_iam\\_member + + + ```python + import pulumi + import pulumi_gcp as gcp + + member = gcp.tags.TagValueIamMember("member", + tag_value=value["name"], + role="roles/viewer", + member="user:jane@example.com") + ``` + + ## Import For all import syntaxes, the "resource in question" can take any of the following forms: @@ -434,18 +464,6 @@ def get(resource_name: str, :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. :param pulumi.Input[str] tag_value: Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -478,18 +496,6 @@ def policy_data(self) -> pulumi.Output[str]: def tag_value(self) -> pulumi.Output[str]: """ Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "tag_value") diff --git a/sdk/python/pulumi_gcp/vertex/ai_feature_store_entity_type_iam_binding.py b/sdk/python/pulumi_gcp/vertex/ai_feature_store_entity_type_iam_binding.py index 42bbda4014..8a720e769a 100644 --- a/sdk/python/pulumi_gcp/vertex/ai_feature_store_entity_type_iam_binding.py +++ b/sdk/python/pulumi_gcp/vertex/ai_feature_store_entity_type_iam_binding.py @@ -25,8 +25,7 @@ def __init__(__self__, *, The set of arguments for constructing a AiFeatureStoreEntityTypeIamBinding resource. :param pulumi.Input[str] entitytype: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] featurestore: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -65,8 +64,18 @@ def entitytype(self, value: pulumi.Input[str]): def featurestore(self) -> pulumi.Input[str]: """ The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "featurestore") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @featurestore.setter + def featurestore(self, value: pulumi.Input[str]): + pulumi.set(self, "featurestore", value) + + @property + @pulumi.getter + def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -78,15 +87,6 @@ def featurestore(self) -> pulumi.Input[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ - return pulumi.get(self, "featurestore") - - @featurestore.setter - def featurestore(self, value: pulumi.Input[str]): - pulumi.set(self, "featurestore", value) - - @property - @pulumi.getter - def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: return pulumi.get(self, "members") @members.setter @@ -131,8 +131,7 @@ def __init__(__self__, *, :param pulumi.Input[str] entitytype: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] featurestore: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -198,8 +197,18 @@ def etag(self, value: Optional[pulumi.Input[str]]): def featurestore(self) -> Optional[pulumi.Input[str]]: """ The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "featurestore") + + @featurestore.setter + def featurestore(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "featurestore", value) - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -211,15 +220,6 @@ def featurestore(self) -> Optional[pulumi.Input[str]]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ - return pulumi.get(self, "featurestore") - - @featurestore.setter - def featurestore(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "featurestore", value) - - @property - @pulumi.getter - def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: return pulumi.get(self, "members") @members.setter @@ -291,8 +291,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] entitytype: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] featurestore: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -417,8 +416,7 @@ def get(resource_name: str, :param pulumi.Input[str] entitytype: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] featurestore: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -471,8 +469,14 @@ def etag(self) -> pulumi.Output[str]: def featurestore(self) -> pulumi.Output[str]: """ The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "featurestore") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def members(self) -> pulumi.Output[Sequence[str]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -484,11 +488,6 @@ def featurestore(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ - return pulumi.get(self, "featurestore") - - @property - @pulumi.getter - def members(self) -> pulumi.Output[Sequence[str]]: return pulumi.get(self, "members") @property diff --git a/sdk/python/pulumi_gcp/vertex/ai_feature_store_entity_type_iam_member.py b/sdk/python/pulumi_gcp/vertex/ai_feature_store_entity_type_iam_member.py index 68b2f03be4..d672f43adf 100644 --- a/sdk/python/pulumi_gcp/vertex/ai_feature_store_entity_type_iam_member.py +++ b/sdk/python/pulumi_gcp/vertex/ai_feature_store_entity_type_iam_member.py @@ -25,8 +25,7 @@ def __init__(__self__, *, The set of arguments for constructing a AiFeatureStoreEntityTypeIamMember resource. :param pulumi.Input[str] entitytype: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] featurestore: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -65,8 +64,18 @@ def entitytype(self, value: pulumi.Input[str]): def featurestore(self) -> pulumi.Input[str]: """ The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "featurestore") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @featurestore.setter + def featurestore(self, value: pulumi.Input[str]): + pulumi.set(self, "featurestore", value) + + @property + @pulumi.getter + def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -78,15 +87,6 @@ def featurestore(self) -> pulumi.Input[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ - return pulumi.get(self, "featurestore") - - @featurestore.setter - def featurestore(self, value: pulumi.Input[str]): - pulumi.set(self, "featurestore", value) - - @property - @pulumi.getter - def member(self) -> pulumi.Input[str]: return pulumi.get(self, "member") @member.setter @@ -131,8 +131,7 @@ def __init__(__self__, *, :param pulumi.Input[str] entitytype: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] featurestore: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -198,8 +197,18 @@ def etag(self, value: Optional[pulumi.Input[str]]): def featurestore(self) -> Optional[pulumi.Input[str]]: """ The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "featurestore") + + @featurestore.setter + def featurestore(self, value: Optional[pulumi.Input[str]]): + pulumi.set(self, "featurestore", value) - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -211,15 +220,6 @@ def featurestore(self) -> Optional[pulumi.Input[str]]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ - return pulumi.get(self, "featurestore") - - @featurestore.setter - def featurestore(self, value: Optional[pulumi.Input[str]]): - pulumi.set(self, "featurestore", value) - - @property - @pulumi.getter - def member(self) -> Optional[pulumi.Input[str]]: return pulumi.get(self, "member") @member.setter @@ -291,8 +291,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] entitytype: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] featurestore: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -417,8 +416,7 @@ def get(resource_name: str, :param pulumi.Input[str] entitytype: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] featurestore: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -471,8 +469,14 @@ def etag(self) -> pulumi.Output[str]: def featurestore(self) -> pulumi.Output[str]: """ The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to + """ + return pulumi.get(self, "featurestore") - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + @property + @pulumi.getter + def member(self) -> pulumi.Output[str]: + """ + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -484,11 +488,6 @@ def featurestore(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ - return pulumi.get(self, "featurestore") - - @property - @pulumi.getter - def member(self) -> pulumi.Output[str]: return pulumi.get(self, "member") @property diff --git a/sdk/python/pulumi_gcp/vertex/ai_feature_store_entity_type_iam_policy.py b/sdk/python/pulumi_gcp/vertex/ai_feature_store_entity_type_iam_policy.py index d4579da46f..ec9dfa92fe 100644 --- a/sdk/python/pulumi_gcp/vertex/ai_feature_store_entity_type_iam_policy.py +++ b/sdk/python/pulumi_gcp/vertex/ai_feature_store_entity_type_iam_policy.py @@ -21,18 +21,6 @@ def __init__(__self__, *, The set of arguments for constructing a AiFeatureStoreEntityTypeIamPolicy resource. :param pulumi.Input[str] entitytype: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] featurestore: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -57,18 +45,6 @@ def entitytype(self, value: pulumi.Input[str]): def featurestore(self) -> pulumi.Input[str]: """ The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "featurestore") @@ -102,18 +78,6 @@ def __init__(__self__, *, :param pulumi.Input[str] entitytype: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] featurestore: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -155,18 +119,6 @@ def etag(self, value: Optional[pulumi.Input[str]]): def featurestore(self) -> Optional[pulumi.Input[str]]: """ The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "featurestore") @@ -236,18 +188,6 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] entitytype: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] featurestore: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -353,18 +293,6 @@ def get(resource_name: str, :param pulumi.Input[str] entitytype: Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] featurestore: The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] policy_data: The policy data generated by a `organizations_get_iam_policy` data source. """ @@ -399,18 +327,6 @@ def etag(self) -> pulumi.Output[str]: def featurestore(self) -> pulumi.Output[str]: """ The name of the Featurestore to use, in the format projects/{project}/locations/{location}/featurestores/{featurestore}. Used to find the parent resource to bind the IAM policy to - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "featurestore") diff --git a/sdk/python/pulumi_gcp/vertex/ai_feature_store_iam_binding.py b/sdk/python/pulumi_gcp/vertex/ai_feature_store_iam_binding.py index 58e615c29d..0259e73df0 100644 --- a/sdk/python/pulumi_gcp/vertex/ai_feature_store_iam_binding.py +++ b/sdk/python/pulumi_gcp/vertex/ai_feature_store_iam_binding.py @@ -25,13 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a AiFeatureStoreIamBinding resource. :param pulumi.Input[str] featurestore: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `vertex.AiFeatureStoreIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +36,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `vertex.AiFeatureStoreIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -71,6 +70,19 @@ def featurestore(self, value: pulumi.Input[str]): @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -106,18 +118,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,10 +154,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering AiFeatureStoreIamBinding resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] featurestore: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +165,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -226,6 +225,19 @@ def featurestore(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -238,18 +250,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -340,10 +340,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] featurestore: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -354,6 +351,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -475,10 +474,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] featurestore: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -489,6 +485,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -533,16 +531,8 @@ def featurestore(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -554,6 +544,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/vertex/ai_feature_store_iam_member.py b/sdk/python/pulumi_gcp/vertex/ai_feature_store_iam_member.py index 718430873c..468f4c77b5 100644 --- a/sdk/python/pulumi_gcp/vertex/ai_feature_store_iam_member.py +++ b/sdk/python/pulumi_gcp/vertex/ai_feature_store_iam_member.py @@ -25,13 +25,7 @@ def __init__(__self__, *, """ The set of arguments for constructing a AiFeatureStoreIamMember resource. :param pulumi.Input[str] featurestore: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] role: The role that should be applied. Only one - `vertex.AiFeatureStoreIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -42,6 +36,11 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `vertex.AiFeatureStoreIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -71,6 +70,19 @@ def featurestore(self, value: pulumi.Input[str]): @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -106,18 +118,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -154,10 +154,7 @@ def __init__(__self__, *, Input properties used for looking up and filtering AiFeatureStoreIamMember resources. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] featurestore: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -168,6 +165,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -226,6 +225,19 @@ def featurestore(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -238,18 +250,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -340,10 +340,7 @@ def __init__(__self__, :param str resource_name: The name of the resource. :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] featurestore: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -354,6 +351,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -475,10 +474,7 @@ def get(resource_name: str, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] featurestore: Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -489,6 +485,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] region: The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -533,16 +531,8 @@ def featurestore(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -554,6 +544,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/vertex/ai_feature_store_iam_policy.py b/sdk/python/pulumi_gcp/vertex/ai_feature_store_iam_policy.py index f9ec93d933..9a119633e6 100644 --- a/sdk/python/pulumi_gcp/vertex/ai_feature_store_iam_policy.py +++ b/sdk/python/pulumi_gcp/vertex/ai_feature_store_iam_policy.py @@ -25,18 +25,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -79,18 +67,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -129,18 +105,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -199,18 +163,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -289,18 +241,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -415,18 +355,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" :param pulumi.Input[str] region: The region of the dataset. eg us-central1 Used to find the parent resource to bind the IAM policy to. If not specified, the value will be parsed from the identifier of the parent resource. If no region is provided in the parent identifier and no region is specified, it is taken from the provider configuration. @@ -473,18 +401,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/workstations/workstation_config_iam_binding.py b/sdk/python/pulumi_gcp/workstations/workstation_config_iam_binding.py index cc1fd7ac0f..2788827010 100644 --- a/sdk/python/pulumi_gcp/workstations/workstation_config_iam_binding.py +++ b/sdk/python/pulumi_gcp/workstations/workstation_config_iam_binding.py @@ -25,15 +25,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a WorkstationConfigIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location where the workstation cluster config should reside. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +36,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location where the workstation cluster config should reside. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -59,6 +58,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -125,18 +137,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -161,10 +161,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the workstation cluster config should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -175,6 +172,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -233,6 +232,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -353,10 +353,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location where the workstation cluster config should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -367,6 +364,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -491,10 +490,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the workstation cluster config should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -505,6 +501,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -548,16 +546,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -569,6 +559,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/workstations/workstation_config_iam_member.py b/sdk/python/pulumi_gcp/workstations/workstation_config_iam_member.py index c01a7df6f1..fadf94d5d5 100644 --- a/sdk/python/pulumi_gcp/workstations/workstation_config_iam_member.py +++ b/sdk/python/pulumi_gcp/workstations/workstation_config_iam_member.py @@ -25,15 +25,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a WorkstationConfigIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location where the workstation cluster config should reside. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -44,6 +36,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location where the workstation cluster config should reside. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -59,6 +58,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -125,18 +137,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -161,10 +161,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the workstation cluster config should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -175,6 +172,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -233,6 +232,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -245,18 +257,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -353,10 +353,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location where the workstation cluster config should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -367,6 +364,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -491,10 +490,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the workstation cluster config should reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -505,6 +501,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `workstations.WorkstationConfigIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -548,16 +546,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -569,6 +559,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/workstations/workstation_config_iam_policy.py b/sdk/python/pulumi_gcp/workstations/workstation_config_iam_policy.py index 145ecaa51e..7cc4e56c08 100644 --- a/sdk/python/pulumi_gcp/workstations/workstation_config_iam_policy.py +++ b/sdk/python/pulumi_gcp/workstations/workstation_config_iam_policy.py @@ -27,18 +27,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "workstation_cluster_id", workstation_cluster_id) @@ -98,18 +86,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -136,18 +112,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -206,18 +170,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -302,18 +254,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -431,18 +371,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -488,18 +416,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") diff --git a/sdk/python/pulumi_gcp/workstations/workstation_iam_binding.py b/sdk/python/pulumi_gcp/workstations/workstation_iam_binding.py index 75c166615a..49f2ffa331 100644 --- a/sdk/python/pulumi_gcp/workstations/workstation_iam_binding.py +++ b/sdk/python/pulumi_gcp/workstations/workstation_iam_binding.py @@ -26,15 +26,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a WorkstationIamBinding resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location where the workstation parent resources reside. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -45,6 +37,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location where the workstation parent resources reside. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "members", members) pulumi.set(__self__, "role", role) @@ -61,6 +60,19 @@ def __init__(__self__, *, @property @pulumi.getter def members(self) -> pulumi.Input[Sequence[pulumi.Input[str]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -136,18 +148,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -173,10 +173,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the workstation parent resources reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -187,6 +184,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -247,6 +246,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def members(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[str]]]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "members") @members.setter @@ -259,18 +271,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -377,10 +377,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location where the workstation parent resources reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -391,6 +388,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -520,10 +519,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the workstation parent resources reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[Sequence[pulumi.Input[str]]] members: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -534,6 +530,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -578,16 +576,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def members(self) -> pulumi.Output[Sequence[str]]: - return pulumi.get(self, "members") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -599,6 +589,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "members") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/workstations/workstation_iam_member.py b/sdk/python/pulumi_gcp/workstations/workstation_iam_member.py index e0900e1cc7..16d6820e1b 100644 --- a/sdk/python/pulumi_gcp/workstations/workstation_iam_member.py +++ b/sdk/python/pulumi_gcp/workstations/workstation_iam_member.py @@ -26,15 +26,7 @@ def __init__(__self__, *, project: Optional[pulumi.Input[str]] = None): """ The set of arguments for constructing a WorkstationIamMember resource. - :param pulumi.Input[str] role: The role that should be applied. Only one - `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format - `[projects|organizations]/{parent-name}/roles/{role-name}`. - :param pulumi.Input[str] location: The location where the workstation parent resources reside. - Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -45,6 +37,13 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] role: The role that should be applied. Only one + `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + :param pulumi.Input[str] location: The location where the workstation parent resources reside. + Used to find the parent resource to bind the IAM policy to + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. """ pulumi.set(__self__, "member", member) pulumi.set(__self__, "role", role) @@ -61,6 +60,19 @@ def __init__(__self__, *, @property @pulumi.getter def member(self) -> pulumi.Input[str]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -136,18 +148,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -173,10 +173,7 @@ def __init__(__self__, *, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the workstation parent resources reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -187,6 +184,8 @@ def __init__(__self__, *, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -247,6 +246,19 @@ def location(self, value: Optional[pulumi.Input[str]]): @property @pulumi.getter def member(self) -> Optional[pulumi.Input[str]]: + """ + Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" + * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" + * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + """ return pulumi.get(self, "member") @member.setter @@ -259,18 +271,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -377,10 +377,7 @@ def __init__(__self__, :param pulumi.ResourceOptions opts: Options for the resource. :param pulumi.Input[str] location: The location where the workstation parent resources reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -391,6 +388,8 @@ def __init__(__self__, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -520,10 +519,7 @@ def get(resource_name: str, :param pulumi.Input[str] etag: (Computed) The etag of the IAM policy. :param pulumi.Input[str] location: The location where the workstation parent resources reside. Used to find the parent resource to bind the IAM policy to - :param pulumi.Input[str] project: The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + :param pulumi.Input[str] member: Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -534,6 +530,8 @@ def get(resource_name: str, * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" + :param pulumi.Input[str] project: The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. :param pulumi.Input[str] role: The role that should be applied. Only one `workstations.WorkstationIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`. @@ -578,16 +576,8 @@ def location(self) -> pulumi.Output[str]: @property @pulumi.getter def member(self) -> pulumi.Output[str]: - return pulumi.get(self, "member") - - @property - @pulumi.getter - def project(self) -> pulumi.Output[str]: """ - The ID of the project in which the resource belongs. - If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. + Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. @@ -599,6 +589,15 @@ def project(self) -> pulumi.Output[str]: * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ + return pulumi.get(self, "member") + + @property + @pulumi.getter + def project(self) -> pulumi.Output[str]: + """ + The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + """ return pulumi.get(self, "project") @property diff --git a/sdk/python/pulumi_gcp/workstations/workstation_iam_policy.py b/sdk/python/pulumi_gcp/workstations/workstation_iam_policy.py index b850c610ff..8d7dac0440 100644 --- a/sdk/python/pulumi_gcp/workstations/workstation_iam_policy.py +++ b/sdk/python/pulumi_gcp/workstations/workstation_iam_policy.py @@ -28,18 +28,6 @@ def __init__(__self__, *, Used to find the parent resource to bind the IAM policy to :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ pulumi.set(__self__, "policy_data", policy_data) pulumi.set(__self__, "workstation_cluster_id", workstation_cluster_id) @@ -109,18 +97,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -148,18 +124,6 @@ def __init__(__self__, *, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ if etag is not None: pulumi.set(__self__, "etag", etag) @@ -220,18 +184,6 @@ def project(self) -> Optional[pulumi.Input[str]]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project") @@ -326,18 +278,6 @@ def __init__(__self__, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ ... @overload @@ -460,18 +400,6 @@ def get(resource_name: str, a `organizations_get_iam_policy` data source. :param pulumi.Input[str] project: The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id)) @@ -518,18 +446,6 @@ def project(self) -> pulumi.Output[str]: """ The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. - - * `member/members` - (Required) Identities that will be granted the privilege in `role`. - Each entry can have one of the following values: - * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. - * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. - * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. - * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. - * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. - * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. - * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" - * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" - * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project" """ return pulumi.get(self, "project")